Validator3000

This challenge was labeled as RE in this years ctfzone CTF. The subtitle was The flag is inside, but take it easy and don’t waste your time, that should probably have been a hint on how to approach this challenge. As always reading between the lines is super helpful in a CTF. I mostly ignored this more than subtle hint and downloaded the challenge, which came as an extracable .zip archive.

More …

Dissection and Exploitation of ELF files

Preface

Hi folks! For quite some time there was no article from my side. Life kept me busy with all sorts of things, but here is a little something until some cooler project emerges :) . This article will focus on explaining the ELF file format. While this may seem like a really boring and very theory heavy research topic I actually had a lot of fun during my time digging through the available literature and trying things out on my own.

More …

An introduction on Control Flow Graphs and Integrity

Preface

It has been a longer time since I tackled the exploit mitigations on Linux. Nevertheless I felt like I should at least cover control flow graphs and control flow integrity as well to move on to new topics.
This research article will be a bit on the theoretical side to understand what CFG and CFI is all about.

More …

Reversing Xiaomis Mi Router 3 - Part 1 - Teardown

Preface

I felt the urge to come back to where I started before I did some research on exploitation and especially the basic mitigations on GNU/Linux.
So here it is, my attempt to dig deeper into a router I somehow deemed as interesting enough to buy and crack open to see whats inside.
When I unboxed this thing I was surprised how small this one is, and even more how small the board inside of the casing really is!
But more about that later on. This first part will basically describe the teardown of the device and the hunt for debug ports on the hardware and how to spot the usual suspects.

More …