Software Security Study Group Report 

Week 5


This week, in software security,  we covered two code analysis technologies: static analysis and symbolic execution. We learned that how to a program analyze statically. We solved some challenges from CTFs to practice about static analysis.




  • no-calm:

By using IDA, we disassembled a 64-bit ELF file and try to understand how it works by performing static analysis. You can look at the write-up from here:


Also, we saw other solutions for the challenge by using z3 and angr. For these solutions look at following links:




  • slammer:

In this challenge, we analyzed 64-bit ELF file with IDA Pro. Differently, the code is self-decrypting. It decrypts then executes the decrypted code. To solve this, we created an IDC script. The write-up is here:


  • fortune jack:

In this challenge, a file named “Lucky_Drawer.exe” was given. After analyzing it with a PE analyzer like PEiD, RDG Packer Detector, etc, we saw that it is a .NET executable. Thus, we decompiled it using a .NET decompiler(ILSpy, dotPeek or .NET Reflector). The solution is here:


  • mario mystery:

There was a given apk file and we decompiled the apk by using this website. Then, we looked inside of functions to understand the application’s logic. Solution is here: