Google CTF - BEGINNER Reverse Engineering w/ ANGR

Поділитися
Вставка
  • Опубліковано 24 гру 2024

КОМЕНТАРІ • 227

  • @letsgocamping88
    @letsgocamping88 4 роки тому +618

    Often the best way for the student to learn is when the teacher is learning too.

    • @gaganpoojary8135
      @gaganpoojary8135 4 роки тому +1

      Well Said

    • @thengakola6217
      @thengakola6217 4 роки тому +2

      true....

    • @osxgamer7745
      @osxgamer7745 4 роки тому +7

      i agree, also thanks to Mr.John, the way he describe things is attractive ( if that the word ) and i like it.

    • @AnalogDude_
      @AnalogDude_ 4 роки тому

      i agree

    • @enos5192
      @enos5192 4 роки тому

      Absolutely riwt

  • @TheBoringInvestorMan
    @TheBoringInvestorMan 3 роки тому +44

    Most youtubers within the first 30 seconds of their videos = begging for likes and subs, John being genuine and honest "I couldn't do it and I had to look at the write up". I seriously appreciate people like you who are open and despite the fact that you've been doing this for 5+ years you are still learning and encouraging people to keep going by doing so. I realise this is an old video but I hope you know it still has a positive impact on people who are looking to get into this and start their journey into the complex world of security.

  • @DevLPful
    @DevLPful 4 роки тому +37

    This is way better than reading a writeup

  • @harmtech3502
    @harmtech3502 4 роки тому +35

    DUDE JUST KEEEEEEP GOING ! best cybersec channel seriously, freaking love watching you do a CTF, i personally learned a lot from you, thanks a lot !

    • @stackspace
      @stackspace 4 роки тому +4

      What an amazingly kind and positive comment. I’m not even John, but thank you for posting this!

  • @gaganpoojary8135
    @gaganpoojary8135 4 роки тому +141

    John Hammond,TheCyberMentor,Hackersploit,ippsec.
    Beginner community is in love with u guys❤️

  • @mossdem
    @mossdem 3 роки тому +20

    Recent subscriber but I wanted to just compliment you on how well you talk us through your videos and what it is you're actually up to! As a beginner, in almost every possible avenue, understanding is quite difficult sometimes without going away and doing my own research. Sometimes a 10 minute video turns into an hour with me trying to understand things. However, I came across your channel recently and wow. The way you break it down makes it so simple, so I don't necessarily need to understand all the syntax when you explain what its doing so well! Just a little thank you from you to me, you're definitely aiding my learning and re-motivating me to believe I can actually do this lol

  • @АлександрАфонин-я8щ
    @АлександрАфонин-я8щ 4 роки тому +13

    It feels like you underestimate the experience we go through while watching this:) It was cool, thanks for the video!

  • @JackofTradeApps
    @JackofTradeApps 3 роки тому +2

    I appreciate your transparency John! Everyone in this space is awkwardly trying to learn. Its nice to see that everyone doesn't just start at knowing it all. Practice still makes perfect.

  • @jonharper5919
    @jonharper5919 2 роки тому +1

    "Solved this with anger" probably describes most debugging/reverse engineering successes

  • @t_goldberger
    @t_goldberger 2 роки тому

    You learning on the go, is far from boring - I work now almost 12 years in the field (not ethical Hacking or the sort) however, it is good to see and learn from other how to navigate and lern. I try to get my feet wet with CTF's - Ethical Hacking - Pen-Testing and your videos are so motivating, you boil it down to the essence, never stop learning never stop poking and get your hands dirty! Learn from others and especially from your own mistakes!!! Love the content you put out there! It's so valuable!!!

  • @PalCan
    @PalCan 3 роки тому +2

    Also I love your wrap up summaries that summarize everything and just hammer the whole thing home. Thank you

  • @devonchin94
    @devonchin94 3 роки тому +2

    Though this video is a little old now, I want to highlight that seeing and understanding your learning *PROCESS* is just as valuable, if not more so, than learning directly from you like usual. Though, while still very important, understanding how someone may undergo their learning process differently from you can be extremely beneficial! Great stuff as always John, cheers!

  • @discordiangod
    @discordiangod 4 роки тому +42

    This man hanged out with liveoverflow during the google ctf..... You're so lucky :)

    • @ichigok2594
      @ichigok2594 4 роки тому +4

      gamerchunk1 yes. That challenge was badass :) overflow had to defuse a bomb 😇

    • @rabindra1337
      @rabindra1337 4 роки тому +11

      Or the opposite Liveoverflow being lucky.

