Software Security Study Group Report
This week, in software security, we covered two code analysis technologies: static analysis and symbolic execution. We learned that how to a program analyze statically. We solved some challenges from CTFs to practice about static analysis.
By using IDA, we disassembled a 64-bit ELF file and try to understand how it works by performing static analysis. You can look at the write-up from here: https://www.pwndiary.com/write-ups/backdoorctf-2017-no-calm-write-up-reverse350/
Also, we saw other solutions for the challenge by using z3 and angr. For these solutions look at following links:
In this challenge, we analyzed 64-bit ELF file with IDA Pro. Differently, the code is self-decrypting. It decrypts then executes the decrypted code. To solve this, we created an IDC script. The write-up is here: https://www.pwndiary.com/write-ups/xiomara-ctf-2018-slammer-write-up-reverse200/
In this challenge, a file named “Lucky_Drawer.exe” was given. After analyzing it with a PE analyzer like PEiD, RDG Packer Detector, etc, we saw that it is a .NET executable. Thus, we decompiled it using a .NET decompiler(ILSpy, dotPeek or .NET Reflector). The solution is here: https://www.pwndiary.com/write-ups/xiomara-ctf-2018-fortunejack-write-up-reverse50/
There was a given apk file and we decompiled the apk by using this website. Then, we looked inside of functions to understand the application’s logic. Solution is here: https://www.pwndiary.com/write-ups/xiomara-ctf-2018-mario-mystery-write-up-reverse50/