3 posts in archive

Reversing Windows 7 BSoD display

04 Nov 2016 by Quentin - Technical - Axion BSoD Reverse Engineering Reven

In this post we’ll try to reverse Windows 7 BSoD using REVEN Axion in order to generate an image from memory and port accesses. Find which video mode is used As a first step, we will need to know which [video mode][wiki-output-caps] is used by the BSoD. To achieve this...

Unfolding obfuscated code with Reven (part 1, full write-up)

01 Nov 2016 by tdta - Technical - Reverse Engineering Deobfuscation ctf

In this article, we present a reverse engineering task performed using Reven. This is the full write-up corresponding to a first overview published in October. The binary examined here is F4b_XOR_W4kfu, the challenge scoring the highest number of points over all categories (cryptography, exploit, reverse engineering, etc.) in Grehack 2015’s...

Unfolding obfuscated code (part 1)

01 Oct 2016 by tdta, Fred, Mathieu, Benoit - Technical - Reverse Engineering Deobfuscation ctf Reven

This article is the first one in a series of two. We present an overview of some reverse engineering capabilities of REVEN-Axion, applied to a publicly available challenge, namely F4b_XOR_W4kfu, the most valued at Grehack 2015’s CTF contest (500 points). A more detailed write-up will be published soon for those interested....