    • @smellymomo
      @smellymomo 4 роки тому +7

      @@rabindra1337 I think Liveoverflow knows more stuff. Not saying that is a bad tging or anything

  • @arnabdas6528
    @arnabdas6528 3 роки тому +9

    just got this video recommended, read the name of the channel and thought for almost 10 minutes that if the creator of jurassic park is still alive and has opened a yt channel

  • @anonymousguy121277
    @anonymousguy121277 3 роки тому +1

    As a newbie to cyber security and Ctfs, I really enjoyed this video. Thanks John!

  • @MentoMoriMinis
    @MentoMoriMinis 2 роки тому

    So I'm new. Like I've got some IT experience but only in the last year have I really started my cybersecurity learning. And in the last month started doing ANYTHING with CTFs. And as discouraging as it is for me having to look things up, you being transparent about it is just encouraging. Thank you.

  • @daleryanaldover6545
    @daleryanaldover6545 3 роки тому +1

    When you said, "Most of em solve this with Angr". I felt that

  • @humanflybzzz4568
    @humanflybzzz4568 4 роки тому

    Gotta love the honesty. A lot of this low level binex stuff can shatter your self esteem when all you see is just the wins everywhere. It's good to see someone showing the learning process too

  • @TheFern2
    @TheFern2 3 роки тому

    Man idgaf if you're reading a writeup you still managed to make the video interesting and we all learned together. I like that you didn't copy and paste. Is a better experience imo than only one of us learning lol. Keep up the good work!

  • @tourpran
    @tourpran 4 роки тому +1

    As you said the best way to learn things are to learn from writeups. awesome channel this is.

  • @toplist2613
    @toplist2613 4 роки тому +124

    John I actually find watching you work through a problem you don’t know very very helpful. As a beginner It gives me an example of how to teach myself...? Does this make sense? Any way thank you my guy!

    • @mirroredname3389
      @mirroredname3389 4 роки тому +3

      I like how i can use bits i dont understand to develop other parts of my life. Abstract but calming and sometimes effective. Always begin.

    • @mirroredname3389
      @mirroredname3389 4 роки тому

      I mean even the basic concept of ANGR or Normal anger in real real life and basically running anger scenario and imagined results, effects and consequences of it. [address-failure or success] =x/x x2x but or No r- m:all
      It is just letting me do whatever this was.
      Talking at Top List even if he has asked No( )of it!
      Edit: I think it was correct to post even if it wrong at it. But philosophically I all ready know this, but still I add value to flag. I honor- it.
      -What i really meant to say was that I find it useful even if I will never write a Single code in my life.

  • @robertisaiah7673
    @robertisaiah7673 4 роки тому +10

    So educative.He makes hard things look easy. Your awesome John

  • @murrij
    @murrij 4 роки тому

    So rad. Dude you're awesome. Thanks for learning like most of us do and being brave enough to do do it on camera.
    Using angr in anger.

  • @Hythlodaeus69
    @Hythlodaeus69 3 роки тому +2

    These videos are so great. Knowing how to code would probably make them even better 😂

  • @ghost_cipher
    @ghost_cipher 4 роки тому +3

    Thank you for all the work you do and uploading this AWESOME content!!

  • @Nunn_the_wiser
    @Nunn_the_wiser 4 роки тому +5

    This is awesome John. Loving seeing the learning process, that in itself is so helpful.

  • @first-thoughtgiver-of-will2456
    @first-thoughtgiver-of-will2456 2 роки тому

    Thanks! I'm a seasoned dev and never used ltrace thanks I learned something!

  • @bretthaupt1019
    @bretthaupt1019 4 роки тому +4

    I think that having you walk though the learning experience is sometimes more beneficial than just a simple guide/walkthrough. It is definitely more in line with how things play out in reality; research and digging into documentation you are no familiar with.

  • @PB-eg2je
    @PB-eg2je 4 роки тому

    You make great videos. I hope you never stop making them.

  • @issussov
    @issussov 3 роки тому +1

    Love the step-by-step with thoughts and why!

  • @krzysztof-ws9og
    @krzysztof-ws9og 4 роки тому +6

    That is the only challange that I have ever solved, both during competition and after it
    And personally did it entirely by hand after checking what THREE assembly instructions which ghidra is decompiling as that mess are doing
    At least I have learned that x86_64 architecture has some 128 bit registers :D

    • @erickt2665
      @erickt2665 4 роки тому +1

      As a pretty new beginner, this seems a bit tough to solve on my own. Guess I need to familiarize myself better. Good job by the way!

