Pop Pop Ret Finder

If you’ve attempt to write an SEH Record exploit, you know that it could be a little time consuming to find a pop pop ret instruction sequence inside a module that has SafeSEH off. This is because first you’d need to find which modules, if any, has SafeSEH off, and then search the sequence within those memory address. You could find the pop instruction for most registers, like “pop esp”, “pop eax”, “pop edx”, etc. Also, theres a good chance you don’t know the opcodes for these, so you’d probably assemble each of them to figure out the opcodes and then proceed to search for matches individually. The most frustrating part is that, after doing all this, it is very likely that there wasn’t any match to begin with.

iCTF 2011: Android Market Challenge

Not all applications on the Android market can be installed by all Android devices. More specifically, each Android device only allows the user to choose from the subset of applications that are considered suitable to be installed on that device. For example, if you visit the Android Market with your browser, you get a list of over 200 applications in the communications (top free) category. Using the Market on a Nexus One lists more then 100 Applications for that very same category. However, using the Android Market on the Android SDK simulator (API level 10, platform 2.3.3) only lists two applications. Give their names in alphabetical order separated by a comma.

SchoolCTF: Deadlamps

The Key Is superline. (Image taken down; http://blackbox.sibears.ru/uploads/6/school-ctf-2011-files/deadlamps.gif)

iCTF 2011 9x9 Choose Your Battles