some chaos for you

Challenge: Holiday Hack Objective 11b

Category: pwn?? blockchain??

We are given part of a blockchain and told there is an altered block somewhere. The goal was to find the four altered bytes in the new block and change it back to their original values, or essentially, reproduce the original block…

Challenge: Holiday Hack Objective 11a

Category: pwn?? blockchain??

We are given a part of a blockchain and told to predict the nonce of block 130000. Since every block prior to the 130000th has a nonce, we can use the pseudo-randomness of these numbers to predict the future ones. …

Challenge: Impossible Password

Category: reverse engineering

We are given a file called “impossible_password.bin”. Using xxd, I looked at the header of the file and found out that it was actually an ELF which meant that it could be executed. …

Challenge: WebNet0

Category: Forensics

We are given a Wireshark packet capture file called “capture.pcap” and an RSA key called “picopico.key”. When you open capture.pcap in Wireshark you see a TLS stream that is likely to hold the flag somewhere in it.

When you follow the TLS stream, you can tell that it’s…

Challenge: Investigative Reversing 3

Category: reverse engineering and forensics

We are given a binary called “mystery” and an image named “encoded.bmp”. When I opened mystery in IDA, I saw that three files were being opened, two that are being read from (flag.txt and original.bmp) and one that is being appended to (encoded.bmp). …

Challenge: messy-malloc

Category: binary exploitation

We are given a binary and it’s source code called “auth” and “auth.c”. By looking at auth.c, you can tell that this program is essentially a simple authentication program. …

Challenge: OTP Implementation

Category: reverse engineering

We are given a binary called “otp” and a text file called “flag.txt”. If you execute otp, you will notice that you need to pass a key as an argument in order for the program to run. When I opened otp in IDA, I saw that this…

Challenge: vault-door-6

Category: reverse engineering

We are given java source code called “VaultDoor6.java”. Inside this file there is a password system, where if you input the correct password (or the flag) an “Access granted” message will be printed. …

Challenge: Need For Speed

Category: reverse engineering

We are given a binary called “need-for-speed”. When you first run the program, there is no needed input from the user. The program simply starts generating a key, but exits before the process is finished with the message “Not fast enough. BOOM!”. …

9710810511512197

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store