[0xricksanchez] participated in a software reverse-engineering challenge and recently wrote up the solution, and in so doing also documented the process used to discover it. The challenge was called Devil’s Swapper, and consisted of a small binary blob that output a short message when executed. The goal of the challenge? Discover the secret key and the secret message within. [0xricksanchez]’s writeup, originally intended just as a personal record, ended up doing an excellent job of showing how a lot of reverse engineering tools and processes get applied to software in a practical way.
What’s also great about [0xricksanchez]’s writeup is that it uses standard tools and plenty of screenshots to show what is being done, while also explaining why those actions are being chosen and what is being learned. It’s easy to follow the thought process as things progress from gathering information, to chasing leads, and finally leveraging what’s been learned. It’s a fascinating look into the process of applying the reverse engineering mindset to software, and a good demonstration of the tools. Give it a read, and see how far you can follow along before learning something new. Want more? Make sure you have checked out the Hackaday 2020 Remoticon videos on reverse engineering firmware, and doing the same for PCBs.
I don’t like underrating these works, but when I saw the title what I was expecting was a real world reverse engineering case applied in a “software development” competition. Instead this is a “crackme” challenge; you can find a huge number of those challenges and their writeups online.
Anyways, congrats to the solver.
Interesting crackme, not exactly my usual kind of RE where I’m trying to, eg, “pwn” a piece of hardware I own. But interesting to see anyway, I haven’t looked at these much. Shame it’s using Ida instead of Ghidra (or even r2) so I can’t follow along as closely. I wonder how much difference the decompilation powers of Ghidra would have affected this challenge: since it’s intentionally obfuscated, I wonder if you’d mostly ignore the decompilation. Similar to how I managed to be able to mostly ignore the disassembly window 🤣
(on scroll back up: I noticed how the summary calls it “standard tools”: I guess IDA might be standard for professionals in security and analysis, but unless you can do it with the old version they distribute for no-cost, it’s hardly standard for those of us just poking around for fun. In case you couldn’t tell from my comment history, though, I’m totally here for more Ghidra content: I always feel like I’m barely scratching the surface of its capabilities.)