GHIDRA for Reverse Engineering (PicoCTF 2022 #42 'bbbloat')

Подписаться 1,7 млн

Просмотров 199 тыс.

50% 1

Help the channel grow with a Like, Comment, & Subscribe!
❤️ Support ➡ j-h.io/patreon ↔ j-h.io/paypal ↔ j-h.io/buymeacoffee
Check out the affiliates below for more free or discounted learning!
🖥️ Zero-Point Security ➡ Certified Red Team Operator j-h.io/crto
💻Zero-Point Security ➡ C2 Development with C# j-h.io/c2dev
👨🏻‍💻7aSecurity ➡ Hacking Courses & Pentesting j-h.io/7asecurity
📗Humble Bundle ➡ j-h.io/humblebundle
🐶Snyk ➡ j-h.io/snyk
🌎Follow me! ➡ j-h.io/discord ↔ j-h.io/twitter ↔ j-h.io/linkedin ↔ j-h.io/instagram ↔ j-h.io/tiktok
📧Contact me! (I may be very slow to respond or completely unable to)
🤝Sponsorship Inquiries ➡ j-h.io/sponsorship
🚩 CTF Hosting Requests ➡ j-h.io/ctf
🎤 Speaking Requests ➡ j-h.io/speaking
💥 Malware Submission ➡ j-h.io/malware
❓ Everything Else ➡ j-h.io/etc

Опубликовано:

7 июл 2024

Ссылка:

Скачать:

Готовим ссылку...

Добавить в:

Мой плейлист

Посмотреть позже

Комментарии : 125

@micleh Год назад

Liked that one, since it is an easy example of how to disassemble code and make sense of what is readable. Perfect as a beginner tutorial.

@11ph22il 2 года назад

These videos are the spam I like to get, each one with GREAT info on CTFs. Thanks John!

@MikeDSutton 2 года назад

In case anyone else was curious what the 'unscramble_flag' function did, here's the rough equivelent in Python 3: bytes([ b + (0x2F if b < 0x50 else -0x2F) for b in bytes([ 0x41, 0x3a, 0x34, 0x40, 0x72, 0x25, 0x75, 0x4c, 0x34, 0x46, 0x66, 0x30, 0x66, 0x39, 0x62, 0x30, 0x33, 0x3d, 0x5f, 0x63, 0x66, 0x30, 0x62, 0x65, 0x35, 0x35, 0x62, 0x60, 0x65, 0x32, 0x4e ]) ])

@Lampe2020 Год назад

I first saw the code then the description you gave but I immediately recognized it as Python3-code because two of my last three Python3-projects involved exactly that, converting lists of numbers between 0x00 and 0xff to byte strings (`bytes` object) XD

@kadericketts9218 2 года назад

Been loving the PICO CTF videos you’ve been making have watch most of them and have been learning a lot as i am just a noob in IT

@sk0r Год назад

I’ll be honest, a lot of your videos I have no idea what you are doing, but I enjoy watching you and your skill set and what is possible with the right tools. 🙏

@deltabytes 2 года назад

I like the way you take us through step by step. I am learning a lot from these videos.

@arr3business939 Год назад

same

@DevBranch Год назад

Thank you for making these videos! I'm new to this, so being able to see how this works first-hand is extremely helpful.

@hardelectrolove 2 года назад

Did you just accidentally release every video for the next weeks/months at once? Holy moly, that's a lot of stuff in my Watch Later playlist now! x)

@VA3KAMA3 2 года назад

same. just have had a marathon watching them

@theamazingjay161 2 года назад

Okay, so I'm not the only one.

@tpai302 2 года назад

I'm so bad at RE but love watching others do it so I can pick up on little things each time.

@jackscalibur 3 месяца назад

Hey! Do you feel like you're better at it now?

@HyBlock 2 года назад

couldn't this be done in some other way, my feed is filled with all those uploads making it harder to browse, don't wanna unsubscribe cus I appreciate your work though!

@TheJustinist 2 года назад

Yep, unsubbed

@KoskiK 2 года назад

Quite the same, after the first burst of videos I figured it was just a mistake or an error with the scheduler. After this new one I unsubbed unfortunately, as I enjoyed the content. RU-vid should by now have made a limit, say 3 posts of a single person in the sub feed.

@ocoolwow 2 года назад

@@KoskiK ah that would actually assume that RU-vid would output usable work

@zdrasbuytye Год назад

You can do reverse engineering with the Linux shell only .

