>/Writeups $

First Part Look at the files After downloading and unzipping the archive there’s only one APK inside, so I launched it on an Android emulator and also opened the APK in JADX-GUI for static analysis. Not much to see in the UI at first glance. There’s a discount code field that’s likely the...

First Part Look at the files There isn’t much to look at it’s a single apk file, so we need an Android emulator to run it. I used BlueStacks. The app is simple: one input field and a submit button. The goal is obvious: find the valid code to unlock the flag! This is where the reverse...

First Part Look at the files │>sweet treet │ cookiejar │ directory.db │ docker-compose.yml │ Dockerfile │ README.md │ └───webapp │ edit_profile.jsp │ index.jsp │ login.jsp │ logout.jsp │ register.jsp │ styles.css │ └───admin │ admin-review.jsp │ admin.jsp Run the app As you can see, everything...

What is this task even about? I started this challenge by taking a look at Discord, as part of my team had already begun working on it. My first glance at the provided charts led me to think -> 2 charts are probably UART or I2C to be decoded. Identifying protocol A quick look at the provided...

Who called this 'guessy'? This task wasn't very 'guessy' for me because as soon as I opened the included audio recording, I recognized those distinctive sounds. Not long ago, a clip titled "Two AI Agents Start Talking in a Different Language with Each Other" was viral online, with news sites...

Let's play Ok, so we run the provided game and see some NPC. Let's talk to him: Oh, looks like he won't talk to us unless we pay him. Luckily, there was a bank next to him—great! Unfortunately, this bank has only 1000 cash, but it's not a problem as long as we are hackers... ...

First Part Look at the files │>PHISH_MARKET │ docker-compose.yml │ start.sh │ ├───market │ Dockerfile │ market │ wait-for-it.sh │ └───mysql Dockerfile init-db.sql As you may have noticed, there are 2 Docker containers: one with a MySQL database and another...

First Part Well, since the description was rather brief, we can't learn much from it. Therefore, it's a good practice to start examining the application by running the command: strings program.ext in Linux to see what ASCII strings are stored in the application. On Windows, there are desktop...

Get Familiar with the Task I assume you've already read the description and noticed that the flag in this challenge resembles a familiar Base64 encoding. However, after decoding it, you see what looks like a series of random bits: Q††Ð¤~“ĦZƒòÕöï!益§.§ä>îÓF7­Oþ²ë†Y+æèZs¶ ·¨2 [MQ™ìüF ¬ This...

Get Familiar with the Task In the first step, you have to figure out what the main task in this challenge is. As you may see, there is a text input form that updates the textContent depending on a strange-looking if statement. If you can manage to make this if statement evaluate to true, you'll...

First Part Figure out what the real task of the challenge is. The Hardware Part Based on the given schematic, we have an RPI2040 controller connected to another mysterious chip via the I2C bus. After a quick search on Google to find out what the M24C02-WMN is, I discovered it’s an EEPROM memory....