Tampilkan postingan dengan label Reverse Engineering. Tampilkan semua postingan
hay gay kembali lagi dengan gw yukinoshita 47 kali ini gw ikutan CTF lagi Surabaya Hacker Link Offline CTF Competition 2018 Write Up yah iseng-iseng aja sih gw ikutan walaupun performa gw jelek disini gamasalah namanya juga iseng wkwkwkwkwk.
ini info CTF nya
dan oke langsung aja gw mulai
Challenge #1 Basic - Cryptography
berikut soal nya
4B55594751544C464742344759574B594A4
A3256514D433250465244454D4C474B4657554D36544
24B3548474D5532594B4A3546514D44454F5A5244455554474D524457513443554E565348555
A5352485536513D3D3D3D
langsung aja kita mulai saat soal ini dikerjakan gw masih posisi di windows 10
pertama gw cek dulu 4B55594751544C464742344759574B594A4
A3256514D433250465244454D4C474B4657554D36544
24B3548474D5532594B4A3546514D44454F5A5244455554474D524457513443554E565348555
A5352485536513D3D3D3D kira-kira jenis hash nya apa.
muncul 2 jenis hash yaitu HEX dan Base64
dan gw yakin itu udah pasti HEX dan langsung aja gw convert lagi dari Hex ke text dan hasil nya adalah
KUYGQTLFGB4GYWKYJJ2VQMC2PFRDEMLGKFWUM6TBK5HGMU2YKJ5FQMDEOZRDEUTGMRDWQ4CUNVSHUZSRHU6Q====
gw decode KUYGQTLFGB4GYWKYJJ2VQMC2PFRDEMLGKFWUM6TBK5HGMU2YKJ5FQMDEOZRDEUTGMRDWQ4CUNVSHUZSRHU6Q====
dengan base32 decode dan hasil nya adalah
U0hMe0xlYXJuX0Zyb21fQmFzaWNfSXRzX0dvb2RfdGhpTmdzfQ==
kemudian U0hMe0xlYXJuX0Zyb21fQmFzaWNfSXRzX0dvb2RfdGhpTmdzfQ== gw decode lagi dengan Base64 hasil nya adalah SHL{Learn_From_Basic_Its_Good_thiNgs}
flag nya adalah SHL{Learn_From_Basic_Its_Good_thiNgs}
oke lanjut soal berikut nya
Challenge #2 Pacarku - Forensic
kali ini soal tentang forensic dan langsung aja kita mulai berikut soal nya
dalam challenge ini kita disuruh analisa forensic gambar ini
disini gw menggunakan tool online aja buat ngecek file exif nya dan keliatan flag nya
dan flag nya adalah SHL{Exif_7a1a5f3e79fdc91edf2f5ead9d66abb4_Yeah}
Challenge #3 Flag Validate - Reversing
ini soal terakhir yang berhasil gw selesaikan berikut soal nya pada saat ngerjakan soal ini gw berada di posisi Kali Linux wkwkwkwkwkwk
nah gw sudah download file nya yang bernama Flag
gw jalanin file nya dengan perintah ./Flag dan muncul disitu tulisan Masukan Flagnya : gw coba input asal asalan aja 12345678910 dan ternyata salah wkwkwkwkwk
yg pasti sebelum diutak-atik lebih jauh disini gw cek strings nya dengan perintah strings ./Flag dan muncul flag nya SHL{Mini_Reversing_00}
jika diinput sesuai flag nya maka akan muncul tulisan Selamat Ambil Flagnya!
oke cukup sampai disini aja write up gw sorry kalo jelek write up hanya sekedar formalitas dokumentasi aja gays wkwkwk
sekian dan terimakasih.
Main Portal : http://www.garudasecurityhacker.org
Bagian Intelligence Gathering : http://big.garudasecurityhacker.org
Blog : http://blog.garudasecurityhacker.org
Our Project : http://project.garudasecurityhacker.org
Surabaya Hacker Link Offline CTF Competition 2018 [Write Up]
Hai gaes kembali lagi dengan gw Yukinoshita 47 ya gw bikin write up lagi ne dari Cybertalents yahh kali ini challenge yg gw ikuti adalah Malware Reverse Engineering lagi ne.