@Dex_Lulz Год назад

The more spend I time on your channel the more I learn.

@kr4k3nn 2 года назад

This is my first time seeing Reverse Engineering. I am like WOW, this is so fun to watch & do. THanks John for introducing this very interesting things to us. :)

@1234enzor 8 месяцев назад

A flashback and relearning TY!

@user-cl4gy7pi6q 3 месяца назад

Man u r DANGEROUS! lol 🙃☺ keep ur great work up dude! 💪

@kevinalexander4959 2 года назад

Would love to see a video on rebasing. I have a hard time with alignment using strings. Would love a newbie friendly of you rebasing binaries that do not align in disassembler. thanks!!

@aurelienlevra3782 2 месяца назад

Great video

@ancestrall794 2 месяца назад

Awesome bro

@P-G-77 Год назад

Love this intricate logic tricks.

@gogogg91 2 года назад

Awesome!

@ronorocky 2 года назад

i just love you man,you are just awesome....... hope someday i will meet u in person.... u r doing a great job... keep it up. ❤️❤️

@tech-wandeveloper7495 Год назад

That was cool man!

@for14556 11 месяцев назад

Very nice video about rev, thx.

@FakeMichau 2 года назад

RU-vid after seeing so many uploads: i'm gonna end this man's whole career

@mytechnotalent 2 года назад

Love me some Ghidra!

@HYPR.trophy 2 года назад

I appreciate hearing your thought process as you go through the challenge

@Riiveri 2 года назад

I have no idea why RU-vid decided to recommend me these videos but I'm glad it did. This is awesome!

@vivarantx Год назад

same here, I was watching people eating 30 bags of cheetos and I ended up here

@kiizuha Год назад

@@vivarantx lmao

@victorkuria4734 2 года назад

Great stuff

@SamoCoder 2 года назад

This was interesting. Liked and subscribed.

@bkib Год назад

Nice!

@inazumaeleven9102 2 года назад

I like the fact that in each ctf videos, I learn new tools to use for hacking. Now I check the bell icon. Keep on going man, u the best

@KGAD0831 2 года назад

I really liked this one.

@cod4volume 2 года назад

As far as open source content goes, John, you’re an OG. A goat. Appreciate the content and knowledge dude, stay humble.

@skeeberk.h.4396 2 года назад

Very Nice

@sem8973 Год назад

This would have been a perfect intro tutorial to reverse engineering with Ghidra

@msalih Год назад

Awesome

@krishanuchhabra 2 года назад

Nice one

@DanjumaMuhammad Год назад

I like the term "low-hanging fruit 🍓" 😊

@wonderweissmargela4261 2 года назад

Easy with the upload sir

@untitled8027 2 года назад

nice

@cryproot9845 2 года назад

It's a good video

@makayjozsef 2 года назад

You can use "apt search" too for package searching

@lancemarchetti8673 Год назад

agreed

@hh7xf 2 года назад

you should also check out cutter

@nightst0rm230 2 года назад

hello sir your videos are great it helped me for solving and understanding all the ctfs of thm

@lancemarchetti8673 Год назад

Hi John, can you please review "angr" for us. I don't have a clue where to start...lol

@heisenberg8055 Год назад

TF I just watched! Interesting

@m4rt_ 2 года назад

6:20 (sdkman is a good tool for downloading java stuff)

@tribblewing 2 месяца назад

My etc/apt/sources.list is using Kali Linux's default repo, but I can only install strace. ltrace keeps getting an error: "Unable to locate package". Has anyone figured out a working alternative repo?

@codedsprit Год назад

I wish I had a nice laptop like yours 🥺

@WayneModz 11 месяцев назад

I guess its kinda good you didn't have the environment requirements preinstalled

@user-no5vf3kn9l 9 месяцев назад

Headless for Java means its stripped of mouse and keyboard input libraries and whatnot. Badly breaks java swing, so you probably don't want to use that.

@Lampe2020 Год назад

The word "Bbbbbbbloat" is a bloated word and has the same effect as a mass of bloatware has on a PC: it works, but slower.

@polinimalossi8404 Год назад

but you can make the same video with the imusic aimersoft program?

