John Pierce

. CISSP, SLAE, Security+

PANW CTF Labyrenth Unix Track Challenge 3

Bird's-eye view of flow control graph from IDAfree



Got an ELF-32 (woohoo! working in Linux for a bit) called odd8.  It draws a cat and then says illegal instruction.

Opened it up in IDA and got:

The graph is too big (more than 1000 nodes) to be displayed on the screen.
Switching to text mode.
(you can change this limit in the graph options dialog)

Dang.  Got an illegal instruction right at the start when I ran the code in IDA too.  

strace -e ./odd8
strace: invalid system call './odd8'

No joy there.  Tried outputting to a file to review what was written, but couldn't do it.  0 bytes after illegal instruction.
Try copying the screen data to a file.

I ran strings odd8 -n 9 and found this of interest: repsych.asm

Searched for repsych.asm and found:

It's a code obfuscator described as:

The REpsych toolset is a proof-of-concept illustrating the generation of images through a program's control flow graph (CFG).

The process used to generate the proper control flow is outlined in the DEF CON presentation.

Although there is no specific point to the project (other than to show that it can be done), possible (non-serious) applications are outlined in the presentation.

The program works reliably with all tested versions of the IDA Pro reverse engineering tool, and semi-reliably with other CFG viewers (Hopper, BinNavi, radare2, etc).

After reading a bit, it looks like I need to open the file in IDA and raise my limit on the graph nodes to display a picture.  I did that and looked at a graph view. 

It just took some time to make out that it says PAN{Planet_Earth_iZ_blue_N_theres_nothing_U_can_do}

Most Recent Articles

First bit::

This is a writeup of the format string vulnerability in level 4 of the 64bitprimer VM from vulnhu

First bit::

Installation of the software to make a yubikey 4 work in FIDO U2F mode on Debian Jessie i386

First bit::

Lesson(s) learned

First bit::

This one stumped me. Overall, it was a great competition for me as I got to learn a whole lot of new things. I had never worked on a Mac, other than as a user, had never used Hopper, lldb or any of the other tools for reversing on a Mac, and haven't got any experience in the Objective C/Swift framework.

First bit::

4 rounds, lots of debugging


Categories: Network security, Videos
First bit::

Explains the workings of a DMZ, walks through setting up and testing of a DMZ in a virtual machine lab environment

Categories: Network security, Videos
First bit::

In this video I go through the process of setting up an SSH tunnel to hide an IP and also setting

Categories: Exploits, Videos
First bit::

Useful for someone who is interested in what a buffer overflow is. Does not go into the details of development, just explains generally and demonstrates the use of one.

Categories: Exploits, Videos
First bit::

a demonstration of a vulnerability discovered and published by Muts in 2004, exploited on a Windows XP SP3 machine using Python, Immunity Debugger, and Metasploit.

Categories: Network security, Videos
First bit::

In this video I demo some simple iptables rules and show them how to perform network traffic analysis to test them out.