berikut soal nya
The correct input is the flag,format flag{xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx}
Langsung aja kita mulai pertama yang jelas harus santai dulu dengar musik. sambil coli ehh ngopi maksud nya
gw download file GUI.exe dan gw buka di dalam aplikasi nya ada tombol button1 kemudian ada 8 buah checkbox
ya daripada memperpusingkan diri langsung aja gw buka file GUI.exe nya tadi dengan CodeReflect untuk melihat isi nya
pertama gw cek bagian yang ada kaitan nya dengan button1 yaitu bagian button1_Click(Object,EventArgs) : Void
di bagian script ini
Loop
Me.label4.Text = num1.ToString()
If ((Integer.Parse(Me.label3.Text.Split(New Char() {32})(Me.current)) + 10) = num1) Then
Me.label2.Text = Me.label2.Text & CType(num1, Char)
Me.current = (Me.current + 1)
End If
gw liat ada bagian yang menurut gw ada hubungannya dengan label3 yaitu adalah If ((Integer.Parse(Me.label3.Text.Split(New Char() {32})(Me.current)) + 10) = num1)
jadi di label3 tadi gw cek script nya di bagian InitializeComponent() : Void
Me.label3.AllowDrop = True
Me.label3.AutoSize = True
Me.label3.Location = New System.Drawing.Point(16, 55)
Me.label3.Name = "label3"
Me.label3.Size = New System.Drawing.Size(478, 13)
Me.label3.TabIndex = 12
Me.label3.Text = "92 98 87 93 113 95 105 85 106 94 95 105 85 89 87 91 105 87 104 85 89 95 102 94 91 104 53 115"
Me.label3.Visible = False
gw ketemu angka ASCII di bagian Me.label3.Text = "92 98 87 93 113 95 105 85 106 94 95 105 85 89 87 91 105 87 104 85 89 95 102 94 91 104 53 115"
jadi kesimpulan jalur nya menurut versi gw If ((Integer.Parse(Me.label3.Text.Split(New Char() {32})(Me.current)) + 10) = num1) adalah setiap digit 92 98 87 93 113 95 105 85 106 94 95 105 85 89 87 91 105 87 104 85 89 95 102 94 91 104 53 115 itu ditambah 10
nah angka 102 108 97 103 123 105 115 95 116 104 105 115 95 99 97 101 115 97 114 95 99 105 112 104 101 114 63 21 tersebut kita convert ke plain text hasil nya berantakan seperti gambar dibawah ini
seperti biasa angka ASCII sudah pasti rata2 3 Digit penomoran nya
jadi angka yang tadi dikoreksi menjadi 102 108 097 103 123 105 115 095 116 104 105 115 095 099 097 101 115 097 114 095 099 105 112 104 101 114 063 21 dan hasil nya adalah flag{is_this_caesar_cipher?
jadi flag nya sesuai dengan format soal challenge nya adalah flag{is_this_caesar_cipher?}
oke cukup sampai disini saja write up nya kurang lebih seperti itu lah penjelasan sederhana saya jika kalia merasa write up ini jelek ya maklumin aja wkwkwkwkwk gw seperti biasa gw udah pernah bilang kan ke lu pade gw bikin write up ini cuma buat formalitas dokumentasi aja.
sekian dan terimakasih
Main Portal : http://www.garudasecurityhacker.org
Bagian Intelligence Gathering : http://big.garudasecurityhacker.org
Blog : http://blog.garudasecurityhacker.org
Our Project : http://project.garudasecurityhacker.org
Cybertalents Practice : Malware Reverse Engineering - GUI I [Write Up]
Yup Kembali lagi bersama gw Yukinoshita 47 babeh kalian di GSH yang tercinta ini wkwkwkwkwkwk biase kali ini gw mau share tentang CTF lagi. kali ini gw memberanikan diri untuk ikutan CTF yang Reverse Engineering karena banyak haters GSH nantang buat bikin konten Reverse Engineering ok gpp kita ladenin aja :v
challenge kali ini adalah Eye of Sauron kategori nya Malware Reverse Engineering
inilah penampakan eye of sauron
Q : WOI BNGST KNTL MMQ JMBT MATA DAJJAL ITU MAH
A : Lu tau tuh Mata Dajjal tp nape lu males ibadah ?
udah udah cukup intermezzo nya mari kita ke TKP
oke berikut ini challenge nya
Can you find the key to pass? Link:https://s3-eu-west-1.amazonaws.com/talentchallenges/Reverse/Inkie.zip
gw download dulu file nya dan gw copy file Inkie.exe nya karena yg 1 buat di reverse atau dibongkar yg 1 lagi buat dijalanin.
