
I’ll figure out which files it tries to encrypt, and then understand how it generates a random key for ChaCha20, then encrypts that key using RSA and attaches it. The given binary for encryptor is a fake ransomware sample. There’s no real reversing involved, but rather reading what is available from reading resources with Super ResEdit, a tool for reversing these old Mac application.įlare-on ctf flare-on-encryptor reverse-engineering crypto ransomware youtube ghidra rsa chacha20 cyberchef 圆4dbg python Nur geträumt is mostly a challenge about getting an old Mac disk image running in an emulator, and then poking around to get enough clues to solve a trivia problem. I’ll also show how to hook the crypt Python library to read the flag as it’s being encrypted.įlare-on ctf flare-on-nur-getraumt mac mini-vmac emulation super-resedit I’ll first solve it by holding open that web request and dumping the process memeory to find the flag in plaintext.

The binary makes an HTTP request with an encrypted flag. The challenge that shall not be named is a Windows executable generated with PyArmor, a tool that aims to create unreversible binarys from Python. Flare-On 2022: The challenge that shall not be namedįlare-on ctf flare-on-the-challenge-that-shall-not-be-named reverse-engineering memory-dump pyinstaller pyarmor pyinstxtractor uncompyle6 pyarmor-unpacker hook python
