Whites Only

MediumMalware Reverse Engineering

Overview

You are given a chess game where only White’s moves are recorded, leaving the Black moves unknown. Your challenge is to reconstruct the full game by determining the Black moves that logically complete the sequence and satisfy the conditions set by the program. Focus on analyzing the partial game and uncovering how the missing moves fit within the rules and constraints of chess, enabling the program to reveal its hidden output.   Flag format:   flag{********_****_****}

Lab Details

Prerequisites & Requirements

  • Golang Binary Analysis: Familiarity with Go’s runtime, metadata structures, and symbols ( e.g ., main.main and library imports).
  • Static Analysis: Proficiency in using a disassembler (IDA Pro/Ghidra) to trace data flow through external library calls.
  • Cryptographic Logic: Understanding of how hash functions (MD5) can be utilized as keys for symmetric ciphers (XOR).
  • Chess Logic: Fundamental understanding of PGN (Portable Game Notation) and legal move validation.

What will you learn?

  • Reversing Go Libraries: Identifying and analyzing third-party package integrations ( e.g ., notnil/chess) within a compiled binary.
  • Dynamic Key Derivation: Analyzing malware that generates decryption keys based on external file inputs rather than hardcoded strings.
  • Constraint-Based Brute-Forcing: Developing a Python-based solver to navigate a game’s state-space and find specific win conditions (Checkmate).
  • XOR Blob Recovery: Extracting and decrypting obfuscated data segments (main_flag) from a PE binary.

Tools

  • Disassembler: IDA Pro (with Go-specific analysis plugins).
  • Automation: Python 3.x (utilizing the chess library).

Job Positions

Malware Analyst

Tags

Ida ProStatic AnalysisAssemblyDisassemblerOpcodesBrute Force