Security Magic

 Hello World! I created an RPG game last year for a CTF I contributed to. I am able to release this now to the public. The game, if played without using a "Cheat Code" which you can purchase in the first shop in the castle is expected to take around 4 hours to play. If you're not much of a game and you're here just to solve challenges, then purchase the cheat code in the first shop to become way overpowered, this saves you time on grinding and battles. Download the game at Itchi.io:  https://lukeacha.itch.io/capture-the-flag-2024 While this is not malware, I always urge caution. Run NW.exe to start the game. The challenge flags will be in the form of ISRMCTF{} unless otherwise stated. Flag 1: To your delight you find a treasure chest at the top of the castle tower, however, it gives a suspicious message... Is there more to this treasure chest than meets the eye? Flag 2: The pyramid is place of mystery, threat hunters need to pay special attention to the words of wisd...

 Hello World! I've been looking at some PYC samples lately, and decided to do a deep dive into the sample on this x post :  https://x.com/malmoeb/status/1853723915723350526 Specifically, I'm looking at  sample SHA256: de195ebb0f1cf3762d73f956b9d21b63de1a5bbe9626a78af623ed9f59ed760f The first thing I did when looking at this sample was run pycdas : We get a look at the disassembled code here.  The first few bytes ""\xfd7zXZ"" suggest LZMA XZ Compressed. Using the following simple script you can output this to a file  I ran an output to decodedfile.txt here. Analyzing this file we can see variables with names like "___", "_____" etc.... We can see some of the decode logic, such as charcode 98, 54, 52, 100, 101, 99, 111, 100, 101 for b64decode, b64decode("cm90MTM=") for ROT13, and [::-1] for string reverse. We also cans see that it concatenates the decoded variables together to one final output. Using this guide as a guide, we can ...