# RE101 Writeup - CyberDefenders

> ﻿ RE101 challenge is a binary analysis exercise - a task security blue team analysts do to understand how a specific malware works and extract possible intel.

## I've used this new encryption I heard about online for my warez; I bet you can't extract the flag! (File: MALWARE000)

die &gt; strings ZmxhZzwwb3BzX2lfdXNlZF8xMzM3X2I2NF9lbmNyeXB0aW9uPgo= base64 -d

**Flag**: 0ops\_i\_used\_1337\_b64\_encryption

## Check out what I can do! (File: Just some JS)

![](https://i.imgur.com/IX7Cayz.png align="left")

Obfuscated javascript. node just\_some\_js

**Flag**: what\_a\_cheeky\_language!1!

## I'm tired of Javascript. Luckily, I found the grand-daddy of that lame last language! (File: This is not JS)

![](https://i.imgur.com/5UGxKzM.png align="left")

BrainFuck! https://www.dcode.fr/brainfuck-language

**Flag**: Now\_THIS\_is\_programming

## I zipped flag.txt and encrypted it with the password "password", but I think the header got messed up... You can have the flag if you fix the file (File: Unzip Me)

Used this [PKZip specification doc](https://users.cs.jmu.edu/buchhofp/forensics/formats/pkzip.html). Just needed to fix file name length.

![](https://imgur.com/P9M5evA.png align="left")

**Flag**: R3ad\_th3\_spec

## Apparently, my encryption isn't so secure. I've got a new way of hiding my flags! (File: MALWARE101)

THIS CHALLENGE IS REALLY TRICKY! The scrambled characters injected into stack memory in order. So, by using GDB, adding breakpoint before printf, you will get the flag in stack.

![](https://imgur.com/rqqnrKK.png align="left")

**Flag**: sTaCk\_strings\_LMAO

## Ugh... I guess I'll just roll my own encryption. I'm not too good at math, but it looks good to me! (File: MALWARE201)

```plaintext
x = [0x6d, 0x78, 0x61, 0x6c, 0xdd, 0x7e, 0x65, 0x7e, 0x47, 0x6a, 0x4f, 0xcc, 0xf7, 0xca, 0x73, 0x68, 0x55, 0x42, 0x53, 0xdc, 0xd7, 0xd4, 0x6b, 0xec, 0xdb, 0xd2, 0xe1, 0x1c, 0x6d, 0xde, 0xd1, 0xc2]

for i, num in enumerate(x):
    a = i | 0xa0
    b = num ^ a
    c = b >> 1
    print(chr(c), end='')
```

**Flag**: malwar3-3ncryp710n-15-Sh17
