Wednesday, September 25, 2013

CSAW 2013 Qualifier



We solved 16 out of 40 challenges, achieving 1350 of 8200 points, and ranked 397 of 1383 teams.

Minus a few frustrating times when Recon challenges were either not working, or were messed with by other teams, we found this competition pretty enjoyable. Thursday Night we tried tackling the moderate difficulty challenges (level 300). Friday we took off. Saturday was mostly spent going all over the board taking notes and feeling out the easier challenges. Sunday was our serious push.

Before this I hadn't reversed engineered a program in about a decade, so this was a great opportunity to jump back into it. It was the first time I had seriously used Ida Pro. At first I was afraid that Ida Pro would alter the way I reverse engineer. However I found instead that it not only worked with me, but by being able to rename variables and check references that it made my process extremely faster.

I had swiftly knocked out csaw2013reversing1.exe and csaw2013reversing2.exe, but in my manual decompiling of crackme, I had failed to note that the hash code skipped every other byte. That small oversight costed me 300 points. Yes, I learned too late that Ida Pro will also decompile for me. That feature and learning to script xor decryption (yes, I did that by hand as well) would have made me go even faster, giving me time to look at other categories.

No comments:

Post a Comment