Hope you'll get back to embedded. It's way more exciting, knowing that the code is sitting inside that tiny little thing on my bench as opposed to a massive server.
scratching my head. no clue what's going on : ( need to watch the video again n again to understand. still like to the video for your research and hard work
this semester im study the microprocessor 8086, especially the assembly language part, i was confused why do we have to learn assembly when there is already a high level language? i thought for myself that it was for us to understand how computer works (i study in polytechnic), but after i know reverse engineering, im grinning and i think that's very interesting... im interested to security, and thanks to you i feel more motivated to learn more
The reason you learn Assembly in the real world is mostly debugging. Hi-level languages tend to be interpreted, which is cool! But tends to be slow in comparison to compiled languages. Therefore for big fast performance projects you will be writing in a compiled language (Mostly C/C++, but nowdays Go and Rust have been growing in popularity, which is awesome). Now, if you truly want to write fast code you are going to be working very very very close to memory. And if you have no clue what's going down there, you ARE going to find bugs in your code. I learned python first, and working with list in python is a MARVEL. JavaScript is not that different, neither is Haskell, and even in Java, as long as you are using ArrayList everything can be pretty intuitive And then you learn C, and hey! I can make an array with int array[3] = {1,2,3}; that's fun. Then you try to pass that array to a function and oh god you just stubbled upon your newest nightmare. Learning assembly let's you understand that you really aren't working with lists, or strings, or objects, or even functions! It's all just data and instructions. That's not a mindset you can truly get from a hi-level languages. And when those problems start to crawl into you next severside application, and you start running out of memory or accessing thins that you are not supposed to, you better know how to handle that
The binary is encrypted. It's Intel HEX format, but it's still not valid assembler. The arduino board we got for the competition is preloaded with a custom bootloader and customised with unique keys for each player. The binaries for the challenge are encrypted, so that nobody can solve all challenges by simply reversing the code. And the bootloader decrypts the binary you flash. Just in this case, they additionally provided a non-encrypted binary, because it was a reversing challenge.
Same program, but those HEX files are not encrypted, so you can load them with the regular Arduino bootloader. But they were released after the competition.
I am still a little confused on whether you need a aurdino board(hardware) to reverse engineere this...Or can you try reversing this without any speical hardware....
How did you get your .gdbinit file to work in avr-gdb? It works in normal gdb but when i open the avr version, I get an error saying that scripting in python is not allowed in this version of gdb. I am running Ubuntu and can not find any other avr-gdb version which supports python.
I did that once and it helped. Before my program jumped into the HardFaultHandler I saw in the Assembler code that it was just in an area full of empty flash. Turned out my code grew into the part of the flash where I was doing my EEPROM emulation :D
The encouragement that I get out of understanding how frustrating this was to you is truly motivating. Amazing work!
The need for using the SMT thing is mind-blowing. Great job!
Great job man! These challenges r no joke.
Hope you'll get back to embedded. It's way more exciting, knowing that the code is sitting inside that tiny little thing on my bench as opposed to a massive server.
Just in 25 minutes I lerned more than whole year on low-level programming lecture at univ
My brain keeps overheating with these videos.
These videos are really awesome!
Nice job!Works like a charm!
Thanks, great video, gives us hope for the future of.
scratching my head. no clue what's going on : ( need to watch the video again n again to understand. still like to the video for your research and hard work
Mind == blown
ERROR 0x1495 Compering standard body part with action not supported
just wow !
Like , before watch it. Great ill watch later
How did you get to known that we must disassemble from 0xdff
this semester im study the microprocessor 8086, especially the assembly language part, i was confused why do we have to learn assembly when there is already a high level language? i thought for myself that it was for us to understand how computer works (i study in polytechnic), but after i know reverse engineering, im grinning and i think that's very interesting... im interested to security, and thanks to you i feel more motivated to learn more
The reason you learn Assembly in the real world is mostly debugging. Hi-level languages tend to be interpreted, which is cool! But tends to be slow in comparison to compiled languages. Therefore for big fast performance projects you will be writing in a compiled language (Mostly C/C++, but nowdays Go and Rust have been growing in popularity, which is awesome).
Now, if you truly want to write fast code you are going to be working very very very close to memory. And if you have no clue what's going down there, you ARE going to find bugs in your code.
I learned python first, and working with list in python is a MARVEL. JavaScript is not that different, neither is Haskell, and even in Java, as long as you are using ArrayList everything can be pretty intuitive
And then you learn C, and hey! I can make an array with int array[3] = {1,2,3}; that's fun. Then you try to pass that array to a function and oh god you just stubbled upon your newest nightmare. Learning assembly let's you understand that you really aren't working with lists, or strings, or objects, or even functions! It's all just data and instructions. That's not a mindset you can truly get from a hi-level languages. And when those problems start to crawl into you next severside application, and you start running out of memory or accessing thins that you are not supposed to, you better know how to handle that
FUCKING HELL this is awesome !!!
I'm guessing the other result ("3m_0t_t1_3v1g") would've worked as well. Have you tried that one too?
It's just reverse of the other password.
How do you run IDA Pro on mac?
It's IDA Standard and it's the mac version. So I can run it on mac.
Crazy
0:41 The hex binaries is NOT encrypted. It is just encoded with Intel HEX. You can disassemble the HEX file with avr-objdump.
The binary is encrypted. It's Intel HEX format, but it's still not valid assembler. The arduino board we got for the competition is preloaded with a custom bootloader and customised with unique keys for each player. The binaries for the challenge are encrypted, so that nobody can solve all challenges by simply reversing the code. And the bootloader decrypts the binary you flash.
Just in this case, they additionally provided a non-encrypted binary, because it was a reversing challenge.
I see. So the Challenge HEX file is not same with this? github.com/Riscure/Rhme-2016/blob/master/challenges/binaries/jumpy/jumpy.hex
Same program, but those HEX files are not encrypted, so you can load them with the regular Arduino bootloader. But they were released after the competition.
I see, thanks for the clarifications :)
First time ever, more like first time AVR
I am still a little confused on whether you need a aurdino board(hardware) to reverse engineere this...Or can you try reversing this without any speical hardware....
+geek geek I reversed it without an arduino. Just had to use the board when I wanted to get my personalized flag ;)
How do you get your radare2 visual mode look like that? Mine opens a http server.
+Ctreative7772 you are running an old version. Install from git
I thought I had the newest version. I was wrong. Thank you!
How did you get your .gdbinit file to work in avr-gdb? It works in normal gdb but when i open the avr version, I get an error saying that scripting in python is not allowed in this version of gdb. I am running Ubuntu and can not find any other avr-gdb version which supports python.
Did you ever figure out how to get this to work? Having the same issue
Ryan Wincey No never got it to work. You need to compile your own avr-gdb with python scripting enabled.
holy fucking shit, damn man
how'd you make your gdb look like that ?
it's a .gdbinit config. I linked to it in the description
any alternative apart from simavr
A real AVR with a debugger connected to it?
Nice, too bad I didn't learn anything about assembler and now I'm too busy working with C.
+billigerfusel just debug your C programs with gdb and look at the assembler code when you run into crashes.
I did that once and it helped. Before my program jumped into the HardFaultHandler I saw in the Assembler code that it was just in an area full of empty flash. Turned out my code grew into the part of the flash where I was doing my EEPROM emulation :D
I LOVE YOU
DRram. ,