challenge nya seperti ini disuruh nyari key nya
gw buka software Inkie.exe nya gw disini pake CodeReflect
disini gw nemuin kode hash pada bagian InitializeComponent() : Void di FormLabel2, FormLabel3, FormLabel4, dan FormLabel5 lebih detail cek di gambar
ini Source Code bagian InitializeComponent() : Void
.method private hidebysig instance void InitializeComponent() cil managed
{
// Method Start RVA 0x2184
// Code Size 1078 (0x436)
.maxstack 4
L_0000: ldarg.0
L_0001: newobj instance void [System.Windows.Forms]System.Windows.Forms.Label::.ctor()
L_0006: stfld [Inkie]Inkie.Form1::label1
L_000b: ldarg.0
L_000c: newobj instance void [System.Windows.Forms]System.Windows.Forms.TextBox::.ctor()
L_0011: stfld [Inkie]Inkie.Form1::txtPass
L_0016: ldarg.0
L_0017: newobj instance void [System.Windows.Forms]System.Windows.Forms.Button::.ctor()
L_001c: stfld [Inkie]Inkie.Form1::btnCheck
L_0021: ldarg.0
L_0022: newobj instance void [System.Windows.Forms]System.Windows.Forms.Label::.ctor()
L_0027: stfld [Inkie]Inkie.Form1::label2
L_002c: ldarg.0
L_002d: newobj instance void [System.Windows.Forms]System.Windows.Forms.Label::.ctor()
L_0032: stfld [Inkie]Inkie.Form1::label3
L_0037: ldarg.0
L_0038: newobj instance void [System.Windows.Forms]System.Windows.Forms.Label::.ctor()
L_003d: stfld [Inkie]Inkie.Form1::label4
L_0042: ldarg.0
L_0043: newobj instance void [System.Windows.Forms]System.Windows.Forms.Label::.ctor()
L_0048: stfld [Inkie]Inkie.Form1::label5
L_004d: ldarg.0
L_004e: call instance void [System.Windows.Forms]System.Windows.Forms.Control::SuspendLayout()
L_0053: ldarg.0
L_0054: ldfld [Inkie]Inkie.Form1::label1
L_0059: ldc.i4.1
L_005a: callvirt instance void [System.Windows.Forms]System.Windows.Forms.Control::set_AutoSize(bool)
L_005f: ldarg.0
L_0060: ldfld [Inkie]Inkie.Form1::label1
L_0065: ldc.i4.s 12
L_0067: ldc.i4.s 80
L_0069: newobj instance void [System.Drawing]System.Drawing.Point::.ctor(int32,int32)
L_006e: callvirt instance void [System.Windows.Forms]System.Windows.Forms.Control::set_Location(valuetype [System.Drawing]System.Drawing.Point)
L_0073: ldarg.0
L_0074: ldfld [Inkie]Inkie.Form1::label1
L_0079: ldstr "label1"
L_007e: callvirt instance void [System.Windows.Forms]System.Windows.Forms.Control::set_Name(string)
L_0083: ldarg.0
L_0084: ldfld [Inkie]Inkie.Form1::label1
L_0089: ldc.i4 131
L_008e: ldc.i4.s 13
L_0090: newobj instance void [System.Drawing]System.Drawing.Size::.ctor(int32,int32)
L_0095: callvirt instance void [System.Windows.Forms]System.Windows.Forms.Control::set_Size(valuetype [System.Drawing]System.Drawing.Size)
L_009a: ldarg.0
L_009b: ldfld [Inkie]Inkie.Form1::label1
L_00a0: ldc.i4.0
L_00a1: callvirt instance void [System.Windows.Forms]System.Windows.Forms.Control::set_TabIndex(int32)
L_00a6: ldarg.0
L_00a7: ldfld [Inkie]Inkie.Form1::label1
L_00ac: ldstr "Enter the key on the ring:"
L_00b1: callvirt instance void [System.Windows.Forms]System.Windows.Forms.Control::set_Text(string)
L_00b6: ldarg.0
L_00b7: ldfld [Inkie]Inkie.Form1::txtPass
L_00bc: ldc.i4 143
L_00c1: ldc.i4.s 77
L_00c3: newobj instance void [System.Drawing]System.Drawing.Point::.ctor(int32,int32)
L_00c8: callvirt instance void [System.Windows.Forms]System.Windows.Forms.Control::set_Location(valuetype [System.Drawing]System.Drawing.Point)
L_00cd: ldarg.0
L_00ce: ldfld [Inkie]Inkie.Form1::txtPass
L_00d3: ldstr "txtPass"
L_00d8: callvirt instance void [System.Windows.Forms]System.Windows.Forms.Control::set_Name(string)
L_00dd: ldarg.0
L_00de: ldfld [Inkie]Inkie.Form1::txtPass
L_00e3: ldc.i4 129
