Post overview

August 8th, 2014 1 comment

HitB 2015 CTF write ups

June 4th, 2015 1 comment


During the Hack in the Box Amsterdam 2015 conference (28,29 May 2015) we participated for the 3rd time in a row with team Hack.ERS in the CTF game. Once again the team included both me and Gijs from the Eindbazen team and Riley as the 3rd player. Multiple other Eindbazen members organized the CTF just as in the past years. This write-up contains some of the challenges we solved during the CTF, I only created write-ups of the challenges for which I had enough notes, but I did include the challenge descriptions and files for all the challenges where possible.

We ended on the 3rd place with the same amount of points as the second place (but just slightly later submitted the last solve). Which results in getting a top 3 position for 3 years in a row (2nd in 2013, 1st in 2014)

Read more…

ASIS CTF 2015 write-ups

May 13th, 2015 No comments

Last weekend ASIS CTF took place and we (the Eindbazen team) spend some hours playing it. While we did not play the whole weekend we did solve some of the challenges. Since I enjoyed the challenges I worked on I decided to create these write-ups of them.


Read more…

Security issues logos

February 27th, 2015 No comments

Since last year it seems that security issues need to be named and need a logo. Since not all issues had a logo yet I made some logos just for fun and no particular reason. I do not support security issues being used for marketing (which seems to be the main reason for the naming), I just like to draw things every now and then. More might follow, or not, dunno yet.

I don’t claim any copyright, they can be freely used with or without credits. All images were created with Paint.NET, and the higher resolution versions are available when clicking on them.

Read more…

HitB 2014 CTF write ups

January 23rd, 2015 No comments

During the Hack in the Box Amsterdam 2014 conference we participated with the Hack.ERS team of Deloitte in the CTF game. The team included both me and Gijs from the Eindbazen team, while multiple other Eindbazen members organized the CTF. While this might sounds weird it actually meant that the organizing Eindbazen really liked to see us squirm while working on the challenges they created.

This write-up contains some of the challenges we solved during the CTF, I only created write-ups of the challenges for which I had enough notes.

Read more…

Eindbazen ebCTF write-ups

January 21st, 2015 No comments

With the Eindbazen CTF team, we hosted the CTF (ebCTF) during the hackers event OHM2013. To generate some awareness about the CTF and OHM2013 event we also held a Teaser round some time before it. Besides full-filling an organizers role I also created multiple challenges for both the teaser round and the CTF. For the teaser round I created the challenges BIN100 and FOR100, and for the main CTF I created the challenges BIN100 (together with asby), BIN200, BIN400 and NET400 (together with the NFI). This write-up contains the solutions, background info and source codes of the challenges I have worked on. Feel free to use anything from this write-up including source codes, as long as it is for non-commercial usage and please provide credits were appropriate. For commercial usage, please contact me to discuss.

Read more…

Meaningful MD5 Collisions: Creating executables

January 19th, 2015 No comments

More than two years ago I worked on meaningful MD5 collisions, especially creating executables files, but I never finished my write up about this until now (hurray for having a sabbatical 😉 ). The idea behind this project was to create multiple executables with the same MD5, but with different behavior. I ended up creating a Perl script which enables you to create a simple skeleton source code which you can use as a basis for your own code, after compilation you can use the same Perl script to create the multiple executables with different behavior. This project does not show a new way to create MD5 collisions, but makes it easy to exploit the weakness by creating executables with MD5 collisions. I based my project on existing research such as HashClash, and used fastcoll to create the collisions. For further information about MD5 collisions, I would like to refer to HashClash.

The MD5 collision executables can potentially be a security issue for MD5 whitelisting, which is still used by some security products. An attacker could potentially first send an executable which is considered safe and then its counterpart which is evil. Since the files will have the same MD5 hash value the first file will have the second file white-listed. The files could further have impact on products which use MD5 hash values to uniquely identify files, such as certain forensics software.

The whole project was inspired by my first MD5 collision experience while playing SmashTheStack IO and by forensic products using MD5 hash values as unique identifiers for files.

Read more…

Perl2Exe back to Perl – 64-bit (with x64_dbg)

January 6th, 2015 2 comments

After posting information on my website about the Perl2Exe reversing article I published before, I got a comment with a question on how to perform the same “trick” on 64-bit Perl2Exe executables. Sadly enough at that time there was no free and easy to use 64-bit debugger available to create a similar approach for 64-bit Perl2Exe executables. However, that has changed with the release of x64_dbg. While I am still looking forward to the 64-bit version of OllyDbg, this new debugger looks very promising and with it I was able to create a fairly simple way of recovering the Perl sourcecode of 64-bit Perl2Exe executables. I decided to create this fairly short write-up about how to do this, which can also be used as a first hands-on with x64_dbg.

For reference, the approach for 32-bit Perl2Exe executables (using OllyDbg) can be found here, which also describes how Perl2Exe works and what the idea is behind the approach that we also follow in this article. These details have been left out of this current article.

Update 15-02-2017: User Julian commented on this article below that the instructions did not work on binaries created with Perl2Exe version 24. Updated instructions for this version can be found at the end of the article.

Read more…

Motorola Droid 4 – Broken screen and data recovery

December 11th, 2014 No comments

At the beginning of this year my Motorola Droid 4 phone started dying on me. I looked for help on the XDA Developers Forum where I kept track of the different steps I took. For archiving reasons I created this write up to have a single page containing all information that I found on the issue. Sadly enough I was not able to repair the phone, however I was able to recover my data by rooting the device. The original XDA Forum thread can be found here:

Read more…

Forensic hardware – Don’t just blindly trust it

September 2nd, 2014 No comments

I recently found two pictures which I took in the last 2 years, of the Logicube Forensic Dossier misbehaving. I decided to write this very short article to show these pictures. Since this seems to be a 6th(!) generation forensic solution I would not expect this behavior. The Logicube hardware is widely accepted as ‘forensically sound’, there seems to be some sort of blind trust in forensic hardware by forensic experts, while everything else is always disputed at great length.

Read more…

Hacker colour chart v1

August 28th, 2014 No comments


The “Hacker colour chart”, if you are not in the green you might want to reconsider if you are a hacker 😉

Read more…