▲ 0 r/Defcon+1 crossposts

I built a rev challenge that turns into crypto after like 4 layers of pain. Am I evil?

I’ve been working on a CTF challenge called palimpsest, and I wanted to share the idea because it’s probably the most evil rev challenge I’ve made so far.

The public files are just a stripped ELF and an encrypted pack file. There’s no input prompt, no “correct/wrong” branch, and no plaintext flag. Running it normally just gives you a mostly useless digest, so the solve is not about patching a branch or finding a password check.

The binary has a couple fake VM paths and one real custom VM. The real VM uses stateful opcode decoding, so the same encoded instruction can mean different things depending on runtime state. There are also a few self-modifying bytecode spots, so static disassembly alone is kind of doomed. The intended move is to reverse the VM loop, write a tracer or emulator, and dump what it builds in memory.

That memory dump is not the flag either. It’s a masked typed IR that turns into a modular constraint graph. After decoding the IR and simplifying the constraints, the actual crypto finally shows up: a custom Schnorr-style signature system with decoy samples and a noisy affine nonce relation.
So the solve path is basically:

  1. unpack the sections
  2. ignore the fake VMs
  3. reverse the real VM
  4. write an emulator/tracer
  5. dump the hidden IR
  6. decode/type-infer the IR
  7. simplify the constraint graph
  8. extract the Schnorr equations
  9. filter decoys
  10. run a lattice attack
  11. recover the private scalar
  12. decrypt the flag

I’m trying to keep it brutal but fair. No random crashes, no anti-debugging junk, no network stuff, and no impossible crypto. The hardness is supposed to come from the layers and the fact that each stage only reveals the next representation.

Curious what rev people think: is this the fun kind of evil, or did I cross into “I am switching to OSINT and finding where the challenge developer lives” area?

reddit.com
u/i_mattas — 5 hours ago
▲ 3 r/dev+2 crossposts

I'm building an IDE that lets you write, build, and sideload iOS apps entirely from Windows (no mac required)

For years the story for doing iOS stuff without a Mac has been a pile of separate tools: Sideloadly or AltServer to push an IPA, SideStore to keep it alive, and… nothing that actually lets you write and build the app in the first place. If you're on Windows or Linux you're basically locked out of the whole loop.

I'm building IPA Studio to close that loop — a native IDE (C++/Qt) where you write the code, build it, sign it, and sideload it to a plugged-in device, all from a PC.

The part I think is interesting is how it gets around the "you can't compile iOS apps off a Mac" wall. There are two pipelines:

  • Build: you can't run Apple's compiler on Windows/Linux, so the IDE generates a GitHub Actions workflow that builds your project on a macOS runner and pulls the resulting .ipa back down. You never touch a Mac — CI is the Mac.
  • Sign + sideload: this part is fully local and cross-platform. It replicates what Xcode's free provisioning does — sign in with your Apple ID, get a development cert, register your device + an App ID, pull a provisioning profile, code-sign the app, and install it over USB. Same approach AltStore/SideStore use, just built straight into the editor.

On top of that: a real code editor (Scintilla + LSP), project templates for SwiftUI / UIKit / Obj-C / watchOS / tvOS, a first-run wizard that sets up GitHub and your Apple ID once and remembers it, and AI/agent integration you can point at whatever model you want. Native dark UI, no Electron.

On the stack — it's C++/Qt for the whole app. One decision I went back and forth on: the actual Apple pipeline (Grand Slam auth, anisette, the CMS Mach-O signing) has solid, battle-tested implementations in Rust and basically nothing equivalent in C++, so I'm leaning toward wrapping that Rust core behind a C ABI and calling it from C++ rather than reimplementing fragile auth/signing crypto myself. Curious whether people think that's the right call or if I'm overcomplicating it.

It's early, I'm building it out in phases right now, not shipping a v1 yet. Mostly I wanted to put the idea out there before I go heads-down:

  • Would you actually use something like this?
  • Anything you'd consider a dealbreaker if it were missing?
  • And if you've seen prior art that already does the full code → build → sideload loop from a PC, point me at it.
u/i_mattas — 16 days ago
▲ 14 r/dev+1 crossposts

Reported Security Issues to a Software Developer, Got Banned Instead. Was I Wrong?

I wanted some outside opinions on this because I’m getting mixed feelings about whether I handled this correctly.

There’s a Discord server/community that develops a Windows gaming optimization tool called Risxn. A while back I actually used their utility before I got into reverse engineering and binary exploitation.

Recently I was bored and decided to take a look at their software. I ended up fully deobfuscating the application and reversing how it worked. As part of that process, I was also able to recreate a functional replica of the application and discovered that their backend endpoints could be abused to generate valid licenses.

After finding all of this, I felt like the responsible thing to do was disclose it to them so they could fix the issues. Since I had already reversed the application, I figured it would be useful to show them exactly what was wrong and how an attacker could exploit it.

I opened a support ticket and explained everything. They asked me for proof, so I sent them a ZIP containing the project directory I had been working in, including my analysis, deobfuscated code, and the proof-of-concept work that demonstrated the vulnerabilities.

They reviewed it, thanked me for reporting the issues, and then shortly afterward banned me from their Discord, revoked my license, and removed me from their backend system where licenses were managed.

I’m honestly confused by the response. From my perspective, I reported serious security issues, provided evidence, and gave them the information they needed to fix the vulnerabilities. On the other hand, I can understand why a company might not appreciate someone reversing their software, rebuilding it, and demonstrating license generation exploits.

So my question is:

Was I in the wrong here, or was this a reasonable example of responsible disclosure? How would you have handled this situation differently?

reddit.com
u/i_mattas — 26 days ago
▲ 5 r/dev+1 crossposts

Hello everyone, i’m working on a project called “Task Demanager” in Rust which is basically russian roulette with your PC, it randomly selects a PID and kills the processes.

u/i_mattas — 2 months ago