32 lines
1.5 KiB
Markdown
32 lines
1.5 KiB
Markdown
###### David Westgate 17 May 2024
|
|
## HW5 for gensec
|
|
This application attempts to automatically solve CTF levels for CS492/CS592 Malware Reverse Engineering.
|
|
It does so by prompting the user for a specific binary level, and automatically fetching the level from the web.
|
|
If it is able to do this, the application will perform an object dump of this binary, and send it to the LLM with a prompt,
|
|
to see if the LLM can respond with the correct password.
|
|
|
|
### Setup + Run
|
|
Install python3, then
|
|
```
|
|
cd hw5
|
|
pip install -r requirnments.txt
|
|
cp .env.example .env #fill in env file with key
|
|
python3 app.py
|
|
```
|
|
|
|
### Results
|
|
On average, this application is not very good at solving the CTF levels. This is not very suprising however, as these malware reverse engineering levels are technically difficult, and often require special tooling, debugging and subversion of anti-dissassembly and anti-debugging techniques.
|
|
|
|
That said, I tested this application with a handful of the binary files, focusing on the earlier/easier levels of the various chapters (avoiding excessive API cost prevents me for testing all levels). A few succeeded, with others failed returning the incorrect password, or failed and acknowledged they could not figure out it due to limitations.
|
|
|
|
#### Success
|
|
* Ch01StatA_Readelf
|
|
* Ch08Dbg_GdbIntro
|
|
#### Failed (wrong answer)
|
|
* Ch15AntiDis_FakeCallInt
|
|
* Ch21x64_ParamsStack
|
|
#### Failed (acknowledged)
|
|
* Ch15AntiDis_FakeCond
|
|
* Ch18PackUnp_UnpackEasy
|
|
|
|
I imagine this program may perform better for CTF levels of other classes like CS205 Computer Systems Programming |