Done.
For those who are still struggling with this one:
-
It is ARM code, yes, but it’s not that difficult to read once you get used to it. My suggestion for those who are at a lost with ARM code: write some hello world program and compile it with buildroot or anything like it and then reverse it to see what it looks like and then try to compare the code to Pseudo.
-
I finally solved it by writing a Python interpreter of my own that, as someone has said, skips certain something. This is not necessary, you can also solve it without writing your own bytecode interpreter, but if you happen to write your own script, then you will probably catch the “twist” this has right before knowing there’s a twist XD.
-
Follow the input (password and username) and how it is transformed. Try to identify all the opcodes the VM uses and what they do. For those two certain paths full of no-sense ARM code related to maths, don’t be a fool: think it like a black-box: identify the parameters that get in and the output that gets out and be done with it.
4 I have used: r2 + qemu-aarch64-static -g 1234 + gdb-multiarch to run, debug and reverse Pseudo.
- Try harder.
For the record: I’m not a RE expert. This has been my first ARM challenge so far, and my second VM. The first VM-like CTF I solved I did it with angr, so you can imagine my skills. And yet, as someone has already said, it’s doable.
Enjoy!