ELF’s Story Part4: ELF’s Structure: ELF Sections

1- ELF Sections In the previous part I talked about ELF Section headers.Now you are familiar with section headers and you saw that the section headers table has a special structure. Sections contain all information that needed for linking a target object file in order to build a working executable.But the sections haven’t any special […]

ELF’s Story Part3: ELF’s Structure: ELF Section Headers

1-Introduction Are you ready to delve deeper into the world of ELF files? In my previous part, I discussed the critical role of the ELF header in locating different parts of the file. Today, I want to share with you some exciting information about the ELF Section Headers. These headers serve as descriptors for various […]

ELF’s Story Part2: ELF’s Structure: ELF Header

1-Introduction In the previous part of this story, we learned about compilation, linking, and how a linker works. In this part, I would like to discuss the ELF (Executable and Linkable Format) structure and the elements that make up an ELF file. An ELF file is not just a binary code that executes on a […]

CVE-2023-38831: WinRAR Bug Or Windows Feature? In-Depth Analysis of Winrar CVE-2023-38831 Vulnerability

winrar CVE-2023-38831 vulnerability: Hi again,In the recent week, we saw that a new vulnerability was published by Group-IB from Winrar.I decided to analyze it in detail and find out why this type of vulnerability which is very very simple, should occur in such essential software like Winrar.At first look, I thought that this vulnerability was […]

ELF’s Story Part1: How is an ELF create

1- Introduction Hello guys I’m back with a new series of blog posts.Last year I focused on Linux binaries. I read a lot about ELF files, How they compile, and how load in memory and run. So I decided to write my experiences in some blog posts and named it ELF’s story. But this is […]


break Assets: First Section: Static Analysis This challenge is a very hard one. You have a Linux ELF file that uses many anti-debugging techniques that don’t let you debug and analyze it easily.The file is x86 ELF and when you run it, shows you a prompt to enter a password.OK, when you open it in […]


9-crackstaller Assets: First section: The hard challenges starts at the moment. This file is a executable file that at the first glance, we see the .data section is encrypted. So we have a file that probably is packed. Ok let’s run it in a VM to observe its behavior. I use a Windows7-x64 as guest […]


8-ttt2 Assets: This is special challenge which is uses the new feature of Windows 10, WSL. The WSL is an embedded Linux OS in the windows that lets you to run the Linux files in it. For more info read this OK at first, I run the ttt2.exe file and it shows me an error […]


7-re_crowd Assets: First Section: This challenge is just a PCAP file. At the first place open it in the Wireshark, we see some HTTP GET requests and responses. For extracting the content of that webpage, Open it in the NetworkMiner software to extract the content of this pcap file. To import the dump to NetworkMiner, […]


6-codeit Assets: At first glance it is a UPX packed exe file. Unpack it with UPX and we see that file doesn’t run.This is a trick for Anti-unpacking. The malware author used some Hardcoded address in the malware code which if you unpack the malware, the unpacked version overwrites those addresses, and the unpacked malware […]


5-TKApp Assets: This is very simple. Just you don’t fooling with its name.The file is a TPK file that is a zip file which contains some dlls that unpack and run under a Linux with .NetFramework().like apk files.The platform is a popular OS for smart watchs and wearable devices. You can download the emulator and […]


4-report Assets: First Section: This is a VisualBasic Macro that stored in a Excel file.When opening the VBS script in VisaulBasic, I see it has a form(F) which stores two long string values in a textbox and a label object. Also the script has a Sheet1 file that in it, is the code of the […]


3-Wednesday Assets: This is a score game and you must get a specific score at this game so that it shows you the flag.After debugging the code, I saw that strings Score and High Score in the screen of game. Searched them in the memory of the file and find the address of them. I […]


2-garbage Assets: First Section: When we run the exe file, we see an error message from windows, that this file is invalid or something else.When we open file in a hex-editor, at the end of file we see that the Manifestxml which windows uses to run the program, is corrupted.The file is packed with UPX. […]


