Jesko HüttenhainOct 14, 2023
I finished #FlareOn10! My goal is to redo all challenges over the next weeks to figure out the most elegant and purely static solution using #BinaryRefinery [1]. The CTF did already inspire some updates in the most recent version 0.6.14: (🧵)
[1] https://github.com/binref/refinery/
GitHub - binref/refinery: High Octane Triage Analysis

High Octane Triage Analysis. Contribute to binref/refinery development by creating an account on GitHub.

GitHub
Show threadJesko HüttenhainOct 14, 2023
The units "ngrams" and "bruteforce" can be used to do rudimentary brute forcing. The latter is a #FlareOn10 product, but the former came about when I was too lazy to find the 8-byte RC4 key for a #BruteRatel badger config in a memdump. Trying all 8-grams is surprisingly feasible!
Show threadJesko HüttenhainOct 14, 2023
The chacha and salsa units can be given 64-byte "keys" which represent the entire state matrix. This is super useful for modified implementations of the Latin dance ciphers.
Show threadJesko HüttenhainOct 14, 2023
I put a lot more love into the "vstack" unit which can now also emulate shellcode blobs, skip calls entirely, and allows you to set the initial value of certain registers via environment variables.
Show threadJesko Hüttenhain
The trim unit now has a flag to remove padding, i.e. trim a repeating sequence where the last occurrence is incomplete. See the attached image for why that was a really important feature 😎.
Oct 14, 2023 at 9:53amWeb