L_00e8: ldc.i4.s 20
L_00ea: newobj instance void [System.Drawing]System.Drawing.Size::.ctor(int32,int32)
L_00ef: callvirt instance void [System.Windows.Forms]System.Windows.Forms.Control::set_Size(valuetype [System.Drawing]System.Drawing.Size)
L_00f4: ldarg.0
L_00f5: ldfld [Inkie]Inkie.Form1::txtPass
L_00fa: ldc.i4.1
L_00fb: callvirt instance void [System.Windows.Forms]System.Windows.Forms.Control::set_TabIndex(int32)
L_0100: ldarg.0
L_0101: ldfld [Inkie]Inkie.Form1::btnCheck
L_0106: ldc.i4.s 105
L_0108: ldc.i4.s 125
L_010a: newobj instance void [System.Drawing]System.Drawing.Point::.ctor(int32,int32)
L_010f: callvirt instance void [System.Windows.Forms]System.Windows.Forms.Control::set_Location(valuetype [System.Drawing]System.Drawing.Point)
L_0114: ldarg.0
L_0115: ldfld [Inkie]Inkie.Form1::btnCheck
L_011a: ldstr "btnCheck"
L_011f: callvirt instance void [System.Windows.Forms]System.Windows.Forms.Control::set_Name(string)
L_0124: ldarg.0
L_0125: ldfld [Inkie]Inkie.Form1::btnCheck
L_012a: ldc.i4.s 75
L_012c: ldc.i4.s 23
L_012e: newobj instance void [System.Drawing]System.Drawing.Size::.ctor(int32,int32)
L_0133: callvirt instance void [System.Windows.Forms]System.Windows.Forms.Control::set_Size(valuetype [System.Drawing]System.Drawing.Size)
L_0138: ldarg.0
L_0139: ldfld [Inkie]Inkie.Form1::btnCheck
L_013e: ldc.i4.2
L_013f: callvirt instance void [System.Windows.Forms]System.Windows.Forms.Control::set_TabIndex(int32)
L_0144: ldarg.0
L_0145: ldfld [Inkie]Inkie.Form1::btnCheck
L_014a: ldstr "I shall Pass!"
L_014f: callvirt instance void [System.Windows.Forms]System.Windows.Forms.Control::set_Text(string)
L_0154: ldarg.0
L_0155: ldfld [Inkie]Inkie.Form1::btnCheck
L_015a: ldc.i4.1
L_015b: callvirt instance void [System.Windows.Forms]System.Windows.Forms.ButtonBase::set_UseVisualStyleBackColor(bool)
L_0160: ldarg.0
L_0161: ldfld [Inkie]Inkie.Form1::btnCheck
L_0166: ldarg.0
L_0167: ldftn instance void [Inkie]Inkie.Form1::btnCheck_Click(object,class [mscorlib]System.EventArgs)
L_016d: newobj instance void [mscorlib]System.EventHandler::.ctor(object,valuetype [mscorlib]System.IntPtr)
L_0172: callvirt instance void [System.Windows.Forms]System.Windows.Forms.Control::add_Click(class [mscorlib]System.EventHandler)
L_0177: ldarg.0
L_0178: ldfld [Inkie]Inkie.Form1::label2
L_017d: ldc.i4.1
L_017e: callvirt instance void [System.Windows.Forms]System.Windows.Forms.Control::set_AutoSize(bool)
L_0183: ldarg.0
L_0184: ldfld [Inkie]Inkie.Form1::label2
L_0189: call valuetype [System.Drawing]System.Drawing.Color [System.Drawing]System.Drawing.SystemColors::get_Control()
L_018e: callvirt instance void [System.Windows.Forms]System.Windows.Forms.Control::set_ForeColor(valuetype [System.Drawing]System.Drawing.Color)
L_0193: ldarg.0
L_0194: ldfld [Inkie]Inkie.Form1::label2
L_0199: ldc.i4.s 12
L_019b: ldc.i4 165
L_01a0: newobj instance void [System.Drawing]System.Drawing.Point::.ctor(int32,int32)
L_01a5: callvirt instance void [System.Windows.Forms]System.Windows.Forms.Control::set_Location(valuetype [System.Drawing]System.Drawing.Point)
L_01aa: ldarg.0
L_01ab: ldfld [Inkie]Inkie.Form1::label2
L_01b0: ldstr "label2"
L_01b5: callvirt instance void [System.Windows.Forms]System.Windows.Forms.Control::set_Name(string)
L_01ba: ldarg.0
L_01bb: ldfld [Inkie]Inkie.Form1::label2
L_01c0: ldc.i4.s 55
L_01c2: ldc.i4.s 13
L_01c4: newobj instance void [System.Drawing]System.Drawing.Size::.ctor(int32,int32)
L_01c9: callvirt instance void [System.Windows.Forms]System.Windows.Forms.Control::set_Size(valuetype [System.Drawing]System.Drawing.Size)
