Hey CryptoCat Nice way of reverse engineering 😊 Can u pls make videos on Encryption (RC4, AES & RSA etc.) Ctf Style challenges. If already covered in this Chanel pls provide with playlist, highly appreciat it. thx u
hey, thanks for the feedback 😊 i've done videos for most of the HackTheBox crypto challenges already (ua-cam.com/video/D0x7yjP0do4/v-deo.html ). it's not my area of speciality but your request for more crypto challenges has certainly been noted 😉
Thank you. Also, I'm also a bit confused about the address. The address is relative address since we have PIE enabled, correct? The address is 1 byte (e.g., 0x00101525). Why is the address split in half, the last 4 digits used as offset is my main confusion. If the address was 0x00001525 (the first 4 zeros), I believe we could drop the zeros. In case all addresses were not in range 0x0010- how do we know how to proceed. Or does every program have the same starting addresses like this?
@@heinhtetwin9057 The address is relative regardless of whether PIE is enabled, e.g. the offset from the base to that instruction will always be 0x1525, but it's only important to us when PIE is enabled since we need to find the base in order to calculate the actual address. The 0x0010 will be the programs header so I guess PwnDbg detects that automatically when calculating 🙂
![Ransom [easy]: HackTheBox Reversing Challenge (decrypt excel document)](http://i.ytimg.com/vi/7ev6Iq4gpTE/mqdefault.jpg)
![Ransom [easy]: HackTheBox Reversing Challenge (decrypt excel document)](/img/tr.png)
![IRCWare [easy]: HackTheBox Reversing Challenge (mapping syscalls)](http://i.ytimg.com/vi/V2salQtsVkc/mqdefault.jpg)
Very nice video. Love how smooth the video was with no transitions / cuts. You've got a new sub :)
Thank you and welcome 🥰
Solved this chall in GDB but came back here to see your patching approach. Thanks a lot once again :)
Awesome, TY 💜
Just brilliant!
I learned so much, thx
Amazing video, you made patching easier to do, thanks!
Great stuff, love this series!
thank you mate 🥰
This is awesome!
thanks mate 🥰
Many thanks. I learned a lot ;)
awesome!! thank you 🥰
These videos are like gems to me found recently
Thank you, glad you are enjoying 😊
Could you make video about ghidra walkthrough with some basic REM analysis...
hey, thanks for the suggestion! a new malware analysis series is definitely on the TODO list. however.. it's a very long list 😅
@@_CryptoCat happy to hear that.. can't wait to see..👍
@@_CryptoCat thqnks alot!
Hey CryptoCat
Nice way of reverse engineering 😊
Can u pls make videos on Encryption (RC4, AES & RSA etc.) Ctf Style challenges. If already covered in this Chanel pls provide with playlist, highly appreciat it. thx u
hey, thanks for the feedback 😊 i've done videos for most of the HackTheBox crypto challenges already (ua-cam.com/video/D0x7yjP0do4/v-deo.html ). it's not my area of speciality but your request for more crypto challenges has certainly been noted 😉
@@_CryptoCat I will go through it. Thx u for considering the request..🙏
When calculating offset, why is it piebase 0x1525 but not 0x00101525?
good question! presumably all of the address are in the 0x0010- range, so you don't need to provide it 🤔
What do you mean? I tried it with the full address, it returned could not calculate VA (virtual address?).
@@heinhtetwin9057 piebase takes the RVA offset and gives you the VA - browserpwndbg.readthedocs.io/en/docs/commands/procinfo/piebase
Thank you. Also, I'm also a bit confused about the address. The address is relative address since we have PIE enabled, correct? The address is 1 byte (e.g., 0x00101525). Why is the address split in half, the last 4 digits used as offset is my main confusion. If the address was 0x00001525 (the first 4 zeros), I believe we could drop the zeros. In case all addresses were not in range 0x0010- how do we know how to proceed. Or does every program have the same starting addresses like this?
@@heinhtetwin9057 The address is relative regardless of whether PIE is enabled, e.g. the offset from the base to that instruction will always be 0x1525, but it's only important to us when PIE is enabled since we need to find the base in order to calculate the actual address. The 0x0010 will be the programs header so I guess PwnDbg detects that automatically when calculating 🙂