Software Security Study Group Report 

Week 5

 

This week, in software security,  we covered two code analysis technologies: static analysis and symbolic execution. We learned that how to a program analyze statically. We solved some challenges from CTFs to practice about static analysis.

 

Challenges

 

  • no-calm:

By using IDA, we disassembled a 64-bit ELF file and try to understand how it works by performing static analysis. You can look at the write-up from here: https://www.pwndiary.com/write-ups/backdoorctf-2017-no-calm-write-up-reverse350/

 

Also, we saw other solutions for the challenge by using z3 and angr. For these solutions look at following links:

z3: https://vishnudevtj.github.io/notes/backdoor-2017-no-calm-350

angr: https://theromanxpl0it.github.io/ctf_backdoorctf17/nocalm/


 

  • slammer:

In this challenge, we analyzed 64-bit ELF file with IDA Pro. Differently, the code is self-decrypting. It decrypts then executes the decrypted code. To solve this, we created an IDC script. The write-up is here: https://www.pwndiary.com/write-ups/xiomara-ctf-2018-slammer-write-up-reverse200/

 

  • fortune jack:

In this challenge, a file named “Lucky_Drawer.exe” was given. After analyzing it with a PE analyzer like PEiD, RDG Packer Detector, etc, we saw that it is a .NET executable. Thus, we decompiled it using a .NET decompiler(ILSpy, dotPeek or .NET Reflector). The solution is here: https://www.pwndiary.com/write-ups/xiomara-ctf-2018-fortunejack-write-up-reverse50/

 

  • mario mystery:

There was a given apk file and we decompiled the apk by using this website. Then, we looked inside of functions to understand the application’s logic. Solution is here: https://www.pwndiary.com/write-ups/xiomara-ctf-2018-mario-mystery-write-up-reverse50/