Writeups

Use meet-in-the-middle attack. ```python from Crypto.Cipher import AES import hashlib [Read More]

rev1 Open the binary using IDA. It is 32bit executable. int __cdecl main(int argc, const char **argv, const char **envp){ v30 = fopen("data", "rb"); v29 = operator new[](0x3Cu); for ( i = 0; i <= 14; ++i ) *(_DWORD *)(4 * i + v29) = operator new[](0x1000u); for ( j... [Read More]

Move or Not use IDA to decompile it. ```c __int64 __fastcall main(__int64 a1, char **a2, char **a3) { int v4; // [rsp+8h] [rbp-38h] int i; // [rsp+Ch] [rbp-34h] char s2; // [rsp+10h] [rbp-30h] unsigned __int64 v7; // [rsp+38h] [rbp-8h] [Read More]

In chrome developer tool, I can see it use WASM(WebAssembly.) The page’s script is like this: const wabtCompiler = WabtModule(); async function loadText(url) { let response = await fetch(url, {cache: "no-cache"}); let data = await response.text() return data; } methods: { async selectExample(example) { const wat = await Promise.all(loadText(example +... [Read More]

In zip file, it contain 3 file with smali extend. It can easily convert to java bytecode. In MainActivity$1.smali, I can find main logic of username and password. [Read More]

When I excute the file and attack debugger to it, I can find it was written by python. So I use python-exe-unpacker. There are so many package, but main logic is in emco file. emco has no signatue and extended, but I can simply read it by add signature on... [Read More]