Reverse Engineering


Yellow Belt (ASU CSE 466)

Dates

Assigned: September 22, 2022 at 1:00pm (Arizona time)
(solves before this date will not appear on the default scoreboard)

Due: October 13, 2022 at 11:00am UTC-07:00 (Arizona time)
(after this date, the live session of the dojo will move on to the next module, though solves will still count for scoreboard ranking)

For ASU extra credit due dates, please log in with an @asu.edu email address.


Lectures and Reading







There are many resources related to reverse engineering around the internet.

  • A good place to start is a series of walkthroughs of several hacking challenges by ASU's own Adam Doupe on his YouTube channel.
  • A comprehensive revese engineering tutorial series.

As mentioned in the slides, there are a number of useful tools for this assignment! Here is a (non-exhaustive) list:

  • gdb will let you run and inspect the state of these programs. Please check out the Debugging Refresher module. We have also provided a quick briefer here. Some useful gdb concepts:
    • Know the difference between step instruction (si) and next instruction (ni). It boils down to the fact that si will follow jumps, and ni will step over jumps. This means that if you use si, you will quickly find yourself crawling through libc code, which is insane and unnecessary.
    • You can use x/i $rip to disassemble the next instruction that will be executed. You can call display/i $rip to make the next instruction display every time gdb prompts you for input. You can also do x/2i and display/2i to print two (or other quantities of) instructions.
    • The disas command will disassemble the current function that you are looking at.
    • gdb can be scripted! Look up conditional breakpoints and scriptable breakpoints in the gdb manual.
    • Modern binaries are position independent, meaning that they can be loaded anywhere in memory when they run. GDB will load them at the offset 0x555555554000. This means that if objdump is telling you that main starts at some address like, 0x100, the address when debugging with GDB will be 0x555555554100
  • strings will list printable strings in the file. This is useful for looking for constant strings that the program checks for (such as file names and so on) in the course of getting input. Keep in mind that the options for string include a minimum size that it will print.
  • Don't forget about pwntools! You will need to interact heavily with these programs. Do it right (with pwntools).
  • rappel is a nice tool to help you figure out what certain instructions do.
  • Tools for reverse engineering actual binaries:
    • IDA, accessible via the Desktop in the dojo, is the industry standard of reverse-engineering tools.
    • Ghidra, also accessible via the Desktop in the dojo, is an open source direct competitor to IDA that is used and loved by many.
    • angr-management, also accessible via the Desktop in the dojo, is an open source up-and-coming reversing tool with some advanced functionality.
    • Binary Ninja Cloud, accessible separately through your web browser, is a free binary reverse engineering tool.
    • In a pinch, objdump -d -M intel the_binary will disassemble the binary you want to look at. -M intel, in that command, makes objdump give you nice and readable Intel assembly syntax.


Challenges

Reverse engineer this challenge to find the correct license key.

This is a teaching challenge, which means that it will print out useful information to help you solve it! You still need to solve it for the score and grade, though!

Reverse engineer this challenge to find the correct license key.

This is a testing challenge, which means that it pulls no punches! Solve it for grades, glory, and the scoreboard!

Reverse engineer this challenge to find the correct license key, but your input will be modified somehow before being compared to the correct key.

This is a teaching challenge, which means that it will print out useful information to help you solve it! You still need to solve it for the score and grade, though!

Reverse engineer this challenge to find the correct license key, but your input will be modified somehow before being compared to the correct key.

This is a testing challenge, which means that it pulls no punches! Solve it for grades, glory, and the scoreboard!

Reverse engineer this challenge to find the correct license key, but your input will be modified somehow before being compared to the correct key.

This is a teaching challenge, which means that it will print out useful information to help you solve it! You still need to solve it for the score and grade, though!

Reverse engineer this challenge to find the correct license key, but your input will be modified somehow before being compared to the correct key.

This is a testing challenge, which means that it pulls no punches! Solve it for grades, glory, and the scoreboard!

Reverse engineer this challenge to find the correct license key, but your input will be modified somehow before being compared to the correct key.

This is a teaching challenge, which means that it will print out useful information to help you solve it! You still need to solve it for the score and grade, though!

Reverse engineer this challenge to find the correct license key, but your input will be modified somehow before being compared to the correct key.

This is a testing challenge, which means that it pulls no punches! Solve it for grades, glory, and the scoreboard!

Reverse engineer this challenge to find the correct license key, but your input will be modified somehow before being compared to the correct key.

This is a teaching challenge, which means that it will print out useful information to help you solve it! You still need to solve it for the score and grade, though!

Reverse engineer this challenge to find the correct license key, but your input will be modified somehow before being compared to the correct key.

This is a testing challenge, which means that it pulls no punches! Solve it for grades, glory, and the scoreboard!

Reverse engineer this challenge to find the correct license key, but your input will be modified somehow before being compared to the correct key.

This is a teaching challenge, which means that it will print out useful information to help you solve it! You still need to solve it for the score and grade, though!

Reverse engineer this challenge to find the correct license key, but your input will be modified somehow before being compared to the correct key.

This is a testing challenge, which means that it pulls no punches! Solve it for grades, glory, and the scoreboard!

Reverse engineer this challenge to find the correct license key, but your input will be modified somehow before being compared to the correct key.

This is a teaching challenge, which means that it will print out useful information to help you solve it! You still need to solve it for the score and grade, though!

Reverse engineer this challenge to find the correct license key, but your input will be modified somehow before being compared to the correct key.

This is a testing challenge, which means that it pulls no punches! Solve it for grades, glory, and the scoreboard!

Reverse engineer this challenge to find the correct license key, but your input will be modified somehow before being compared to the correct key.

This is a teaching challenge, which means that it will print out useful information to help you solve it! You still need to solve it for the score and grade, though!

