LiveOverflow

Pwn Adventure 3 is an online game, created for a hacking CTF competition. Over the past few months I have solved all available challenges and created detailed walkthrough videos. The videos don't just show the solutions, I explain my thought process and show where I got stuck or failed. I'm very proud of the final result.

Here is the YouTube Playlist. Below you can find a list of episodes:

https://www.youtube.com/playlist?list=PLhixgUqwRTjzzBeFSHXrw...

GitHub: https://github.com/LiveOverflow/PwnAdventure3 Pwn Adventure 3: http://www.pwnadventure.com/

Excluding the casual Let's Play episode (which can be skipped), the whole series is less than 4 hours long.

* Let's Play/Hack [39:20]

* Setup Private Server with Docker [8:42]

* Information Gathering / Recon [14:09]

* Recover Game Classes with gdb [11:28]

* Hooking on Linux with LD_PRELOAD [12:07]

* Flying and our first Flag! (Cow King) [6:34]

* Teleporting and Hovering (Unbearable Revenge) [9:31]

* Find the hidden Golden Eggs [10:26]

* Developing a TCP Network Proxy [12:26]

* Analyzing the Game Network Protocol [14:48]

* Implementing Autoloot with the Proxy [12:33]

* Exploiting an Integer Overflow (Fire and Ice) [19:59]

* †: Signed and Unsigned Integers - Integer Overflows.5 [3:12]

* Analyzing the Blocky Logic Puzzle [10:51]

* Failing at Machine Learning (Blocky part 2) [14:34]

* Reversing Input Validation (Keygen part 1) [12:27]

* Reversing Custom Encoding (Keygen part 2) [16:01]

* Understanding the Key Verification Algorithm (Keygen part 3) [13:10]

* RSA Implemented in Assembler (Keygen part 4) [16:23]

* RSA Implemented in JavaScript (Keygen part 5) [4:32]

* The Last Flag (Overachiever) [5:31]

And please also checkout the rest of my channel LiveOverflow: https://www.youtube.com/LiveOverflowCTF

Hey HN,

pop-ups are already very annoying, but pop-unders are worse. They usually stay in the background until a user closes all other windows, which is great for terrible ads and even better for things like coinhive.

I have reverse engineered several tricks used by a pop-under library and reported the bugs to Chrome. After several months without a working pop-under technique, the library was updated with a new trick and it's working on Widows, Linux and Mac from the current version of Chrome up to the development version 68.

While reporting the issues to Chrome is nice, I also create videos explaining the process and tools I use when analysing and working with obfuscated JavaScript.

So here is the latest video:

Custom Chromium Build to Reverse Engineer Pop-Under Trick (15min): https://www.youtube.com/watch?v=y6Uzinz3DRU

Chromium Issue 833148: https://bugs.chromium.org/p/chromium/issues/detail?id=833148

If this was interesting for you, here are the previous videos on the topic - each one shows some other tricks/tools used:

Reverse engineering obfuscated JavaScript - PopUnder Chrome 59: https://www.youtube.com/edit?o=U&video_id=8UqHCrGdxOM

Reverse engineering PopUnder trick for Chrome 60: https://www.youtube.com/watch?v=PPzRcZLNCPY

[Live] Reverse Engineering new PopUnder for Chrome 63 on Windows (very long/boring livestream): https://www.youtube.com/watch?v=VcFQeimLH1c

Thanks for checking out the videos!