| .. | ||
| .env.example | ||
| app.py | ||
| README.md | ||
| requirements.txt | ||
| screencast_url.txt | ||
David Westgate 17 May 2024
HW5 for gensec
This application attempts to automatically solve CTF levels for CS492/CS592 Malware Reverse Engineering. It does so by prompting the user for a specific binary level, and automatically fetching the level from the web. If it is able to do this, the application will perform an object dump of this binary, and send it to the LLM with a prompt, to see if the LLM can respond with the correct password.
Setup + Run
Install python3, then
cd hw5
pip install -r requirnments.txt
cp .env.example .env #fill in env file with key
python3 app.py
Results
On average, this application is not very good at solving the CTF levels. This is not very suprising however, as these malware reverse engineering levels are technically difficult, and often require special tooling, debugging and subversion of anti-dissassembly and anti-debugging techniques.
That said, I tested this application with a handful of the binary files, focusing on the earlier/easier levels of the various chapters (avoiding excessive API cost prevents me for testing all levels). A few succeeded, with others failed returning the incorrect password, or failed and acknowledged they could not figure out it due to limitations.
Success
- Ch01StatA_Readelf
- Ch08Dbg_GdbIntro
Failed (wrong answer)
- Ch15AntiDis_FakeCallInt
- Ch21x64_ParamsStack
Failed (acknowledged)
- Ch15AntiDis_FakeCond
- Ch18PackUnp_UnpackEasy
I imagine this program may perform better for CTF levels of other classes like CS205 Computer Systems Programming