Ask HN: How to start solving binary challenges in a CTF

8 points by raven_stark ↗ HN
I'm quite used to web challenges in a CTF. Also I'm familiar with assembly programming, gdb, but find it difficult to solve binary challenges. What all tools should I start using?

6 comments

[ 835 ms ] story [ 751 ms ] thread
Since you already know how to use GDB and you're familiar with Assembly, Now i don't know how much Assembly you know, but you need to know how programs execute in memory, (stack , heap , syscalls.....), and once you have that clear in your mind, try to draw a map of thoughts about the logic of execution of this binary (it will be pretty simple, since it's generally small programs), look for the points and weaknesses in the logic that you might attack, one tool i use frequently is [0]peda, also using some visual gdb extension would be really helpful for you instead of checking and looking every time on how registers change values, sometimes a little knowledge about how compilers work and the OS you're working on will be really helpful although the binaries are independent in most cases, but extra knowledge is always useful. [0]https://github.com/longld/peda
https://microcorruption.com/

nuff said. Hands on exercises through MSP430 hackmes. Only problem is that it won't hold your hand through it other than the first one, and you may need to read online solutions to kinda get the hang of it.

That's how I learned ASM RE, and I tried x86 hackme's in a hackathon and I came out first. I have completed less than 10 microcorruption challenges. So there's that.

After the first problem, the one that's a tutorial, did you feel like you could actually solve the second challenge? I still feel completely lost. For the most part I understand the problem it walks you through, but I feel like I don't even know where to start with the second one.

I know how to program at a basic level with higher-level languages like python, but I'm finding this low-level stuff rather difficult.

Late reply but yes, I kinda got stuck at times but eventually I got around to getting it working. Doing a bit of research will get you far.

If that doesn't help, read the walkthroughs online, but don't read the entire walkthrough because that won't help on your education. Read one line, ponder, etc.

I'm a hardware guy and I really really love low level stuff; it's my homeground. I do admit that it's not for everybody.

if you are comfortable with gdb go with it or else i generally prefer hexdump, objdump and radare2 over gdb (for linux pwnables). i really like radare2, and ctfs generally come with radare nowadays.

however, i think, the most important thing about cracking challenges is your knowledge, you need to learn the paltforms, the architecture, possible vulnerabilities and exploitation of all. so you may benefit reading some vulnzines like phrack and valhalla, some vxforums or papers from exploit-db. also there are very nice books where you can learn basic exploitation techniques(shellcoders handbook, hacking the art of exploitation, etc...). these may be useful if you really have the basic aspects, if you aren't comfortable with shell(bash, sh, zsh, etc..) you should get comfortable with them at the begining.

also you need to learn some c and another scripting language(like python, perl, ruby, lua etc...) for effective cracking (in *nixes).

and don't use windows, it makes you lazy.

also you can take these courses, that would be a marvelous start http://www.opensecuritytraining.info/

<IMPORTANT!> before starting these please ask yourself, why do you do this to yourself? go and get a (girl|boy)friend instead of this. the security field is such a §H!™ hole and endless.

TL;DR: go with radare, and crack this challenges first >> https://exploit-exercises.com/