2 posts in archive

Reversing DirtyC0W

10 Sep 2017 by Fred - Technical - Reverse Engineering Kernel Race-condition Reven

Everybody keeps in mind the Dirtyc0w Linux kernel bug. For those who don’t, take some time to refresh your memory here. The kernel race condition is triggered from user-space and can easily lead a random local user to write into any root owned file. In this article, we will demonstrate...

Unfolding obfuscated code with Reven (part 2)

25 Jan 2017 by tdta - Technical - Reverse Engineering Deobfuscation ctf Reven

Last time, by abstracting the runtime effect of the first virtual machine, we have reduced the challenge to a simpler but semantically equivalent program. Its control flow graph has a unique entry point as the basic block starting at 0x402048, whereas ones at 0x4023d4 and at 0x40266e are exit points...