Rev

To solve the “just the check please” task from PPP-CTF in 2023 I went the unusual path of lifting the virtual machine code used as obfuscation to LLVM-IR. That way I was able to utilize the advanced symbolic execution engine “Klee” to solve for the winning input.

The two widespread ways to disassemble binaries are called linear sweep and recursive disassembling. While the first one is particularly easy to use and implement it also has severe drawbacks. Let me demystify the recursive algorithm, show its merits and provide you with a small sample script so you don’t need to skimp on disassembling when whipping up your next static analysis toolchain.