You can safely skip this section if you know what a side-channel is.Ī side-channel is basically a somewhat obscure and somewhat hidden weak source of information about an observed process. * Other flavors include: 1) not providing the VM binary, but providing network access to some "system" running on it where you can run bytecode you provide and observe results 2) not providing the VM binary this hard-core sub-genre is rare and requires players to determine opcode encoding by just looking at unknown bytecode, which they can't even execute 3) instead of a flag checker you get something that writes out the flag, but it takes literal years to write it out - so it's a typical "optimize me". This post is a semi-complete write-up of a side-channel based solution for the aforementioned task. Sometimes however you can take a shortcut. ![]() ![]() The typical approach to these kind of challenges is to reverse the binary and "look" at the bytecode enough to understand the opcode format and write at least a disassembler (and ideally reimplement the VM in Python), and then to analyze what's going on in the bytecode itself. This was the case for the More Control task from Byte Bandits CTF 2023 – the task this entry is about. ![]() There are several flavors to this*, but the most common one is to implement a custom VM in a compiled language and provide it together with bytecode of a flag checker. A pretty common reverse-engineering CTF challenge genre for the hard/very-hard bucket are virtual machines.
0 Comments
Leave a Reply. |