All Writeups

Comprehensive collection of CTF challenges, solutions, and insights.

Filter by category:
All Web (16) Meta (3) Reverse Engineering (9) Crypto (15) JWT (5) Forensics (7) Network (12) Misc (7) Pentest (1)

Filter by tag:
All Tags Raptor-Weekly (14) ECHELON (12) ctf (3) retrospective (3) overview (3) DEADROP (37) WHAMazon! (23) pcap (13) base64 (10) network (10)
2026-03-01 Reverse Engineering Insane

DEADROP Rev 6 - UNIT7

A VM-within-a-VM. An outer stack machine prints the banner. An inner register machine (UNIT7-LANG) runs two chained programs, program 1 computes the passphrase via a cross-register dependency chain, program 2 uses that state to compute and print the flag. No ciphertext stored, no flag wrapper, no shortcut.

rev vm custom-isa register-machine
2026-03-01 Reverse Engineering Hard

DEADROP Rev 5 - Drone Firmware

A drone firmware binary with a constraint-based authentication system. Reverse the validation logic, model it as a constraint satisfaction problem, and use Z3 to solve for the correct input automatically.

rev z3 smt constraint-solving
2026-03-01 Reverse Engineering Hard

DEADROP Rev 4 - VM Executor

A custom stack-based VM interpreter provided without its bytecode. The bytecode that prints the flag is embedded inside the executor itself. Reverse the ISA, extract the embedded bytecode from .rodata, and either run it or trace the arithmetic manually.

rev vm custom-isa bytecode
2026-03-01 Reverse Engineering Medium

DEADROP Rev 3 - asset_tracker

A Windows PE with two anti-debug gates, IsDebuggerPresent and PEB NtGlobalFlag, protecting XOR-encoded flag fragments in .rodata. Patch or bypass the checks, then decode the three fragments with their respective keys.

rev windows pe anti-debug