Showing posts from October, 2017

Received the Labyrenth 2017 prize

This was the first CTF Challenge I ever tried. So those things mean a lot for me.
Thanks to those mp3, mp3, playing them in loop mode make me don't get tired of stepping.

Why should I play Subway Surfers using mouse ? isn't keyboard cool !

Let's assume that someone forced to work under some circumstances, where no internet access will be available to him (not forever but just for a duration like one week), he will probably click Ctrl+F, write subway, Great, he found a game where he can burn his time.

Let's play for 30 min - 1 hour, probably that person will not be able to reach more high score, his hand will hurt.

I want to make the life of this person easier and better by adding keyboard support to that game (the game is for childs or not that is another story, and not important for me).

I want this feature to become built-in, so the end don't want to do anything other than double click the exe.

Great, It looks like that I'm lucky, UnityEngine is used along with Mono, which is a .NET framework-compatible.

Found something interesting in Assembly-CSharp.dll, Game.HandleControls method, we must add arrow keys support there.

So I modified the IL to get something like that

Great, but unfortunately after runn…

Flare-On 2017

08-09-2017 at night I just knew that flare-on started, solved two challenges and fall asleep.

1- The first challenge is quite easy to solve since the rotate is symmetric:

2 - This a little bit tricky since you will reproduce a small decryption algorithm to do reverse the encryption:

09-09-2017 after-noon, started solving challenge 3.

3 - This challenge requires you to find a byte value that is the key to decrypt an x86 code, given a simple hash function, once this code is decrypted and begin running, it will put the flare-on flag on the stack, so we must do 2 things:

Find the byte key:

Send that byte to the local server at and debug
09-09-2017 - 10-09-2017,

4 - It took me more time to figure out that the challenge uses PE files from last year flare-on challenge (2016). Generally, every PE file contain a 8-byte forming a part of the key, each file will have those bytes at offsets 0x400, 0x410, 0420 or 0x430.

The files should be put at the following folder:

Once the files …