  • @PAUL-007
    @PAUL-007 4 роки тому +4

    I tried as my first challenge in googleCTF as it has least points hours later end up banging my head understanding complicated register play , later reading how people doing with angr automatically solving easily genius man and later more banging my head, i cant solve this 50pts.

  • @Mr.Crrtss
    @Mr.Crrtss 2 роки тому

    Thanks, I am learning something new each video...

  • @andyh3970
    @andyh3970 2 роки тому

    Shoot from the hip my friend. It’s much more encouraging for beginners than breezily solving it with an air of feigned competence 😎

  • @puppe1977
    @puppe1977 4 роки тому +1

    From the documentation: factory - "It is not a factory in the java sense, it is merely a home for all the functions that produce new instances of important angr classes and should be sitting on Project."

  • @MrDexter049
    @MrDexter049 4 роки тому

    I love to watch u trying new methods to achieve the goal.

  • @GregL2
    @GregL2 4 роки тому

    Liked it.
    Thanks for showcasing this one. It was the problem I spent most time on and couldn't beat it. This technique will go away in the vault for next time.

  • @rickmedina6158
    @rickmedina6158 4 роки тому +1

    im really enjoying this. keep it coming John! I have been watching and learning from you since your powershell series updates and the originals you first put out. 👊

  • @sibyskaria6694
    @sibyskaria6694 4 роки тому

    Please keep making more videos love what you do and love to learn from you. Thank you so much John.

  • @crypx4506
    @crypx4506 3 роки тому

    That’s a nice video, interesting to see something challenging while learning. Good job at presenting!

  • @SV_Sangha
    @SV_Sangha 3 роки тому

    Wow...! I'm returning to programming after... uhm.... forever being away. This is really cool and helpful to look at what is available for tools, how to use and how to sleuth... impressive!

  • @robroy289
    @robroy289 2 роки тому

    As a complete, total noob, I'd like to hear you review what you might have done differently after getting a solution. What would you may e have done differently, was there a faster or easier path you could have taken? After the fact did you spot one or more hints or clues or indicators you didn't see until you had the complete picture? What might you have done differently? Please keep these coming!

  • @PalCan
    @PalCan 3 роки тому

    This is so helpful John. I appreciate you very much my man. Keep it up

  • @sirw369
    @sirw369 4 роки тому

    Thanks for sharing angr with us! Very insightful.

  • @Hotmustardgas20
    @Hotmustardgas20 4 роки тому +1

    This was very helpful. I need to learn more about reverse engineering myself

  • @Handskemager
    @Handskemager 3 роки тому

    POSIX is Portable Operating System Interface.
    Just in case anyone was wondering.

  • @KeithGriffiths
    @KeithGriffiths 3 роки тому

    John, your walkthroughs are really good. 🧐

  • @aurinator
    @aurinator 4 роки тому +1

    I'm reminded of SoftICE with this back in the day, and thank you for going through the process of obtaining the key - which was arguably the point - but, to save time in practice, I would have just changed the instruction from a JE (Jump Equal), to a JNE (Jump Not Equal), bypassing that branch entirely for every value but the originally-intended one, although that's admittedly not the point, and the process for obtaining the key is extremely informative, so thank you for putting it together. Brute-forcing is of course another approach too.

    • @tommasochiti4237
      @tommasochiti4237 4 роки тому +1

      Thought the same thing, but then I realized they wanted you to know the key and not just skip that block of code ehehe.

  • @gaurav1565
    @gaurav1565 4 роки тому

    Love this I hope you keep putting the Google ctf solutions out.

  • @iansugg3496
    @iansugg3496 3 роки тому

    I'm learning from like 3 of the professors on Shellphish!

  • @justingreen6561
    @justingreen6561 2 роки тому

    "i found most people were solving this through anger"
    always been the standard process at this house. lol

  • @jongalloway4104
    @jongalloway4104 4 роки тому

    I love your videos!!! It helps me to understand better ways to think through things

  • @thedonsky5092
    @thedonsky5092 4 роки тому

    So above my head

  • @osxgamer7745
    @osxgamer7745 4 роки тому +14

    37:53 i love it, no shame when learning, otherwise we would be cave pepole.

