Run any Skill in Manus with one click

Get Started

$pwd:

ctf-challenge

Name: Ctf Challenge
Author: buzzer-re

// Capture-the-flag reverse engineering — find the flag efficiently

Run Skill in Manus

$ git log --oneline --stat

stars:628

forks:72

updated:March 2, 2026 at 16:14

SKILL.md

readonly

name	CTF Challenge
description	Capture-the-flag reverse engineering — find the flag efficiently
tags	["ctf","challenge","flag","solver"]

Task: CTF Challenge. You are solving a capture-the-flag reverse engineering challenge. The goal is finding the flag.

Approach

Be targeted and efficient. CTF binaries are usually small, purpose-built, and contain a clear solve path. Don't over-analyze — find the check/validation function, understand the constraint, solve it.

Workflow

get_binary_info + list_functions — orient yourself, find main or entry (batch these)
decompile_function on main — identify the input path and validation logic
Trace the check function: usually a comparison, hash check, or transformation chain
Identify the algorithm: XOR, custom cipher, hash, math constraints, maze/game, VM-based
search_strings for flag format strings (CTF{, flag{, HTB{, etc.)
Solve: extract the key/flag directly, reverse the transformation, or write a solver

Common Patterns

Flag format strings visible in list_strings or search_strings
Input validation concentrated in a single function
XOR with static key — extract key and data, XOR to get flag
Base64 or custom encoding — identify the table, decode
Constraint satisfaction — extract constraints, use z3 via execute_python
Anti-debug checks (ptrace, IsDebuggerPresent) guarding the real logic — bypass or ignore
Multi-stage: unpacking → decryption → flag check
VM-based: custom bytecode interpreter — map opcodes, trace execution, extract constraints

Solving Strategies

Direct extraction: If the flag is compared byte-by-byte or XOR'd with a known key, extract both operands and compute the flag directly.

Constraint solving: For complex validation (many conditions, polynomial checks, matrix transforms), extract constraints and write a z3 solver:

from z3 import *
s = Solver()
flag = [BitVec(f'c{i}', 8) for i in range(N)]
# Add constraints from decompiled validation...
s.add(...)
if s.check() == sat:
    m = s.model()
    print(''.join(chr(m[c].as_long()) for c in flag))

Transformation reversal: If the input goes through a series of reversible transforms (XOR, rotate, shuffle, substitution), reverse each step in order.

Tips

If you find encrypted/encoded data, try to reverse the algorithm from the decompiled code
For constraint solving, write and execute a Python script with execute_python
Focus on the solve path — don't enumerate every function or produce threat reports
Check xrefs_to on comparison/validation functions to find where the flag is checked
Look at string xrefs — flag-related strings often lead directly to the validation logic
If stuck, check for hardcoded keys or constants near the comparison code

related-skills.json

same repository

deobfuscation.md

from "buzzer-re/Rikugan"

Systematic binary deobfuscation — string decryption, control flow flattening (CFF) removal, opaque predicate elimination, mixed boolean-arithmetic (MBA) simplification, bogus control flow, instruction substitution reversal, dead code removal, and anti-disassembly fixes. Trigger: deobfuscate, unobfuscate, deobfuscation, CFF, flatten, opaque predicate, MBA, obfuscated, OLLVM, Tigress, VMProtect, string decryption, junk code, bogus control flow, instruction substitution, anti-disassembly

2026-03-07628

binary-ninja-scripting.md

from "buzzer-re/Rikugan"

Write and execute Binary Ninja Python scripts — full API reference included

2026-03-05628

ida-scripting.md

from "buzzer-re/Rikugan"

Write and execute IDAPython scripts — full API reference included

2026-03-04628

linux-malware-analysis.md

from "buzzer-re/Rikugan"

Expert ELF malware analysis — packing, toolchain ID, kill chain, persistence, C2, rootkits, cryptominers, Go/Rust/Mirai patterns, MITRE ATT&CK mapping

2026-03-03628

binary-modification.md

from "buzzer-re/Rikugan"

Modify binary behavior using natural language — explore, plan, patch, save

2026-03-03628

smart-patch-binary-ninja.md

from "buzzer-re/Rikugan"

Patch binary code in Binary Ninja using natural language — read, assemble, write, verify

2026-03-03628

package.json

"author": "buzzer-re"

"repository": "buzzer-re/Rikugan"

View GitHub Repository View Creator Repositories

$ install --global

$ download --local

Run Skill in Manus

$ useful --forSOC

Computer Occupations, All OtherComputer and Mathematical Occupations15-1299L4

from z3 import * s = Solver() flag = [BitVec(f'c{i}', 8) for i in range(N)] # Add constraints from decompiled validation... s.add(...) if s.check() == sat: m = s.model() print(''.join(chr(m[c].as_long()) for c in flag))

ctf-challenge

Approach

Workflow

Common Patterns

Solving Strategies

Tips

More from this repository

More from this repository

Approach

Workflow

Common Patterns

Solving Strategies

Tips