Its great that the CTF organizers fielded a neutral architecture that no one would be familiar with. This helps put everyone on a more even footing and tests their knowledge of their tools and reverse engineering instead of knowledge of architecture internals
For this year's DEFCON CTF, the organizers decided to break all existing tooling by making a custom architecture with 9-bit bytes, 27-bit words, and middle-endian integers.
I was able to make a [Binary Ninja](https://binary.ninja) architecture plugin on the flight to Vegas, but unfortunately I had to expand everything to 16-bit bytes to be able to handle addressing. This made control flow graph recovery possible, but I had to choose between accurate data references or accurate immediates. I ended up going with accurate immediates and letting my data references fall into the middle of functions (because instruction addresses were all 2x).
The 27-bit words and middle-endianness wasn't a huge issue, but the 9-bit bytes really really sucked. We had IO buffering issues on every exploit we wrote and analyzing PCAPs was a huge pain.
4 comments
[ 4.5 ms ] story [ 22.2 ms ] threadI was able to make a [Binary Ninja](https://binary.ninja) architecture plugin on the flight to Vegas, but unfortunately I had to expand everything to 16-bit bytes to be able to handle addressing. This made control flow graph recovery possible, but I had to choose between accurate data references or accurate immediates. I ended up going with accurate immediates and letting my data references fall into the middle of functions (because instruction addresses were all 2x).
The 27-bit words and middle-endianness wasn't a huge issue, but the 9-bit bytes really really sucked. We had IO buffering issues on every exploit we wrote and analyzing PCAPs was a huge pain.