Use files in this gist to make your own solve of these fun challenges by zdeveau! The extra challenge is that you must do it using only static analysis in radare2. To make things a bit easier on you we will use Jupyter (Labs) Notebooks.
Install the python (tested with python-3.10) packages you will need (a full tested pip freeze is in requirements.txt also):
pip3 install jupyterlab r2pipeThen start with jupyter-lab (and open the url with token that it shows you).
Open the __your_solve.ipynb file in the browser UI of jupyter-lab and you will find a place to work on your own solution to the challenges. Start with this file. It will direct you to install a specific version of radare2:
git clone --depth=1 https://github.com/radare/radare2 && cd radare2
./sys/install-rev.sh v5.4.2The rest of the files contain SPOILERS! Open them when following along with the training or you need spoilers to get un-stuck:
_intro.ipynb-- concepts and tools, some steps to starthands-on-1.ipynb-- find the code handling the joypad reads and what are the magic joypad inputs?hands-on-2.ipynb-- find all the variable in memory tainted by correct button presses, follow the start button pressed code, flag the flag!hands-on-3.ipynb-- find the flag, find the code making ref to the flag, find the code tainting variables which are used by the code making ref to the flag, flag the flag!