L_01ce: ldarg.0
L_01cf: ldfld [Inkie]Inkie.Form1::label2
L_01d4: ldc.i4.3
L_01d5: callvirt instance void [System.Windows.Forms]System.Windows.Forms.Control::set_TabIndex(int32)
L_01da: ldarg.0
L_01db: ldfld [Inkie]Inkie.Form1::label2
L_01e0: ldstr "d0248b4e"
L_01e5: callvirt instance void [System.Windows.Forms]System.Windows.Forms.Control::set_Text(string)
L_01ea: ldarg.0
L_01eb: ldfld [Inkie]Inkie.Form1::label3
L_01f0: ldc.i4.1
L_01f1: callvirt instance void [System.Windows.Forms]System.Windows.Forms.Control::set_AutoSize(bool)
L_01f6: ldarg.0
L_01f7: ldfld [Inkie]Inkie.Form1::label3
L_01fc: call valuetype [System.Drawing]System.Drawing.Color [System.Drawing]System.Drawing.SystemColors::get_Control()
L_0201: callvirt instance void [System.Windows.Forms]System.Windows.Forms.Control::set_ForeColor(valuetype [System.Drawing]System.Drawing.Color)
L_0206: ldarg.0
L_0207: ldfld [Inkie]Inkie.Form1::label3
L_020c: ldc.i4.s 12
L_020e: ldc.i4 178
L_0213: newobj instance void [System.Drawing]System.Drawing.Point::.ctor(int32,int32)
L_0218: callvirt instance void [System.Windows.Forms]System.Windows.Forms.Control::set_Location(valuetype [System.Drawing]System.Drawing.Point)
L_021d: ldarg.0
L_021e: ldfld [Inkie]Inkie.Form1::label3
L_0223: ldstr "label3"
L_0228: callvirt instance void [System.Windows.Forms]System.Windows.Forms.Control::set_Name(string)
L_022d: ldarg.0
L_022e: ldfld [Inkie]Inkie.Form1::label3
L_0233: ldc.i4.s 55
L_0235: ldc.i4.s 13
L_0237: newobj instance void [System.Drawing]System.Drawing.Size::.ctor(int32,int32)
L_023c: callvirt instance void [System.Windows.Forms]System.Windows.Forms.Control::set_Size(valuetype [System.Drawing]System.Drawing.Size)
L_0241: ldarg.0
L_0242: ldfld [Inkie]Inkie.Form1::label3
L_0247: ldc.i4.4
L_0248: callvirt instance void [System.Windows.Forms]System.Windows.Forms.Control::set_TabIndex(int32)
L_024d: ldarg.0
L_024e: ldfld [Inkie]Inkie.Form1::label3
L_0253: ldstr "47886655"
L_0258: callvirt instance void [System.Windows.Forms]System.Windows.Forms.Control::set_Text(string)
L_025d: ldarg.0
L_025e: ldfld [Inkie]Inkie.Form1::label4
L_0263: ldc.i4.1
L_0264: callvirt instance void [System.Windows.Forms]System.Windows.Forms.Control::set_AutoSize(bool)
L_0269: ldarg.0
L_026a: ldfld [Inkie]Inkie.Form1::label4
L_026f: call valuetype [System.Drawing]System.Drawing.Color [System.Drawing]System.Drawing.SystemColors::get_Control()
L_0274: callvirt instance void [System.Windows.Forms]System.Windows.Forms.Control::set_ForeColor(valuetype [System.Drawing]System.Drawing.Color)
L_0279: ldarg.0
L_027a: ldfld [Inkie]Inkie.Form1::label4
L_027f: ldc.i4.s 12
L_0281: ldc.i4 191
L_0286: newobj instance void [System.Drawing]System.Drawing.Point::.ctor(int32,int32)
L_028b: callvirt instance void [System.Windows.Forms]System.Windows.Forms.Control::set_Location(valuetype [System.Drawing]System.Drawing.Point)
L_0290: ldarg.0
L_0291: ldfld [Inkie]Inkie.Form1::label4
L_0296: ldstr "label4"
L_029b: callvirt instance void [System.Windows.Forms]System.Windows.Forms.Control::set_Name(string)
L_02a0: ldarg.0
L_02a1: ldfld [Inkie]Inkie.Form1::label4
L_02a6: ldc.i4.s 53
L_02a8: ldc.i4.s 13
L_02aa: newobj instance void [System.Drawing]System.Drawing.Size::.ctor(int32,int32)
L_02af: callvirt instance void [System.Windows.Forms]System.Windows.Forms.Control::set_Size(valuetype [System.Drawing]System.Drawing.Size)
L_02b4: ldarg.0
L_02b5: ldfld [Inkie]Inkie.Form1::label4
L_02ba: ldc.i4.5