  • @SzaboB33
    @SzaboB33 Рік тому +1

    - they are trying to solve it with anger.
    me: ohh, im familiar with that!
    - ANGR
    - ohh

  • @BrainFood155
    @BrainFood155 4 роки тому +2

    You can also create the whole flag string with `flag = claripy.BVS('flag', 8*FLAGLEN)` and you can add constraings with `state.add_constraints(f >= ord('!'))` etc...
    "unicorn", based on my research, is when you're running on the same architecture and OS as the binary. It's supposed to make the loading faster.
    I've just started playing around with angr with crackmes based on these writeups and I've found that it's really hit-or-miss. I can't get it to work with certain strategies. Sometimes an `.explore()` works and sometimes it fails but a `.run()` works which shouldn't be the case...
    I tried to do it in the "analyze" way where I tried to reverse the pshufb too.. That sucked. It's difficult for me to understand the ASM instructions especially when they're in the newer instruction sets

  • @MrJCollector
    @MrJCollector 4 роки тому

    Really love how these google CTFs writeups are going. It is one thing to watch the videos where the answer is given straight forward but it's another seeing the thought process of John and really going through the steps that i will go through during a CTF and hitting road blocks! Really enjoyed it!

  • @PeterVanHertum
    @PeterVanHertum 3 роки тому +1

    when I'm researching some techniques in coding, I just use a lot of print()'s and just try and see what it gives, like every couple of new lines and ideas, like when you're trying to explain us what it is putting in "flag" and "flag_chars". Why not just print it ? Then we will directly see what it looks like. I can't grasp why people want to write the whole program first and only see results at the very end.

  • @LaurentLaborde
    @LaurentLaborde 3 роки тому

    7:30 : there is a bunch of XOR there. my random guess (ps : you should read the asm code instead of the decompiled C, it would be easier) is that part (or all) of our input is used in the XOR and that would explain why the strcmp in ltrace is invalid garbage

  • @sylvesterrac3792
    @sylvesterrac3792 4 роки тому +1

    Thank you for the videos. You're an excellent teacher. I'm learning so much from you. I agree the way angr found the solution so quickly is some "dark magic". I'm also wondering what practical use cases such a tool might have.

  • @shiiswii4136
    @shiiswii4136 2 роки тому

    ur a beast i love these videos

  • @danieldaszkiewicz7313
    @danieldaszkiewicz7313 4 роки тому

    Great video, angr looks really cool!

  • @P-G-77
    @P-G-77 Рік тому

    Juicy work done...

  • @richardblackhound1246
    @richardblackhound1246 3 роки тому +5

    "Beginner Reverse Engineering" - Expert hacker himself wasn't able to solve it, lol. Yeah so what chance have we got?!

  • @lucha6262
    @lucha6262 4 роки тому

    This was super clear! Thanks so much!

  • @AdamTheGuitarist
    @AdamTheGuitarist 4 роки тому +12

    "good, let that angr flow through you"

  • @jason54953
    @jason54953 4 роки тому

    Great video. Thank you. When you said you will use angr I thought you meant anger. lol

  • @blackjack4494
    @blackjack4494 4 роки тому +1

    I haven't read what they want. But I would have simply changed the jump address to the Success one. Just like when you crack a program to skip activation (checks).

  • @hdclips501
    @hdclips501 3 роки тому

    its really best to learn it this way thanks for this

  • @INTJames
    @INTJames Рік тому

    I wonder how the flag length was determined that seems like it would be a very important variable. Could always trial and error but maybe find it in ghidra somewhere

  • @piranime
    @piranime 4 роки тому

    I love reverse enginering videos

  • @c0dine67
    @c0dine67 4 роки тому +1

    All of us screaming "Prog is not defined!!!!!"
    Damn I missed half the video over that

    • @helcostr
      @helcostr 3 роки тому

      Oh he is not copying and pasting so he can learn and just incase he uses different variables... i see
      (John immediately types prog)
      Oh... ok... his brain does the most perfect copy paste.

  • @th3g3ntl3man6
    @th3g3ntl3man6 4 роки тому

    Hey John, thank you so much, this is really informative and helpful. I like all your videos, and I learn alot from you.

  • @roninjanjira9687
    @roninjanjira9687 4 роки тому +2

    is there a place where I can download this CTF?

  • @alvarodenisacostaquesada8820
    @alvarodenisacostaquesada8820 3 роки тому

    Great video, great value :)

  • @rbNNN2
    @rbNNN2 3 роки тому

    I have no Idea what is going on,but its awesome!

