ReverseThatApp

my first post on @hackernoon get more reading time than Medium one (100 views vs 1k6) 😂, more to come soon hackernoon.com/bypassing-ssl-… #iOSSecurity #MobileSecurity

CSCG 2026 is live (until 01.05.)! 🥳 Jump in, solve challenges, learn something new, and climb the scoreboard. This year CSCG also serves as the OpenECSC for ECSC 2026 Germany. @ECSC_openECSC play.cscg.live

A three part blog series by @jack_halon provides a great introduction into v8 and JS internals, compilation pipeline and ends with analyzing and exploiting CVE-2018-17463 a JIT vulnerability in Turbofan: jhalon.github.io/chrome-browser… jhalon.github.io/chrome-browser… jhalon.github.io/chrome-browser…

@8kSec @lautarovculic glad that the write-up are helpful, any new challenges coming soon? 😎

We’re excited to share another round of write-ups inspired by the 8kSec Battlegrounds. Huge thanks to everyone who took the time to document and share their process. Scroll down to check out what the community has been working on. @lautarovculic Back Sync - lautarovculic.github.io/writeups/8kSec… Bad Preferences - lautarovculic.github.io/writeups/8kSec… Clear Route - lautarovculic.github.io/writeups/8kSec… Free Fall Game - lautarovculic.github.io/writeups/8kSec… Frida in the Middle - lautarovculic.github.io/writeups/8kSec… Swizzle me Timbers - lautarovculic.github.io/writeups/8kSec… Trace the Chat - lautarovculic.github.io/writeups/8kSec… Trace the Map - lautarovculic.github.io/writeups/8kSec… Henry Hung Dang Freefall - reversethat.app/reverse-engine… Droid Pass - reversethat.app/reverse-engine… Henry was the first to solve the Droid Pass challenge🙌🥳 @n0ps3 Frida in the Middle - n0psn0ps.github.io/2025/07/13/8kS… Keep them coming! Your write-ups help others learn. All mobile security challenges are free to try: 8ksec.io/battle #MobileSecurity #ReverseEngineering #ExploitDevelopment #iOSSecurity #AndroidSecurity #ARM64

Get your macOS 26.0 xnu CodeQL database (and compile_commands.json) here! 👩 ‍ github.com/blacktop/darwi…

After hours of Flutter AOT reversing, Dart object pool decoding & AES key derivation tracing, I became the first globally to crack DroidPass Full write-up reversethat.app/reverse-engine… #Android #AndroidSecurity #ReverseEngineering #CTF #Flutter #Dart #8ksec #DroidPass

@idkhiddenwtf nice, cant wait for the write-up

themida kinda fun to reverse

Just published my #flareon12 challenge 8 write-up Spent hours playing with Intel Pin (wrong path 😅), then switched to a bottom-up event-based approach using WinDbg TTD, x64dbg, ret-sync & IDA — felt like cracking old game trial licenses again 😄 🔗 reversethat.app/posts/flareon1…

@TriggerMeHappy @m_r_tz same approach, it's just annoying scrolling up and down :D

@m_r_tz I just focused on the API call's and ignored most of the actual instructions. That worked surprisingly well

Here's how the obfuscation in #flareon12 challenge 7 looks like in source - all just junk code 🗑️

@m_r_tz why? whyyyy? 😂

@8kSec submitted last week, could you please check the solution and attached write up?

Nobody’s cracked this Android lab yet 🤯 Meet DroidPass: Ultimate Password Vault, a purposely flawed password manager hiding its base encryption key inside the APK. Your mission: statically reverse-engineer the app and extract the exact base key used to encrypt the password DB. Think you can be the first to break it? Drop a comment if you’re in. Winner gets ultimate bragging rights🔥 🔗 academy.8ksec.io/course/android… #MobileSecurity #ReverseEngineering #AndroidSecurity #CTF

@8kSec challenge solved, drafting the write ups 😁

@malware_owl congrats 🔥

Ok. Time to rest 🥲 #flareon12

When static analysis hits a wall, dynamic tracing with Frida’s Stalker API reveals what’s really happening at runtime. Learn to trace ARM instructions, filter for ldr/str, and see how obfuscated apps manipulate data: 🔗 8ksec.io/advanced-frida… #ReverseEngineering #AndroidSecurity #iOSSecurity #DynamicAnalysis #Obfuscation #MalwareAnalysis

Tried out Harmony for the first time. It’s super handy for reverse engineering obfuscated C# binaries, especially when it comes to automation. I used to struggle automating steps in dnSpy, but Harmony made it seamless. Checkout my writeup on Securinets CTF kos0ng.gitbook.io/ctfs/write-up/…

@zvikam now we understand what is sm in the challenge name stands for 😆

had to clear some space on my #flareon12 VM, and I came across the directory for challenge 5... full of IDA crash-dump files. the good old days when we thought we had problems.

@hasherezade congrats

Finally done with #flareon12. The 9th task was quite a ride. I need some tips from those who did the whole thing in less than a week.

@TriggerMeHappy @Mandiant must be this year is easier 😅

@ReverseThatApp @Mandiant Grats for finishing so quick 💪

Really enjoyed #flareon12 — especially challenges 7, 8, and the brutal but fun final challenge (9). 🧠🔥 Thanks to @Mandiant for another amazing RE CTF. #CTF #ReverseEngineering #CyberSecurity

@malware_owl it's easier right? 😆

@ReverseThatApp Guess the obfuscation technique is different this time XD

Challenge 7 of #flareon12 has so many junks that I almost cried. Managed to write a deobfuscator for that. Time to solve it for real ...