Pak Mat Burger [pwn]
Format string attack to leak information to perform buffer overflow on binary with stack protection + PIE.
- WargamesMY2023 2
- BOH2023 3
- ACS2023 4
- SECCON2023 1
- WargamesMY2022 3
- DiceCTF2022 1
- STANDCON2021 3
- CDDC2021 2
- Plaid2021 1
- CTFSG2021 2
- DSO-NUS2021 5
- DiceCTF2021 1
Magic Door [pwn]
Classic ret2libc
Vaccines [Pwn]
Pwning faulty implementation of strlen and atoi functions in Haskell.
M1 [Pwn]
Simple ARM64 Return-Oriented Programming (ROP).
Locker [Pwn]
Subtle integer underflow to hijack control flow.
Note [Code Audit]
Dangling reference leading to Use-After-Free (UAF). Second code audit challenge for ACS 2023 finals.
Licrackense [Binary]
Light RE with z3 + heap overflow. From ACS 2023 finals.
Expr [Binary]
Solve for flag checker that uses multithreading for flag check routine.
Key In Haystack [Code Audit]
Absence of stack initialization and subtle vulnerability to leak secrets read onto the stack.
Optinimize [RE]
Reversing program wrote in nim-lang that uses the bigints library for big integer math.
When am I [OSINT]
Simple OSINT challenge for hololive fans.
Pxrtxblx Nxtwxrk Grxphxcs [Misc]
Patch corrupted PNG file to recover the image.
Old Vault [RE]
Reverse engineering PS2 game program to find correct password.
Typed [RE]
Flag checker made with Rust’s trait implementations and the Rust compiler.
Space Playwright [RE]
Reverse a program written in Shakespeare Programming Language (SPL). Second RE challenge in STANDCON2021.
Ancient Computing [Forensics]
Study and understand a very old file spreadsheet format (WK1 for Lotus 1-2-3), then retrieve data stored in a cell. First forensics challenge from STANDCON20...
Airlock Breakout [RE]
JavaScript flag checking functions solved using z3-solver. First RE challenge from STANDCON 2021.
Take Control [Pwn]
Simple Return Oriented Programming challenge. Second pwn challenge in CDDC2021.
POP IT [Pwn]
Python code injection attack on an echo server. Third pwn challenge in CDDC2021.
The Watness III [RE, Web]
Reverse engineer a WebGL game by reversing its fragment shader program. First RE and Web challenge from Plaid CTF 2021.
What do the numbas mean? [RE]
Analyze python Intermediate Representation and recover the flag. First RE challenge from CTF.SG 2021.
Haachama cooking [RE]
A simple Golang binary reversing challenge with some AES. Second RE challenge from CTF.SG 2021.
Login [Mobile]
Simple mobile reversing challenge (that doesn’t require much mobile knowledge XD). First mobile challenge from DSO-NUS 2021.
FlashyLighty [Mobile]
Mobile reversing challenge that uses time of execution to check for conditions. Third mobile challenge from DSO-NUS 2021.
Three Trials [RE]
Simple reversing challenge with some math. First RE challenge from DSO-NUS 2021.
Insecure [Pwn]
Exploit a program that changes user privilege to root with setuid() to escalate privilege. First pwn challenge from DSO-NUS 2021.
NyaVM [RE]
Read. Understand. Patch. Get flag. A cool challenge that requires patching binaries. Second RE challenge from DSO-NUS 2021.
Dice Is You [RE]
A wasm reversing challenge using closure compiler to simplify code, and z3 to solve for final solution.