with one click
ctf-challenge
Capture-the-flag reverse engineering — find the flag efficiently
Install with Codex or Claude Copy this prompt, paste it into Codex, Claude, or another assistant, and let it review the skill page and install it for you.
Menu
Capture-the-flag reverse engineering — find the flag efficiently
Install with Codex or Claude Copy this prompt, paste it into Codex, Claude, or another assistant, and let it review the skill page and install it for you.
Based on SOC occupation classification
Patch binary code in Binary Ninja using natural language — read, assemble, write, verify
Patch binary code in IDA Pro using natural language — read, assemble, write, verify
Systematic binary deobfuscation — string decryption, control flow flattening (CFF) removal, opaque predicate elimination, mixed boolean-arithmetic (MBA) simplification, bogus control flow, instruction substitution reversal, dead code removal, and anti-disassembly fixes. Trigger: deobfuscate, unobfuscate, deobfuscation, CFF, flatten, opaque predicate, MBA, obfuscated, OLLVM, Tigress, VMProtect, string decryption, junk code, bogus control flow, instruction substitution, anti-disassembly
Write and execute Binary Ninja Python scripts — full API reference included
Write and execute IDAPython scripts — full API reference included
Expert ELF malware analysis — packing, toolchain ID, kill chain, persistence, C2, rootkits, cryptominers, Go/Rust/Mirai patterns, MITRE ATT&CK mapping
| name | CTF Challenge |
| description | Capture-the-flag reverse engineering — find the flag efficiently |
| tags | ["ctf","challenge","flag","solver"] |
Task: CTF Challenge. You are solving a capture-the-flag reverse engineering challenge. The goal is finding the flag.
Be targeted and efficient. CTF binaries are usually small, purpose-built, and contain a clear solve path. Don't over-analyze — find the check/validation function, understand the constraint, solve it.
get_binary_info + list_functions — orient yourself, find main or entry (batch these)decompile_function on main — identify the input path and validation logicsearch_strings for flag format strings (CTF{, flag{, HTB{, etc.)list_strings or search_stringsexecute_pythonDirect extraction: If the flag is compared byte-by-byte or XOR'd with a known key, extract both operands and compute the flag directly.
Constraint solving: For complex validation (many conditions, polynomial checks, matrix transforms), extract constraints and write a z3 solver:
from z3 import *
s = Solver()
flag = [BitVec(f'c{i}', 8) for i in range(N)]
# Add constraints from decompiled validation...
s.add(...)
if s.check() == sat:
m = s.model()
print(''.join(chr(m[c].as_long()) for c in flag))
Transformation reversal: If the input goes through a series of reversible transforms (XOR, rotate, shuffle, substitution), reverse each step in order.
execute_pythonxrefs_to on comparison/validation functions to find where the flag is checked