  • @JusKalen
    @JusKalen Рік тому

    You have your own ads before the video starts I’ve never seen that

  • @vanshajrai6089
    @vanshajrai6089 3 роки тому

    This was fun! Thank you :)

  • @garcand
    @garcand 4 роки тому

    Blessings to you John

  • @4lpina
    @4lpina 4 роки тому

    Great video man. You have plenty of skill yourself so don't need to worry that video will be boring :)

  • @website8362
    @website8362 4 роки тому

    Great video as always 👍

  • @TRASH_Z403
    @TRASH_Z403 7 місяців тому

    3 years ago hmm good one ❤

  • @davyrogersuk
    @davyrogersuk 4 роки тому

    Loved this.

  • @triularity
    @triularity 3 роки тому

    If it found "CTF{\x00"... as an output before constraining it, does that mean it would have also been a valid answer (assuming the newline was missing)? I.e. at the command line version, enter: CTF{^D (^D = Press Ctrl-D for EOF). Of course, having to provide it via a webpage breaks that option, since presumable it will always include the newline to input, even though no explicit newline was submitted.

  • @Beersandsmokes
    @Beersandsmokes 3 роки тому

    This was very helpful!

  • @blendedcookie
    @blendedcookie 2 роки тому

    Ending song: Fearless by Lost Sky Because I recognized it but could figure out what it was and it was bugging me lol

  • @professordrama
    @professordrama 4 роки тому

    loved it! premium stuff! thanks a lot!

  • @twistedspirit
    @twistedspirit 4 роки тому +1

    I have a question, is angr like just bruteforcing all possible input combinations and checking whether the code hits the success memory address for any of them?

    • @supercalcio97
      @supercalcio97 4 роки тому +2

      I dont think it can bruteforce a 15 bytes string, it probrably create a system of equations (costraints for the input) after analazing the binary and uses some math magic to find a solution

  • @harshilpurohit5043
    @harshilpurohit5043 3 роки тому +1

    Very nice explanation!
    Is anyone facing an issue while running the code on their local machine? For me, when I only allow printable characters, then I am not getting any solution. If comment out those lines, I get garbage values as shown in the video. Please help

  • @JoseAltagracia
    @JoseAltagracia 4 роки тому

    Nice video. Besides the learning opportunity, what's the benefit of using angr over a regular brute force script in this case?

  • @ySomic
    @ySomic 3 роки тому

    I would love to see that .NET one, as a .NET dev

  • @Ganjalf_the_Green
    @Ganjalf_the_Green 3 роки тому

    I can only program in python, I can't understand C, yet I got all the strategy, and I'm starting C just to practice those tests cause I think they would help me increasing my competences, and I think they are a lot of fun

  • @GunniBusch1
    @GunniBusch1 3 роки тому

    After you said people solved it with anger, I destroyed my pc

  • @CallousCoder
    @CallousCoder Рік тому

    I just had a look myself.
    My idea to ignore the strncmp didn’t work because they didn’t print the flag when success only the work SUCCESS.
    So how I did it was to create a strncmp shared library function, that I preloaded and it would catch the two strings and write them to a file.
    So I had the string against which was compared - couldn’t get gdb to hand it to me 😂
    And then I took the shuffle add and xor constants and basically did the reverse xor again, sub32 instead of add and the shuffle is nasty, that can’t be undone. So I had a look on google (I never used that instruction, didn’t even know it existed) how it goes about mangling. Because I didn’t feel like trying out 15 factorial combinations. And basically wrote the reverse of that too.
    But it this is “beginner” then I don’t wanna know what advanced is like 😂

  • @enpassant7358
    @enpassant7358 4 роки тому

    John Hammond, what was you MOS in the Military?

  • @mastex5575
    @mastex5575 4 роки тому

    Hi John, i'm searching for a guide of what to use when regarding the sysinternals suite. Thanks for all your work you put in this and beeing a guidepost for the community.

  • @ianzhang2991
    @ianzhang2991 4 роки тому +1

    12:09 I was just about to go and install angr without a venv lol

  • @simplegametutorials1341
    @simplegametutorials1341 3 роки тому

    you can use GDB to find the Flag:
    UA-cam(angr Tutorials EP1 - Reverse Engineering 101)

  • @gatisozols
    @gatisozols 4 роки тому

    Why not just break before the strncmp and read the value of local_28? Maybe just got it wrong..

  • @saikiranlingadally1036
    @saikiranlingadally1036 4 роки тому

    Always inspiring 🔥