>/Posts/[1:6]/19 $

## The Second Task Continuing the series, let's check what's inside the second task.  So now we can search for "**Invalid Header**". And there is exactly one hit! This message is shown when the condition involving the *parapet* function fails. ...

## What is even this task about? Ok, so last time we ended up with some bunch of weird looking bytes; > 00 00 00 00 0e 05 13 07 36 0f 37 69 22 27 3f 65 2e 20 36 69 2f 3b 3f 24 26 61 2c 21 24 3a 7b 65 7d 39 6a 79 7d 79 6a 38 4d  Attempt to **SOLVE**...

## What's that? Because I need to practice my skills in IoT and physical security of electronic devices, I decided to buy the Sword of Secrets hardware crypto CTF kit, which recently arrived. If you don't know what that is, don't worry you haven't missed anything important. In this post I'll...

## Introduction Quite a few of my posts focus on solving challenges involving reverse engineering of mobile applications from CTF competitions. Although in one of my previous posts I briefly described how to approach this topic, I'd like to cover it more extensively here, highlighting...

# First Part ## Recon To be honest we don't have much to see there. It's simple login form shown on the screenshot below:  And we don't have any credentials attached to this task so I assumed it's a SQLi kind of a task and tried some basic payloads as input. ![2](...

# First Part ## Look at the files After downloading and unzipping the archive there’s only one APK inside, so I launched it on an Android emulator and also opened the APK in JADX-GUI for static analysis.  Not much to see in the UI at first glance. ![2](./images/2...