Cyber Training Guide
CTF WriteupsOther NotesHow-To: Radare2How-To: GDB
  • Cyber Training Guide
  • 0x0: Introduction
    • git-good
    • root-1
    • root-2
    • intro
  • Binary Exploitation (pwn)
    • What is Binary Exploitation?
    • 0x1: ret2win
      • win32
      • win64
      • args
    • 0x2: shellcodes
      • location
      • shell
      • constrained
    • 0x3: format strings
      • format
      • chase
      • bbpwn
    • 0x4: stack canaries
      • canary
      • findme
    • 0x5: ROP
      • rop2win
      • split
      • callme
      • write4
      • badchars
    • 0x6: PIE
      • gimme
      • leak32
      • leak64
    • 0x7: ASLR
      • groundzero
      • stepup
      • ret2plt
    • 0x8: GOT overwrites
      • gotem
      • gotem64
  • Programming
    • What is the Programming Section?
    • 0x9: Data Serialization
      • LinkedOps
      • Tree
      • TeLeVision
    • 0xA: Programming
      • Calorie Counting
      • Hash
      • Rock Paper Scissors
      • Watch the Register
      • Supply Stacks
      • Rope Bridge
      • Mountain Climbers
  • Reverse Engineering (RE)
    • What is Reverse Engineering?
    • 0xB: Ghidra
      • hardcode
      • undo
      • snake
  • Toolkit
    • Using Pwntools
      • Establishing Connection
      • Context
      • Sending/Receiving Data
      • The ELF Class
    • My Workflow
      • Tmux
      • Vim
Powered by GitBook
On this page
  • Description
  • Flag
  • Solution

Was this helpful?

  1. Reverse Engineering (RE)
  2. 0xB: Ghidra

snake

Reversing Binaries not written in C/C++.

PreviousundoNextUsing Pwntools

Last updated 1 year ago

Was this helpful?

Category: Ghidra (0xB) Points: 150

Description

This is a hard challenge to reverse. Can you figure it out? nc vunrotc.cole-ellis.com 11300

The goal of this challenge is to understand how Ghidra works when binaries are not written directly in C, and use an alternative route to decompile the binary.

Flag

flag{written_in_python_rev_in_c}

Solution

This isn't the most important of challenges but gives insight into how Ghidra isn't perfect. It also shows what happens if a binary is stripped.

BLUF: This challenge was not written in C. This challenge was designed in Python and converted into an executable.

If you run file on the binary, you notice the binary is stripped. This means all function names and symbols are removed from the binary. You'll see this when you open Ghidra; all the function names are FUN_<addr> based on their location addr in memory.

We search for a Python decompiler and find . This extracts Python bytecode files from the executable. Then, we need to extract the Python code from the bytecode. We can do this using or .

Once this is done, we'll have source code with an encode() function. Reversing this on the output prints out the flag.

pyinstxtractor
uncompyle6
decompyle3
6MB
snake.zip
archive