L_02bb: callvirt instance void [System.Windows.Forms]System.Windows.Forms.Control::set_TabIndex(int32)
L_02c0: ldarg.0
L_02c1: ldfld [Inkie]Inkie.Form1::label4
L_02c6: ldstr "83f05688"
L_02cb: callvirt instance void [System.Windows.Forms]System.Windows.Forms.Control::set_Text(string)
L_02d0: ldarg.0
L_02d1: ldfld [Inkie]Inkie.Form1::label5
L_02d6: ldc.i4.1
L_02d7: callvirt instance void [System.Windows.Forms]System.Windows.Forms.Control::set_AutoSize(bool)
L_02dc: ldarg.0
L_02dd: ldfld [Inkie]Inkie.Form1::label5
L_02e2: call valuetype [System.Drawing]System.Drawing.Color [System.Drawing]System.Drawing.SystemColors::get_Control()
L_02e7: callvirt instance void [System.Windows.Forms]System.Windows.Forms.Control::set_ForeColor(valuetype [System.Drawing]System.Drawing.Color)
L_02ec: ldarg.0
L_02ed: ldfld [Inkie]Inkie.Form1::label5
L_02f2: ldc.i4.s 12
L_02f4: ldc.i4 204
L_02f9: newobj instance void [System.Drawing]System.Drawing.Point::.ctor(int32,int32)
L_02fe: callvirt instance void [System.Windows.Forms]System.Windows.Forms.Control::set_Location(valuetype [System.Drawing]System.Drawing.Point)
L_0303: ldarg.0
L_0304: ldfld [Inkie]Inkie.Form1::label5
L_0309: ldstr "label5"
L_030e: callvirt instance void [System.Windows.Forms]System.Windows.Forms.Control::set_Name(string)
L_0313: ldarg.0
L_0314: ldfld [Inkie]Inkie.Form1::label5
L_0319: ldc.i4.s 54
L_031b: ldc.i4.s 13
L_031d: newobj instance void [System.Drawing]System.Drawing.Size::.ctor(int32,int32)
L_0322: callvirt instance void [System.Windows.Forms]System.Windows.Forms.Control::set_Size(valuetype [System.Drawing]System.Drawing.Size)
L_0327: ldarg.0
L_0328: ldfld [Inkie]Inkie.Form1::label5
L_032d: ldc.i4.6
L_032e: callvirt instance void [System.Windows.Forms]System.Windows.Forms.Control::set_TabIndex(int32)
L_0333: ldarg.0
L_0334: ldfld [Inkie]Inkie.Form1::label5
L_0339: ldstr "c154b6ea"
L_033e: callvirt instance void [System.Windows.Forms]System.Windows.Forms.Control::set_Text(string)
L_0343: ldarg.0
L_0344: ldc.r4 6
L_0349: ldc.r4 13
L_034e: newobj instance void [System.Drawing]System.Drawing.SizeF::.ctor(float32,float32)
L_0353: call instance void [System.Windows.Forms]System.Windows.Forms.ContainerControl::set_AutoScaleDimensions(valuetype [System.Drawing]System.Drawing.SizeF)
L_0358: ldarg.0
L_0359: ldc.i4.1
L_035a: call instance void [System.Windows.Forms]System.Windows.Forms.ContainerControl::set_AutoScaleMode(valuetype [System.Windows.Forms]System.Windows.Forms.AutoScaleMode)
L_035f: ldarg.0
L_0360: ldc.i4 284
L_0365: ldc.i4 262
L_036a: newobj instance void [System.Drawing]System.Drawing.Size::.ctor(int32,int32)
L_036f: call instance void [System.Windows.Forms]System.Windows.Forms.Form::set_ClientSize(valuetype [System.Drawing]System.Drawing.Size)
L_0374: ldarg.0
L_0375: call instance class [System.Windows.Forms].ControlCollection [System.Windows.Forms]System.Windows.Forms.Control::get_Controls()
L_037a: ldarg.0
L_037b: ldfld [Inkie]Inkie.Form1::label5
L_0380: callvirt instance void [System.Windows.Forms].ControlCollection::Add(class [System.Windows.Forms]System.Windows.Forms.Control)
L_0385: ldarg.0
L_0386: call instance class [System.Windows.Forms].ControlCollection [System.Windows.Forms]System.Windows.Forms.Control::get_Controls()
L_038b: ldarg.0
L_038c: ldfld [Inkie]Inkie.Form1::label4
L_0391: callvirt instance void [System.Windows.Forms].ControlCollection::Add(class [System.Windows.Forms]System.Windows.Forms.Control)
L_0396: ldarg.0
L_0397: call instance class [System.Windows.Forms].ControlCollection [System.Windows.Forms]System.Windows.Forms.Control::get_Controls()
