Banging my head against #microcorruption #halifax for over ten hours now. I have the key. I don't know where the LOCK is.
:notlikethis:

New challenges have been released for Microcorruption:

https://research.nccgroup.com/2022/10/31/check-out-our-new-microcorruption-challenges/

#ctf #reverseengineering #exploitation #msp430 #microcorruption

I've picked up #microcorruption, again. Last time I touched it was when the servers went offline and that inspired me to look into ways to play it outside the browser. The necessary parts of the equation:

- An emulator implementing the "syscalls"/callgate
- A debugger/disassembler/assembler toolchain
- All level files

There's several emulators available, along with a matching toolchain. The level files can be copy-pasted from the browser and the hex dump translated to a binary for the emulator. I've been given the remaining level files on #milliways and started translating my solutions so far to Python scripts that automatically solve each level with #pwnlib.

In case you wonder why to bother, this might be the gentlest introduction into binary exploitation, which I consider the black magic discipline in #infosec.

https://github.com/cemeyer/msp430-emu-uctf
https://aur.archlinux.org/packages/msp430-gdb
https://depp.brause.cc/uctf/