Reverse Engineering Meets Smart Contracts: Exposing the Vulnerabilities Lurking Beneath

2025-04-24 | #category_vulnerability_research #topic_blockchains #topic_evm #topic_reverse_engineering #topic_vm #topic_web3

On July 30, 2023, a vulnerability in the Vyper compiler version v0.2.15’s re-entrancy guard allowed a re-entrance attack exploited Curve Finance Pools and $69M was stolen; after all refunds, the total loss is about $20M. I find this exploit interesting since it is undetectable at the pre-compiled/source code level (this is the tip of the iceberg anyway). The high-level problem was that the Vyper compiler’s re-entrance protection “promised” developers to handle the re-entrancy guard CORRECTLY, but it failed to do so. In this blog, I reverse engineered vulnerable contracts to demonstrate how the vulnerability can be automatically detected.

Continue reading 


Flare-On 11 Writeup: CATBERT - Cracking UEFI Ransomware Protected by VM-Based Obfuscation

2024-11-09 | #category_ctf #toic_vm_dispatcher #topic_decompiler #topic_disassembler #topic_flare_on_11 #topic_ida_flirt #topic_inline_assembly #topic_obfuscation #topic_qemu #topic_ransomware #topic_uefi #topic_vm

This challenge - CATBERT Ransomware - requires participants to analyze and reverse engineer a UEFI firmware, and defeat a Virtual Machine based obfuscation technique to retrieve decryption keys. This write-up walks you through the entire process and provides technical details on how to identify and analyze the VM dispatcher, write a disassemble, and leverage a x86 decompiler to enable a thorough examination of the VM code.

Continue reading 


Flare-On 11 Writeup: Web3 -Abusing Blockchains to Deliver (Malicious) Payloads

2024-11-09 | #category_ctf #topic_blockchains #topic_Ethererum #topic_evm #topic_flare_on_11 #topic_javascript #topic_obfuscation #topic_powershell #topic_web3

Blockchains has been abused by threat actors to deliver malicious payloads due to the decentralized nature, which makes it harder to monitor and regulate. This challenge highlights the need for enhanced security measures within blockchains ecosystems. I also tried to include some related resources in this blog if you are new to Ethereum blockchains and want to read further.

Continue reading 


Flare-On 11 Writeup: Fullspeed - Native Ahead Of Time .NET and ECDH Cryptanalysis

2024-11-09 | #category_ctf #topic_cryptanalysis #topic_diffie_hellman #topic_dot_net #topic_elliptic_curves #topic_flare_on_11 #topic_ida_flirt #topic_native_oat_dot_net

This challenge is indeed a .NET binary, but it is not a conventional .NET sample, so standard .NET decompilers will not be effective. I divided the challenge into three stages. The first stage focuses on reverse engineering a Native Ahead of Time (AOT) .NET binary. The second stage involves cryptanalysis of the Elliptic Curve Diffie–Hellman (ECDH) algorithm to recover the secret key. The final stage consists of extracting encrypted messages from captured data and performing a replay attack using the same secret key to recover an exfiltrated flag.

Continue reading 


Flare-On 11 Writeup: SSHD - Uncovering A Supply Chain Attack

2024-11-09 | #category_ctf #topic_core_dump #topic_emulation #topic_flare_on_11 #topic_forensic #topic_gdb #topic_shellcode #topic_supply_chain_attack #topic_unicorn

The challenge prompt contains some important keywords that help you know where to start: sshd, crashed, stole. By combining these key terms, you can quickly identify the main task in this challenge: Investigate a core dump of sshd from a file system to see what happened and what data (flag) was stolen.

Continue reading 


Writing Windows Shellcode to Spawn a Process: Explained

2024-03-15 | #category_shellcode #topic_pe_header #topic_peb #topic_stack_string #topic_teb #topic_windows_internals #topic_x86

The name shellcode came from its original use to spawn a system shell in exploits after attackers successfully exploit vulnerabilities in software and redirect execution to the injected code. In general, a shellcode is a set of instructions that can be loaded and executed at any memory address (i.e. Position-independent code). Therefore, it cannot contain hard-coded addresses and must use reliable techniques to load or resolve addresses of the APIs/functions it needs.

Continue reading 


Hello World in x86

2024-02-01 | #category_assembly #topic_calling_convention #topic_decompiler #topic_inline_assembly #topic_machine_code #topic_stack #topic_stack_string #topic_x86

Hello, World!

Programming is one of the most important skills in computer science. Typically, beginners take their first step into a new programming language by writing the iconic “Hello, World!” program. To maintain this tradition and encourage beginners to establish a strong foundation for their future work, my first blog post will be about a “Hello, World!” program, this time written in x86 assembly.

Continue reading 


Tagging Conventions Used in This Blog

2024-01-22 | #category_house_keeping

A “tag” is a keyword or label assigned to a post to categories it and make it easier to organise and search for. Tags help in classifying content based on its subject matter or key topics. Therefore, sharing my tagging strategy will help you navigate this blog and fully utilise its contents.

Continue reading 