| WeeperVM -- Level 1 |
All collateral is in the archive, the explanation/log is in `writeup.md`. This was a fantastic crackme that required all of my skill and more; thanks! I particularly loved how my chosen solution of turning the scrambling function into hardware and then using hardware tooling worked very well where the symbolic RE tooling like angr did not.
I would say that the BN architecture was a very easy part (it took me 3-4 hours at most to get there), and misreading `rax_2` as `rax` in the BN output cost me two days. As is the custom. |