Articles

HackINI 2018 : Some Writeups

Image
Hello, HackINI (stands for Hack Initiation) is an event that is held once a year at the higher national school of computer science at Algiers, in a whole day, a CTF competition and workshops on various information security subdomains are held in parallel, this year, it was held on February 10th. The challenges of the CTF competition are mostly easy-medium, this post will contain some writeups on some of the tasks. Locked (Reverse Engineering):  We are given a program that prompts us for a combination of keypresses. When we select a wrong combination of keys and press check, it displays "Wrong password" , and if we do it three times, the program exits Let's start reversing! first, let's identify the file, we could use Detect it Easy, or any other file identifier Looks like it's a .NET program, let's decompile it to check its code (I'll use dnSpy, a free .NET decompiler). Hmm, this function is called when we press the Chec...

NFSMW2012 Cheats : Flying Opponents

Image
Hello Everyone, This is a gamehacking tutorial targeting Need for Speed Most Wanted 2012. In this tutorial, I will register a hotkey that when pressed, will raise all the opponents by 20m to the sky (and by opponents I mean both cops and race opponents), lets start :D We'll start by searching for the z coordinate of our car (a value that indicates its height), we must keep in mind that the z axis might be inverted (ie. when our height increases, z might increase or decrease) -This value has two possible types : Float and Double (because it's a real number) - There are two possible cases :     -> Getting more height increases z     -> It decreases z So there will be a total of 4 cases, we can use different tabs to speed up the process, but we'll start with the most likely (Float type, because FPU arithmetic is faster on single floats, game programmers like to use it for coordinates and values that are involved in lots of calculations)...

Himayatic rev_400 Writeup (.NET Crackme)

Image
Hello, today I'll crack a .NET crackme, it was featured on Himayatic CTF, November 2nd 2017. Download link : https://drive.google.com/open?id=0B7U3AsTA9UVfRHdTY2hfQzZrQm8 Let's start :) First, we notice that it's a .NET crackme, it asks for a serial, and displays " Wrong Serial ... !!! " when we enter a random one. We open it in a .NET decompiler (I used dnSpy, which is a fork of ILSpy), and we immediately locate this function :   The code looks obfuscated, we follow the N and M functions in the namespace A, and we find this: Looks like they used CryptoObfuscator to obfuscate the code, we'll use a .NET deobfuscator (de4dot : https://github.com/0xd4d/de4dot ) to clean the executable. We open the cleaned executable in dnSpy, the obfuscation is gone! But it's a wrong flag, if it were the real flag, the else part would display "Wrong Serial ... !!!" and not "Illusion ... !!" (of course, we still try it, who know...