Reverse engineer this challenge to find the correct license key, but your input will be modified somehow before being compared to the correct key.

This is a testing challenge, which means that it pulls no punches! Solve it for grades, glory, and the scoreboard!

Reverse engineer this challenge to find the correct license key, but your input will be modified somehow before being compared to the correct key. This challenge allows you to patch 5 bytes in the binary.

This is a teaching challenge, which means that it will print out useful information to help you solve it! You still need to solve it for the score and grade, though!

Reverse engineer this challenge to find the correct license key, but your input will be modified somehow before being compared to the correct key. This challenge allows you to patch 5 bytes in the binary.

This is a testing challenge, which means that it pulls no punches! Solve it for grades, glory, and the scoreboard!

Reverse engineer this challenge to find the correct license key, but your input will be modified somehow before being compared to the correct key. This challenge allows you to patch 1 byte in the binary.

This is a teaching challenge, which means that it will print out useful information to help you solve it! You still need to solve it for the score and grade, though!

Reverse engineer this challenge to find the correct license key, but your input will be modified somehow before being compared to the correct key. This challenge allows you to patch 1 byte in the binary.

This is a testing challenge, which means that it pulls no punches! Solve it for grades, glory, and the scoreboard!

Reverse engineer this challenge to find the correct license key, but your input will be modified somehow before being compared to the correct key. This challenge allows you to patch 2 bytes in the binary, but performs an integrity check afterwards.

This is a teaching challenge, which means that it will print out useful information to help you solve it! You still need to solve it for the score and grade, though!

Reverse engineer this challenge to find the correct license key, but your input will be modified somehow before being compared to the correct key. This challenge allows you to patch 2 bytes in the binary, but performs an integrity check afterwards.

This is a testing challenge, which means that it pulls no punches! Solve it for grades, glory, and the scoreboard!

Let's dive into reverse engineering obfuscated code! This challenge is using VM-based obfuscation: reverse engineer the custom emulator and architecture to understand how to get the flag! If you are clever, you won't need to reverse too much VM code.

This is a teaching challenge, which means that it will print out useful information to help you solve it! You still need to solve it for the score and grade, though!

Let's dive into reverse engineering obfuscated code! This challenge is using VM-based obfuscation: reverse engineer the custom emulator and architecture to understand how to get the flag! If you are clever, you won't need to reverse too much VM code.

This is a testing challenge, which means that it pulls no punches! Solve it for grades, glory, and the scoreboard!

Let's continue deeper inreverse engineering obfuscated code! This challenge is using VM-based obfuscation: reverse engineer the custom emulator and architecture to understand how to get the flag!

This is a teaching challenge, which means that it will print out useful information to help you solve it! You still need to solve it for the score and grade, though!

Let's continue deeper inreverse engineering obfuscated code! This challenge is using VM-based obfuscation: reverse engineer the custom emulator and architecture to understand how to get the flag!

This is a testing challenge, which means that it pulls no punches! Solve it for grades, glory, and the scoreboard!

This challenge is using VM-based obfuscation: reverse engineer the custom emulator and architecture to understand how to get the flag!

This is a teaching challenge, which means that it will print out useful information to help you solve it! You still need to solve it for the score and grade, though!

This challenge is using VM-based obfuscation: reverse engineer the custom emulator and architecture to understand how to get the flag!

This is a testing challenge, which means that it pulls no punches! Solve it for grades, glory, and the scoreboard!

This challenge is using VM-based obfuscation: reverse engineer the custom emulator and architecture to understand how to get the flag!

This is a teaching challenge, which means that it will print out useful information to help you solve it! You still need to solve it for the score and grade, though!

This challenge is using VM-based obfuscation: reverse engineer the custom emulator and architecture to understand how to get the flag!

This is a testing challenge, which means that it pulls no punches! Solve it for grades, glory, and the scoreboard!

This challenge is using VM-based obfuscation: reverse engineer the custom emulator and architecture to understand how to get the flag! This is a full end-to-end obfuscated challenge, like you might see in real-world obfuscated code!

This is a teaching challenge, which means that it will print out useful information to help you solve it! You still need to solve it for the score and grade, though!

This challenge is using VM-based obfuscation: reverse engineer the custom emulator and architecture to understand how to get the flag! This is a full end-to-end obfuscated challenge, like you might see in real-world obfuscated code!

This is a testing challenge, which means that it pulls no punches! Solve it for grades, glory, and the scoreboard!

Reverse engineer this custom emulator and architecture to understand how to get the flag!

This is a teaching challenge, which means that it will print out useful information to help you solve it! You still need to solve it for the score and grade, though!

Reverse engineer this custom emulator and architecture to understand how to get the flag!

This is a testing challenge, which means that it pulls no punches! Solve it for grades, glory, and the scoreboard!

Reverse engineer this custom emulator and architecture, and write your own custom shellcode to get the flag.

This is a teaching challenge, which means that it will print out useful information to help you solve it! You still need to solve it for the score and grade, though!

Reverse engineer this custom emulator and architecture, and write your own custom shellcode to get the flag.

This is a testing challenge, which means that it pulls no punches! Solve it for grades, glory, and the scoreboard!

Reverse engineer this custom emulator and architecture, and write your own custom shellcode to get the flag, with a twist. This is the final boss. Are you a true Yan-head?

This is a teaching challenge, which means that it will print out useful information to help you solve it! You still need to solve it for the score and grade, though!

Reverse engineer this custom emulator and architecture, and write your own custom shellcode to get the flag, with a twist. This is the final boss. Are you a true Yan-head?

This is a testing challenge, which means that it pulls no punches! Solve it for grades, glory, and the scoreboard!


Module Ranking

This scoreboard reflects solves for challenges in this module after the module launched in this dojo.

Rank Hacker Score