Unity Game Hacking Challenge - "Azusawa’s Gacha World" [SekaiCTF]

Рет қаралды 3,090

Күн бұрын

Video walkthrough for "Azusawa’s Gacha World", a [game] reversing challenge from Project SEKAI CTF 2023. The challenge involved memory manipulation with cheat engine (optional), reverse engineering of Unity game code (C#) in dnSpy, some network traffic analysis and HTTP traffic manipulation. Write-ups/tutorials aimed at beginners - Hope you enjoy 🙂 #SEKAICTF #ProjectSEKAI #CTF #ReverseEngineering #GameHacking #CheatEngine
You can find my full write-up here: github.com/Crypto-Cat/CTF/blo... 🥰
If you liked this video and/or want to learn more about game hacking with cheat engine, check out the full tutorial series I created on the ‪@intigriti‬ channel: • Cheat Engine: Introduc... and the gamepwn README: github.com/Crypto-Cat/CTF/tre...
↢Social Media↣
Twitter: / _cryptocat
GitHub: github.com/Crypto-Cat/CTF
HackTheBox: app.hackthebox.eu/profile/11897
LinkedIn: / cryptocat
Reddit: / _cryptocat23
KZfaq: / cryptocat23
Twitch: / cryptocat23
↢Project SEKAI CTF↣
ctftime.org/event/1923
ctf.sekai.team/challenges
/ discord
↢Resources↣
Ghidra: ghidra-sre.org/CheatSheet.html
Volatility: github.com/volatilityfoundati...
PwnTools: github.com/Gallopsled/pwntool...
CyberChef: gchq.github.io/CyberChef
DCode: www.dcode.fr/en
HackTricks: book.hacktricks.xyz/pentestin...
CTF Tools: github.com/apsdehal/awesome-ctf
Forensics: cugu.github.io/awesome-forensics
Decompile Code: www.decompiler.com
Run Code: tio.run
↢Chapters↣
0:00 Start
1:05 Explore functionality
2:09 Increase coins/credits with Cheat Engine
3:38 Decompile Assembly-CSharp.dll with dnSpy
5:50 Patch game code
9:39 Monitor network traffic
11:20 Manipulate HTTP requests
12:23 Decode the flag
13:18 End

Пікірлер: 38

@AlexChaveriat 10 ай бұрын

Great challenge and video! It always amazes me how long Cheat Engine has been in active development.

@_CryptoCat 10 ай бұрын

ikr, still going strong! 🔥 nice meeting you (briefly) at defcon 🥰

@funnymemes2440 9 ай бұрын

Bro I love your videos. I love how in depth you go so an intermediate like me can also follow.

@_CryptoCat 9 ай бұрын

Thanks mate, appreciated! 🙏🥰

@enscry 10 ай бұрын

thank you for playing my challenge and for the wonderful video!

@_CryptoCat 10 ай бұрын

Great challenge mate, thanks! If you'd be interested in making a game hacking chall for the intigriti CTF coming up in a couple of months, that would be super cool! No pressure, just send me a DM if you're up for it 🙂

@alexsaliev7181 10 ай бұрын

@jktrn Hi, do you know about that flag located in the aseests file?

@_CryptoCat 10 ай бұрын

@@alexsaliev7181 I did not know 😂

@trentonstiles9540 9 ай бұрын

This guy is always the goat, he helped me understand ROP-Emporium and he posts resources in the description

@_CryptoCat 9 ай бұрын

Thanks mate! ROP Emporium is a great pwn resource 🔥

@markuche1337 10 ай бұрын

Great Walkthrough 😊

@_CryptoCat 10 ай бұрын

ty 🥰

@nikolanojic6861 9 ай бұрын

Very interesting video i must say , and also i want to say that ur previous videos helped me in so many ways thank you big time 😊

@_CryptoCat 9 ай бұрын

Thank youuu 💜

@ARZ10198 10 ай бұрын

Very interesting challenge, thanks for the walkthrough

@_CryptoCat 10 ай бұрын

🙏🥰

@mrmidnight7331 9 ай бұрын

Nice job m8

@_CryptoCat 9 ай бұрын

💜

@MarcinMajkut-lw9zb 10 ай бұрын

your voice is so calming and sexy, great vid btw

@_CryptoCat 10 ай бұрын

ty 🥰

@alexsaliev7181 10 ай бұрын

We a complete this challenge, with a simple opened assets file in game resources 😀 but I like your attempt to patch game code, because I tried it like you

@_CryptoCat 10 ай бұрын

Oh wait, you could just get it from the resources? 😕 I thought that at the beginning but after I solved it, I figured since the flag can back from the server it wouldn't be solvable locally 🤔

@alexsaliev7181 10 ай бұрын

@@_CryptoCat we, on the contrary, did not find that the application connects to the backend 😉

@_CryptoCat 10 ай бұрын

@@alexsaliev7181 Huh.. the server defo returns the flag though, that's where I got it from at 12:08 (without the game). I guess it must of been also still in the local resources.. Guessing that was unintended 😆

@sweetygremlin5960 10 ай бұрын

Thanks for the vid, it was my very first real CTF and I got very upset when realized its difficulty and could solve nothing

@_CryptoCat 10 ай бұрын

Haha I only looked at 2 challs (both game hacking) but I expected the would CTF to be difficult overall 😁

@funnymemes2440 9 ай бұрын

Bro me too. I solved only the first web but nothing after that

@_hackwell 10 ай бұрын

I should go for game hacking. thanks for this great video

@_CryptoCat 10 ай бұрын

Game hacking is always good fun 🔥

@ehsanyakoobi1880 9 ай бұрын

Very great content ! Would you please recommend a path for me to become like you, I am doing my undergrad in IT. But, I have no idea from where to start ! I do follow CTF videos though !

@_CryptoCat 9 ай бұрын

Thank you! I think the best way is to just jump in on the practical learning, e.g. CTFs, hackthebox, tryhackme etc.. My favourite resources are here: github.com/Crypto-Cat/CTF#hacking-resources

@ehsanyakoobi1880 9 ай бұрын

thanks A lot !! @@_CryptoCat

@anntakamaki1960 6 ай бұрын

12:16 Sir, what’s the reasoning that putting high value for “pulls” returns the flag?

@_CryptoCat 6 ай бұрын

Honestly not sure 😂 I should of probably reviewed the code at the end to see exactly what was happening but ig I gave up after getting the flag 😁

@anntakamaki1960 6 ай бұрын

@@_CryptoCat ok, so just playing around with different values resulted in answer.

@_CryptoCat 6 ай бұрын

@@anntakamaki1960 Bingo! ✅

@mpiie2.086 10 ай бұрын

Can u make explain about web and more in sekai ctf please

@_CryptoCat 10 ай бұрын

I didn't actually check any web challs this time! Had a couple of birthday events to attend this weekend so literally just looked at the 2 game hacking challenges 🎮