@superfish4603 2 года назад

There are 11 hidden videos in the playlist, when do we get them? :)

@saranvishva7982 Месяц назад

what will happen if I swap the iF and else condition

@znucii 2 года назад

MAHYOUB WE MISS YOU

@ashokshastri9101 7 месяцев назад

Sir big fan of yours from Lamatol village, golbazar-06 municipality, siraha district, sagarmatha zone, Madhesh Pradhesh (province no 2), nepal 🇳🇵

@abiodun6897 2 года назад

i got it 🙋🏾‍♂️. where can i learn this reverse engineering

@tlocto 2 года назад

can't wait till you go over noted, was my favorite one

@user-he9uj1lr1k 10 месяцев назад

Please 🙏 sir can I use this to do reverse engineering on my mobile app??? Can someone help me out

@vinnie3265 5 месяцев назад

Everytime I Try to run a binary file on my kali linux I am getting exec format error...so I am not able to solve any rev engineering problems....can someone plss help with it🙏🙏🙏🙏

@Bowzerbro 2 года назад

👍

@user-zo1kn8ob7h 4 месяца назад

oh look a user agreement, "i agree" never to be thought of again

@noodlechan_ Год назад

what if we reverse engineer Ghidra binarys using GHidra?

@faxhack 2 года назад

Wait this is intresting

@passaronegro349 2 года назад

...would it be possible to have subtitles in Portuguese ???

@yttos7358 2 года назад

Another way of converting from hex to decimal is with the `printf` command which can be found on any linux system; use `printf %d 0xc0ffee` to see

@MisterK-YT 2 года назад

John can you post the code that formats your bash (or zsh) prompt? From your .bashrc or wtvr config file. I like that two-line prompt.

@Mathcartney 2 года назад

Its zsh the shell that he uses, it isn’t bash. And the theme is the default kali theme. There are many other custom themes and wrappers such as powerlevel10k if you dig it deeper tho

@mikerich5003 2 года назад

Has anyone on bohemia has their initial deposit asst changed..

@marcoamendoza5283 Год назад

Does anyone have the bbbblob file to try it out?

@wahabwahab2042 Год назад

im watching your video and honestly i'm 80% didn't understand what are you doing exactly. i wonder what level is that ? im sure it is advanced level . where to start to achieve your level ??

@Bromon655 3 месяца назад

What is the Linux wizardry… dude was flying through the terminal like nobody’s business

@MasterRg-cj7tt 2 года назад

Hi , I am new PicoCTF . and i try to solve that for practice if i cant i am looking for in google for solving . But I cant find picoCTF notepad Author: ginkoid . Can you help me? How can i solve that

@TheofilosMouratidis 2 года назад

at 13:26 you already got the decimal by hovering over the number

@MrLetsGamePlayHD 2 года назад

In ghidra you can also change the display type

@SultanSaadat 2 года назад

can you send us your shell modifications? This looks so cool.

@AliYar-Khan 2 года назад

Can we reverse engineer malware and then remove them this way ?

@bmbiz 2 года назад

That's pretty much the _only_ way to remove previously unknown malware: reverse engineer it, figure out all changes it makes and then undo all those changes on an infected system.

@MygenteTV Год назад

wtf, this is weird I had been watching your videos and even follow you in LinkedIn for years and just found out I wasn't subscribed to your channel. RU-vid be playing tricks, they welcome you with your favorite channel for ever and you will never know you weren't subscribed because everytime you open youtube and see the same person there you automatically think you are subscribed

@leblanc666666 2 года назад

nice and simple, but fun nonetheless! Does picoCTF have have challenges that are more based on web applications?

@iKilleasy007 2 года назад

picoCTF has a web exploitation category

@metsfaninct 2 года назад

Man, nothing like getting spammed. Should have spaced it out.

@MisterK-YT 2 года назад

Question: why didn’t he “trust” the Ghidra from the official Kali repo? Why go through the process of installing manually??

@SheIITear 2 года назад

Stuff from the repos on your distro tend/might be really old. In case of ghidra you just download and extract it so thats the fastest way to get the latest.

@MisterK-YT 2 года назад

@@SheIITear noted! Thanks!

@vaisakhkm783 2 года назад

I wanted to ask same. I thought it might be the reason but to make sure... Is that a problem with distros like fedora or arch!?... those are more up to date than Debi an right!?

@mideno7619 2 года назад

Sup

@afrkleaks4991 Год назад

I do not have time with all these load it opens this read there and there then crack it i refuse all these stuff at the end you have to find the way to get in to the software, easy ways quickly just load malware to infect