L_039c: ldarg.0
L_039d: ldfld [Inkie]Inkie.Form1::label3
L_03a2: callvirt instance void [System.Windows.Forms].ControlCollection::Add(class [System.Windows.Forms]System.Windows.Forms.Control)
L_03a7: ldarg.0
L_03a8: call instance class [System.Windows.Forms].ControlCollection [System.Windows.Forms]System.Windows.Forms.Control::get_Controls()
L_03ad: ldarg.0
L_03ae: ldfld [Inkie]Inkie.Form1::label2
L_03b3: callvirt instance void [System.Windows.Forms].ControlCollection::Add(class [System.Windows.Forms]System.Windows.Forms.Control)
L_03b8: ldarg.0
L_03b9: call instance class [System.Windows.Forms].ControlCollection [System.Windows.Forms]System.Windows.Forms.Control::get_Controls()
L_03be: ldarg.0
L_03bf: ldfld [Inkie]Inkie.Form1::btnCheck
L_03c4: callvirt instance void [System.Windows.Forms].ControlCollection::Add(class [System.Windows.Forms]System.Windows.Forms.Control)
L_03c9: ldarg.0
L_03ca: call instance class [System.Windows.Forms].ControlCollection [System.Windows.Forms]System.Windows.Forms.Control::get_Controls()
L_03cf: ldarg.0
L_03d0: ldfld [Inkie]Inkie.Form1::txtPass
L_03d5: callvirt instance void [System.Windows.Forms].ControlCollection::Add(class [System.Windows.Forms]System.Windows.Forms.Control)
L_03da: ldarg.0
L_03db: call instance class [System.Windows.Forms].ControlCollection [System.Windows.Forms]System.Windows.Forms.Control::get_Controls()
L_03e0: ldarg.0
L_03e1: ldfld [Inkie]Inkie.Form1::label1
L_03e6: callvirt instance void [System.Windows.Forms].ControlCollection::Add(class [System.Windows.Forms]System.Windows.Forms.Control)
L_03eb: ldarg.0
L_03ec: ldc.i4.1
L_03ed: call instance void [System.Windows.Forms]System.Windows.Forms.Form::set_FormBorderStyle(valuetype [System.Windows.Forms]System.Windows.Forms.FormBorderStyle)
L_03f2: ldarg.0
L_03f3: ldc.i4.0
L_03f4: call instance void [System.Windows.Forms]System.Windows.Forms.Form::set_MaximizeBox(bool)
L_03f9: ldarg.0
L_03fa: ldc.i4.0
L_03fb: call instance void [System.Windows.Forms]System.Windows.Forms.Form::set_MinimizeBox(bool)
L_0400: ldarg.0
L_0401: ldstr "Form1"
L_0406: call instance void [System.Windows.Forms]System.Windows.Forms.Control::set_Name(string)
L_040b: ldarg.0
L_040c: ldstr "Eyes of Sauron"
L_0411: callvirt instance void [System.Windows.Forms]System.Windows.Forms.Control::set_Text(string)
L_0416: ldarg.0
L_0417: ldarg.0
L_0418: ldftn instance void [Inkie]Inkie.Form1::Form1_Load(object,class [mscorlib]System.EventArgs)
L_041e: newobj instance void [mscorlib]System.EventHandler::.ctor(object,valuetype [mscorlib]System.IntPtr)
L_0423: call instance void [System.Windows.Forms]System.Windows.Forms.Form::add_Load(class [mscorlib]System.EventHandler)
L_0428: ldarg.0
L_0429: ldc.i4.0
L_042a: call instance void [System.Windows.Forms]System.Windows.Forms.Control::ResumeLayout(bool)
L_042f: ldarg.0
L_0430: call instance void [System.Windows.Forms]System.Windows.Forms.Control::PerformLayout()
L_0435: ret
}
jadi hash nya
label2 = d0248b4e
label3 = 47886655
label4 = 83f05688
label5 = c154b6ea
kita coba buat key nya dari label2, label3, label4, dan label5 jadi key nya = d0248b4e4788665583f05688c154b6ea
kita test dan ternyata fail
kita coba cara ke dua yaitu urutan nya label5, label4, label3, dan label2 jadi key nya = c154b6ea83f0568847886655d0248b4e
dan hasil nya fail juga
kebetulan gw baru dapat ide gw gunakan pola kita key nya dari label2, label3, label4, dan label5 jadi key nya = d0248b4e4788665583f05688c154b6ea ya kan tp kali ini gw balik seperti efek cermin jadi kurang lebih.
