N1CTF 2025
Two obfuscation-heavy reversing challenges that were excellent study material—and somehow attracted more solvers than I expected.
N1CTF 2025 featured several obfuscation-heavy reversing challenges, so after the CTF I decided to write up the two that I found particularly interesting.
The obfuscation techniques in both challenges were genuinely fascinating. Once the underlying structure was understood, however, recovering the flag itself was relatively straightforward. I was therefore a little surprised to see more solvers than I had expected. Maybe the players were simply that good—or maybe LLMs have become frighteningly capable at this sort of thing.
Either way, both challenges gave me plenty to study, and I learned quite a bit while turning my notes into full write-ups. I hope you enjoy reading them.
Write-ups
n1vm
A decompiler-hostile binary that conceals conditional branches by hiding the state of EFLAGS. This write-up covers control-flow recovery, decompilation repair, and the remaining flag-checking logic.
True Operation Master
A layered reversing challenge involving packing, layout obfuscation, runtime hooking, pattern-based data-flow recovery, and a custom VM. The individual pieces are approachable, but together they make for a particularly rich analysis target.
