Helloha,
been a while. A lot has happened. Hope y’all have been staying well. The satellite is finally finished & handover is complete. Now the team is currently recuperating in what I’d call an interlude, as we await our next project from R&D. Been competing in a couple of CTFs as well, with both great & poor performance. For one, I was practically useless since they have no reverse engineering challenges. Between these & that, I probably cannot recount most …
good hullo,
Second week of hell is over. Yet I can’t get a break quite yet since work has piled up. Thankfully it’s much lighter & can be cleared within a few days. Then I’ll hopefully be able to write to my heart’s content.
Finished developing some sort of comm program that utilizes AX25. It feels enlightening to be able to learn more by directly programming at this level of the OSI, which is between 2 & 3 or a bit of both. Reading up on all the …
First week of hell has passed. Training for CTFs did pay off, as I solved a decent amount of challenges in a recent CTF. I must say, though, that many reverse engineering/binary exploitation challenges are not very reflective of their titles. One rev chall had a flashing gif that represented some sort of communication over UART & we had to decipher it. On the other hand, there was another where we were given a source code meant to run on an unknown machine that will give us the flag on …
Read more...good hullo,
this will be a very busy week so expect to hear from me starting next week. rlly sry.
anzu-tan, uoogh.
Today I read more of Smashing The Stack For Fun & Profit, & made substantial progress. Unfortunately did not manage to finish it, but I think I have regained a firm grasp on buffer overflows. After overwriting the return address of the caller stack frame alongside the parameters of the current, we can use the stack frame owning the vulnerable buffer to store shellcode. We can direct the return address we control to the start of our shell code as well. I found their shellcode …
Read more...Figured that I should revisit my basics since I want to seriously revamp my binary exploitation skills. Now, I am not disregarding my malware analysis, reverse engineering, or other stuff. Actually, I think I will be having mathematics, astronomy, & philosophy take a back seat here, & let school teach that instead. To be honest, I was honestly hoping to clock in some mal-analysis but I am in the midst of backing up my mal-analysis setup since I nuked my preestablished snapshots. …
Read more... Oh my word, I am being cooked by classes. Forget twice a week, I might start struggling with weekly uploads. I am at least glad to be able to write this out now. Sad thing is though, that since so much of my time is occupied with schoolwork, there is not as many interesting things to talk about. Less time for passion projects mean less time to want to write about passionate stuff too. Hopefully what little of my endeavors left still make for an interesting read.
One thing that really …
Am finally able to use z3 functionally. After trials where I made a caesar solver & read around its API, I have successfully applied it to a crackme. This was Zero Solution from crackmes.one. I feel that the author had a single password in mind, but I managed to find countless solutions. Through the usual utility tools & radare2 framework, I managed to decipher the structure of the program, then investigated the interesting functions through Ghidra. From there, setting up z3 …
Read more...Got up to something slightly different today. I decided to try configuring an ssh host on raspi. Configuring ssh was easy enough, so I had to make things secure. I tried to jail the user using jailkit, but it wasn’t playing too nicely given that everytime I try to su to the jailed user, nothing actually happens. I then followed a manual guide I found online. Create directory, secure directory, create user appropriately, & tune ssh. It seemed deceptively easy & worked …
Read more... Looks like I’ve already broken my promise. The server went kapoot so I didn’t have much time to spare. Also doesn’t help that my life isn’t too exciting anyways. Hopefully starting now I can keep an upload rate of 2/week at least.
I am starting to get the hang of Z3. I still have much to learn enough for practical use in reverse engineering, but I am sure (cope) that it will happen. The guide I followed explained enough that I understand the inner workings …