semula key nya = d0248b4e4788665583f05688c154b6ea
gw tandai merah ternyata ada sedikit jebakan gw cek di bagian btnCheck_Click(Object,EventArgs) : Void
script nya di bagian btnCheck_Click(Object,EventArgs) : Void
.method private hidebysig instance void btnCheck_Click(object sender, class [mscorlib]System.EventArgs e) cil managed
{
// Method Start RVA 0x2124
// Code Size 43 (0x2b)
.maxstack 8
L_0000: ldarg.0
L_0001: ldfld [Inkie]Inkie.Form1::label3
L_0006: ldstr "47996655"
L_000b: callvirt instance void [System.Windows.Forms]System.Windows.Forms.Control::set_Text(string)
L_0010: ldarg.0
L_0011: call instance bool [Inkie]Inkie.Form1::ShallHePass()
L_0016: brtrue.s L_001f
L_0018: ldstr "you shall not pass"
L_001d: br.s L_0024
L_001f: ldstr "you shall pass"
L_0024: call valuetype [System.Windows.Forms]System.Windows.Forms.DialogResult [System.Windows.Forms]System.Windows.Forms.MessageBox::Show(string)
L_0029: pop
L_002a: ret
}
semula key nya = d0248b4e4788665583f05688c154b6ea
dibalik pake efek cermin istilah nya diubah menjadi key nya ae6b451c98650f3855668874e4b8420d
karena gw liat ada bagian angka yang mirip tapi beda 2 digit di btnCheck_Click(Object,EventArgs) : Void jadi key nya gw ubah menjadi dari 47886655 menjadi 47889955 jika dibalik pake efek cermin menjadi 55669974 dan jadi key nya = ae6b451c98650f3855669974e4b8420d
dan kita coba ternyata berhasil
flag nya adalah ae6b451c98650f3855669974e4b8420d
dan berhasil
oke cukup sampai disini write up kali ini gw akan bikin write up CTF yang lainnya karena gw beberapa event CTF juga gw ikutin kalo ada challenge nya yang berhasil gw selesaikan pasti gw bikin write up nya buat dokumentasi dan bukti nya.
TOLONG JANGAN BULLY KAMI TERUS KAMI BUKAN SIAPA-SIAPA WKWKWKWKWKWKWK
sekian dan terimakasih
Main Portal : http://www.garudasecurityhacker.org
Bagian Intelligence Gathering : http://big.garudasecurityhacker.org
Blog : http://blog.garudasecurityhacker.org
Our Project : http://project.garudasecurityhacker.org
Cybertalents Practice - Malware Reverse Engineering : Eye of Sauron [Write Up]
Hai para hacker dan yang bukan hacker :v kali ini gw mau sharing tutorial reverse engineering ne hahaha udah dulu coeg berhenti dulu coli nya dan mari kita belajar bersama.
pertama dan yang paling utama ya buka terminal dulu cuk :v
kemudian download dulu tools nya yaitu ReverseAPK caranya d
root@yukinoshita47:/pentest# git clone https://github.com/Yukinoshita47/ReverseAPK
kemudian tekan enter
lalu masuk ke direktori Reverse Apk nya dengan menggunakan perintah
root@yukinoshita47:/pentest# cd ReverseAPK/
kemudian tekan enter
lalu install tool nya dengan menggunakan perintah
root@yukinoshita47:/pentest# ./install
kemudian tekan enter
biarkan proses instalasi berjalan hingga selesai
langsung kita uji coba yukk tool nya cara nya adalah perintah nya seperti ini
root@yukinoshita47:~/mundur# reverse-apk nama-file.apk
contoh disini andro.apk
root@yukinoshita47:~/mundur# reverse-apk andro.apk
kemudian tekan enter maka secara otomatis tool nya akan melakukan proses reverse engineering
nah setelah selesai cek aja langsung di file manager :v contoh seperti gambar dibawah ini cuk file andro.apk tadi sudah terbongkar :v
oke baiklah cukup sampai disini aja ya tutorial nya sampai jumpa di tutorial selanjutnya sekian dan terimakasih salam kocok-kocok
Garuda Security Hacker Official Team
Official Website Portal : Garuda Security Hacker | Official Website Portal
Official Fanspage : Garuda Security Hacker | Official Fanspage
Official Channel YouTube : Garuda Security Hacker | Official Channel