1-Fidler Assets: First Part: This is very simple. When you run the fidler.exe file, it shows a password box. The password checker function is simple. copy the password_check() in a new file run it with Python and print the ‘key’ value: “ghost”. def password_check(input): altered_key = ‘hiptu’ key = ”.join([chr(ord(x) – 1) for x in […]


This year I started the Flareon2020 challenge a week late but I could finish it.The number of challenges was less than last year, but was harder. I ranked 359 in the scoreboard in this year. not bad 😀 .I wrote a short and simple of my write-ups for the challenges in this repo. Also I […]

Binary Instrumentation-Part1

به نام خدا با سلام. تصمیم گرفتم که یک مجموعه ای تهیه کنم که بتونم مفاهیم  Binary Instrumentation رو به زبان فارسی توضیح بدم و بتونم یه منبعی برای این بحث توی سایتهای فارسی زبان داشته باشم. البته خب من سعی کردم توی این مجموعه جوری بنویسیم که مفاهیم تغییری درش ایجاد نشه و مطلب […]


سلام در این قسمت از پست ها در خدمتتون هستم برای آموزش نحوه آنالیز فایلهای اجرایی باینری که با پایتون نوشته شده اند. همونجور که میدونید پایتون یک زبان مفسری هست که خب به خاطر سادگی و دارا بودن کتابخونه های زیاد و متنوع، محبوبیت بالایی داره. حالا اخیرا یه سری بدافزار هم با این […]


سلام در ادامه پست های مسابقه flareon2019 رسیدیم به مرحله ششم که خب سخت تر از مراحل قبل هست. در این مرحله به یکی از مباحث جالب رمزنگاری به نام steganography. از این تکنیک برای مخفی سازی داده ها در محتوای عکس ها استفاده میشود به گونه ای که بدون تغییر در محتوای عکس، یک دیتای […]


با سلام خدمت دوستان. همونطور که قول داده بودم، این هفته میخوام مرحله 5 ام رو براتون حل کنم. این چالش طبیعتا از مراحل قبلی سخت‌تره و اینکه شما توی این چالش با یه فایل native روبرو می‌شید که باید بتونید با تکنیک های دیباگ و تحلیل روند اجرای برنامه، رمز عبور رو پیدا کنید. […]


به نام خدا با سلام خدمت دوستان. خب فرصتی پیش اومد که بتونم مرحله چهارم مسابقه رو براتون حل کنم و توضیح بدم. من قول داده بودم هفته ای دوتا چالش رو بزارم ولی خب متاسفانه با توجه به شرایط کاری و کمبود وقت و با توجه به اینکه پیچیدگی مراحل داره بیشتر میشه، نشد […]


به نام خدا با سلام خدمت دوستان. خداروشکر فرصتی دیگه پیدا شد که مرحله سوم مسابقه رو در خدمتتون باشم. همونطور که توی پست اول گفتم این چالش مرحله به مرحله جلوتر میره و هر مرحله نسبت به قبل سخت‌تر میشه. ما تا الان توی دوتا مرحله قبلی، تونستیم نحوه ریورس کردن فایلهای .Net و […]


با سلام مجدد خدمت دوستان. تمام تلاشم رو کردم که بتونم این مرحله دوم رو به موقع برسونم اگه جاییش نامفهومه ببخشید و اینکه میتونید توی لینکی که اخر پست میزارم سوالاتتون رو بپرسید. خب توی این پست قراره که چالش شماره 2 رو خدمت دوستان حل کنم. این چالش با چالش قبلی فرقش این […]


به نام خدا در این مجموعه از پست ها قراره که CTF جدیدی که شرکت امنیتی Flare همین هفته پیش برگزار کرد رو خدمت دوستان مرحله به مرحله حل کنیم. این دوره از مسابقات که به صورت آنلاین سالانه برگزار میشه جزو معتبرترین مسابقات در حوزه مهندسی معکوس و تحلیل بدافزار هست. هدف من از این کار […]