GHIDRA for Reverse Engineering (PicoCTF 2022 #42 'bbbloat')

In case anyone else was curious what the 'unscramble_flag' function did, here's the rough equivelent in Python 3:
bytes([ b + (0x2F if b < 0x50 else -0x2F) for b in bytes([
0x41, 0x3a, 0x34, 0x40, 0x72, 0x25, 0x75, 0x4c,
0x34, 0x46, 0x66, 0x30, 0x66, 0x39, 0x62, 0x30,
0x33, 0x3d, 0x5f, 0x63, 0x66, 0x30, 0x62, 0x65,
0x35, 0x35, 0x62, 0x60, 0x65, 0x32, 0x4e ])
])

These videos are the spam I like to get, each one with GREAT info on CTFs.
Thanks John!

Liked that one, since it is an easy example of how to disassemble code and make sense of what is readable. Perfect as a beginner tutorial.

I like the way you take us through step by step. I am learning a lot from these videos.

Been loving the PICO CTF videos you’ve been making have watch most of them and have been learning a lot as i am just a noob in IT

I’ll be honest, a lot of your videos I have no idea what you are doing, but I enjoy watching you and your skill set and what is possible with the right tools. 🙏

Thank you for making these videos! I'm new to this, so being able to see how this works first-hand is extremely helpful.

Love this intricate logic tricks.

A flashback and relearning TY!

I'm so bad at RE but love watching others do it so I can pick up on little things each time.

Did you just accidentally release every video for the next weeks/months at once? Holy moly, that's a lot of stuff in my Watch Later playlist now! x)

Would love to see a video on rebasing. I have a hard time with alignment using strings. Would love a newbie friendly of you rebasing binaries that do not align in disassembler. thanks!!

The more spend I time on your channel the more I learn.

i just love you man,you are just awesome....... hope someday i will meet u in person.... u r doing a great job... keep it up. ❤️❤️

Love me some Ghidra!

Great video

Very nice video about rev, thx.

Man u r DANGEROUS! lol 🙃☺ keep ur great work up dude! 💪

Awesome bro

Awesome!

Great stuff

I appreciate hearing your thought process as you go through the challenge

couldn't this be done in some other way, my feed is filled with all those uploads making it harder to browse, don't wanna unsubscribe cus I appreciate your work though!

That was cool man!

I really liked this one.

This was interesting. Liked and subscribed.

Very Nice

Nice!

Awesome

This is my first time seeing Reverse Engineering. I am like WOW, this is so fun to watch & do. THanks John for introducing this very interesting things to us. :)

Nice one

Easy with the upload sir

TH-cam after seeing so many uploads: i'm gonna end this man's whole career

This would have been a perfect intro tutorial to reverse engineering with Ghidra

I have no idea why TH-cam decided to recommend me these videos but I'm glad it did. This is awesome!

I like the fact that in each ctf videos, I learn new tools to use for hacking. Now I check the bell icon. Keep on going man, u the best

I like the term "low-hanging fruit 🍓" 😊

nice

It's a good video

hello sir your videos are great it helped me for solving and understanding all the ctfs of thm

Hi John, can you please review "angr" for us. I don't have a clue where to start...lol

You can use "apt search" too for package searching

Headless for Java means its stripped of mouse and keyboard input libraries and whatnot. Badly breaks java swing, so you probably don't want to use that.

As far as open source content goes, John, you’re an OG. A goat. Appreciate the content and knowledge dude, stay humble.

you should also check out cutter

6:20 (sdkman is a good tool for downloading java stuff)

I guess its kinda good you didn't have the environment requirements preinstalled

i got it 🙋🏾‍♂️. where can i learn this reverse engineering

Another way of converting from hex to decimal is with the `printf` command which can be found on any linux system; use `printf %d 0xc0ffee` to see

I wish I had a nice laptop like yours 🥺

TF I just watched! Interesting

Sir big fan of yours from Lamatol village, golbazar-06 municipality, siraha district, sagarmatha zone, Madhesh Pradhesh (province no 2), nepal 🇳🇵

The word "Bbbbbbbloat" is a bloated word and has the same effect as a mass of bloatware has on a PC: it works, but slower.

at 13:26 you already got the decimal by hovering over the number

MAHYOUB WE MISS YOU

oh look a user agreement, "i agree"
never to be thought of again

Wait this is intresting

👍

There are 11 hidden videos in the playlist, when do we get them? :)

can't wait till you go over noted, was my favorite one

but you can make the same video with the imusic aimersoft program?

what if we reverse engineer Ghidra binarys using GHidra?

Please 🙏 sir can I use this to do reverse engineering on my mobile app??? Can someone help me out

My etc/apt/sources.list is using Kali Linux's default repo, but I can only install strace. ltrace keeps getting an error: "Unable to locate package". Has anyone figured out a working alternative repo?

John can you post the code that formats your bash (or zsh) prompt? From your .bashrc or wtvr config file.
I like that two-line prompt.

im watching your video and honestly i'm 80% didn't understand what are you doing exactly.
i wonder what level is that ? im sure it is advanced level .
where to start to achieve your level ??

...would it be possible to have subtitles in Portuguese ???

Has anyone on bohemia has their initial deposit asst changed..

nice and simple, but fun nonetheless!
Does picoCTF have have challenges that are more based on web applications?

can you send us your shell modifications? This looks so cool.

Everytime I Try to run a binary file on my kali linux I am getting exec format error...so I am not able to solve any rev engineering problems....can someone plss help with it🙏🙏🙏🙏

Sup

What is the Linux wizardry… dude was flying through the terminal like nobody’s business

Can we reverse engineer malware and then remove them this way ?

wtf, this is weird I had been watching your videos and even follow you in LinkedIn for years and just found out I wasn't subscribed to your channel. TH-cam be playing tricks, they welcome you with your favorite channel for ever and you will never know you weren't subscribed because everytime you open youtube and see the same person there you automatically think you are subscribed

Man, nothing like getting spammed. Should have spaced it out.

Does anyone have the bbbblob file to try it out?

Hi , I am new PicoCTF . and i try to solve that for practice if i cant i am looking for in google for solving . But I cant find picoCTF notepad Author: ginkoid . Can you help me? How can i solve that

I do not have time with all these load it opens this read there and there then crack it i refuse all these stuff at the end you have to find the way to get in to the software, easy ways quickly just load malware to infect

ez

Question: why didn’t he “trust” the Ghidra from the official Kali repo? Why go through the process of installing manually??

What is this stuff called? Cybersecurity?

You seemed disappointed that you got the flag so quickly.

Hey jhon can you please tell me how I can trace the memory leak from heapdump file?

You gotta stop man, this is flooding my sub box

process or RE with binary ninja: step 1: load the binary. step 2: see the number in plain text from the decompiler. step 3: profit

John 1337 the king

I solve it by viewing your video but you did it late by looking for other stuffs. Maybe you do to let us all understand everything

Is this the apparently kid all grown up?

cool but i didn't understand a single word said in this video

Yt algo

Have you ever got a live virus on your own system? Or a RAT?

beautiful hair ........ I want to touch it haha

Removed from my feed for uploading 18 videos at a time. You know how TH-cam works and that is not how you do it.

m9wd

its too simple

High Level Forgetting

why your voice like ill man, my tonsil hurts now AAAH

I gotta unsub for a little bit until this wave is finished with. You are absolutely flooding my subscribe stream.

You my friend just got an unsub for those stupid uploads spamming my feed👺