Last weekend my team and I competed in UofTCTF 2025, where we placed 9th overall. I found one of the reversing challenges really interesting, and I was proud of my solution and solve process, so I made a writeup for it.
For this challenge we’re given a flag checker program, chal.js. Upon opening it I quickly saw that it was obfuscated with obfuscator.io and then minified. Here’s a small snippet of the code in question.
This October, Huntress ran a month-long CTF with challenges releasing every day. It was a team event, but participated solo. I ended up in overall 7th place.
I wrote up my solutions to a small selection of my favorites.
Here we’re given a file called based.txt that contains the following content
楈繳籁萰杁癣怯蘲詶歴蝕絪敪ꕘ橃鹲𠁢腂𔕃饋𓁯𒁊鹓湵蝱硦楬驪腉繓鵃舱𒅡繃絎罅陰罌繖𔕱蝔浃虄眵虂𒄰𓉋詘襰ꅥ破ꌴ顂𔑫硳蕈訶𒀹饡鵄腦蔷樸𠁺襐浸椱欱蹌ꍣ鱙癅腏葧𔕇鱋鱸𓁮聊聍ꄸꈴ陉𔕁框ꅔ𔕩𔕃驂虪祑𓅁聨朸聣摸眲葮𖠳鵺穭𒁭豍摮饱恕𓉮詔葉鰸葭楷洳面𔕃𔑒踳𔐸杅𐙥湳橹驳陪楴氹橬𓄱蝔晏稸ꄸ防癓ꉁ𖡩鵱聲ꍆ稸鬶魚𓉯艭𔕬輷茳筋𔑭湰𓄲怸艈恧襺陷项譶ꍑ衮汮蹆杗筌蹙怰晘缸睰脹蹃鹬ꕓ脶湏赑魶繡罢𒉁荶腳ꌳ蕔𔐶橊欹𖥇繋赡𐙂饎罒鵡𒉮腙ꍮ楑恤魌虢昹𒅶效楙衎𔕙ꉨ𓈸𔑭樯筶筚絮𓁗浈豱ꉕ魔魧蕕聘筣鹖樫ꍖ汸湖萰腪轪𓉱艱絍笹艨魚詇腁𒁮陴顮虂癁
Given the name of the challenge and from previous experience, I deduced that this was base65536 encoded data. Using an online tool I decoded the data to get the following.
Since last summer, my main hobby project has been developing my reverse engineering skills by tearing apart Pokémon GO and seeing what I could learn. I’ve played this game since it was released in 2016 (when I was 11), and it’s been a fairly major part of my life since then.
Last July I started by setting up a fairly basic PoGo map, as I described in an earlier blog post. This didn’t require any real technical skill on my part, because it was mostly setting up and running software that other people had already built. I wasn’t satisfied with this, and after I got my map running, I began exploring the game myself, and I found lots of interesting stuff.
Since the introduction of lucky trades in Pokemon GO, there has been an obscure mechanic known as “Guaranteed Lucky Trades” that not many people understand. This is different from “Lucky Friends”, and the game gives no indication ahead of time as to whether or not a trade will be a Guaranteed Lucky Trade (GLT).
In a recent blog post, Niantic announced that they were increasing the GLT cap from 15 to 25, which caused the feature to gain some more attention, and at the same time more confusion.
This weekend I participated in the 2023 RIT Women in Cybersecurity CTF challenge. Overall it was pretty fun, and I ended up coming in first place, winning the grand prize of a new wireless mechanical keyboard 😎. There were a lot of challenges, some good and some less good, but I picked five of my favorites to share.
This was the first challenge I looked at. It ended up being really easy, but I found it enjoyable and silly regardless.
Over the past few months, I’ve been working on developing a system to scan and map Pokémon GO spawns (among other things) for my local community. I don’t play enough to really take advantage of it myself, but hopefully others find it useful. My true goals here were twofold:
When Pokémon GO was first released in 2016, it had an exposed API that allowed pretty much anyone with the required knowledge to build all sorts of maps and tools to assist players. This was fixed after not very long, and for quite some time it became something of a cat-and-mouse game between Niantic, the developers of the game, and the developers in the community trying to exploit it.
For our Worlds robot, we wanted to move back to a flywheel design after running into some issues with our slingshot. We started by looking at what some other teams had done and decided to base our designs on that.
We started by building on the old copy of our chassis we still had laying around, so we could know if this was going to work before we completely dismantled our robot from States.