ctf-reverse
- Repo stars 1,349
- Author updated Live
- Author repo AboutSecurity
- Domain
- Other
- Compatible agents
-
- Claude Code
- Cursor
- Cline
- Codex
- Windsurf
- Gemini CLI
- +20
- Trust score
- 88 / 100 · community maintained
- Author / version / license
- @wgpsec · no license declared
- Token usage
- Lean
- Setup complexity
- Guided setup
- External API key
- Not required
- Operating systems
- macOS · Linux · Windows
- Runtime requirements
- Python
- Permissions
-
- Read-only
- Shell exec
- Write / modify
- Network behavior
- Local-only
- Install commands
- 26 variants
Profile is derived at build time from SKILL.md and install vectors. Subject to drift from author intent.
Heads up: 未限定 allowed-tools,默认拥有全部工具权限。
---
name: ctf-reverse
description: 以下参考资料按需加载,根据识别出的具体方向选择对应文件: ├─ 识别文件类型: file binary │ ├─ ELF → GDB + Ghidra │ ├─ PE/DLL → x64dbg…
category: other
runtime: Python
---
# ctf-reverse output preview
## PART A: Task fit
- Use case: 以下参考资料按需加载,根据识别出的具体方向选择对应文件: ├─ 识别文件类型: file binary │ ├─ ELF → GDB + Ghidra │ ├─ PE/DLL → x64dbg + IDA │ ├─ Mach-O → lldb + Hopper runs entirely locally; runs on Python. Works with Claude Code, Cursor, Cline and 23 more..
- Inputs: target material, constraints, expected output, and acceptance criteria.
- Evidence boundary: follow “深入参考 / 分类决策树 / 快速启动命令” and do not present inference as author intent.
## PART B: Execution result
- **01** The card summarizes the use case; runtime output centers on “以下参考资料按需加载,根据识别出的具体方向选择对应文件: ├─ 识别文件类型: file binary │ ├─ ELF → GDB + Ghidra │ ├─ PE/DLL → x64dbg + IDA │ ├─ Mach-O → lldb + Hopper runs entirely locally; runs on Python. Works with Claude Code, Cursor, Cline and 23 more.”.
- **02** When the source has headings, the agent prioritizes “深入参考 / 分类决策树 / 快速启动命令” so the result follows the author’s structure.
- **03** Typical output includes task judgment, concrete steps, required commands or file edits, validation, and follow-up options.
- **04** Risk context follows the fingerprint: read files, run shell commands, write/modify files; mostly runs locally; usually needs no extra API key.
## Running Rules
- read files, run shell commands, write/modify files; mostly runs locally; usually needs no extra API key.
- Validate with a small sample before expanding scope.
- Return the result, validation criteria, and next iteration options. The source mentions slash commands such as `/proc`, `/tmp`; use them first when your agent supports command triggers.
Name target files or source material, expected output, forbidden changes, and whether network or shell access is allowed. Permission fingerprint: read files, run shell commands, write/modify files.
Start with a small task and check whether the result follows “深入参考 / 分类决策树 / 快速启动命令”. Inspect diffs, logs, previews, or tests before expanding scope.
Confirm the final output includes a concrete result, evidence, and next action. If it stays generic, tighten inputs, boundaries, and acceptance criteria.
---
name: ctf-reverse
description: 以下参考资料按需加载,根据识别出的具体方向选择对应文件: ├─ 识别文件类型: file binary │ ├─ ELF → GDB + Ghidra │ ├─ PE/DLL → x64dbg…
category: other
source: wgpsec/AboutSecurity
---
# ctf-reverse
## When to use
- 以下参考资料按需加载,根据识别出的具体方向选择对应文件: ├─ 识别文件类型: file binary │ ├─ ELF → GDB + Ghidra │ ├─ PE/DLL → x64dbg + IDA │ ├─ Mach-O → l…
- Use it when the task has clear inputs, repeatable steps, and validation criteria.
## What to provide
- Target material, scope, expected result, and forbidden changes.
- Whether network, commands, file writes, or external services are allowed.
## Execution rules
- Organize steps around “深入参考 / 分类决策树 / 快速启动命令” and keep inference separate from source facts.
- read files, run shell commands, write/modify files; mostly runs locally; usually needs no extra API key.
- Validate with a small sample before expanding the task.
## Output requirements
- Return the deliverable, key evidence, validation method, and next action.
- Mark missing information as unknown; do not invent commands, platforms, or dependencies. The author source anchors workflow facts; repository files anchor sources and commands; Fluxly only adds fit, limitations, and quality judgment.
skill "ctf-reverse" {
input -> user goal + target files + boundaries + acceptance criteria
context -> 深入参考 / 分类决策树 / 快速启动命令
rules -> SKILL.md triggers / order / output contract
runtime -> Python | read files, run shell commands, write/modify files | mostly runs locally
guardrails -> usually needs no extra API key + small-sample validation + diff/log review
output -> copyable result + checklist + next iteration
} CTF 逆向工程
深入参考
以下参考资料按需加载,根据识别出的具体方向选择对应文件:
- 静态分析工具(GDB/Ghidra/radare2/IDA/WASM/APK/.NET) → references/tools.md
- 动态分析工具(Frida/angr/lldb/Qiling/Triton) → references/tools-dynamic.md
- 高级工具(VMProtect/BinDiff/反混淆/Rizin/补丁) → references/tools-advanced.md
- 反分析对抗(Linux/Windows反调试/反VM/反DBI/代码完整性) → references/anti-analysis.md
- 语言特征(Python字节码/Lua/WASM/.NET IL/Solidity) → references/languages.md
- 编译语言(Go/Rust/Swift/Kotlin/C++/D/Nim) → references/languages-compiled.md
- 平台特定(嵌入式固件/macOS Mach-O/Android/Flutter/HarmonyOS) → references/platforms.md
- 语言与平台综合 → references/languages-platforms.md
- 逆向模式(校验/编码/迷宫/虚拟机/游戏引擎) → references/patterns.md
- CTF 逆向模式 Part1(自定义加密/矩阵/Brainfuck JIT) → references/patterns-ctf.md
- CTF 逆向模式 Part2(约束求解/侧信道/混淆变换) → references/patterns-ctf-2.md
- CTF 逆向模式 Part3(Z3布尔电路/滑窗Popcount/多步加密) → references/patterns-ctf-3.md
- 运行时修补与Oracle(反分析Patch/多阶段Shellcode) → references/patterns-runtime.md
- CTF反分析实战(SIGILL/SIGFPE/ptrace时序/花指令) → references/anti-analysis-ctf.md
- 仿真与侧信道工具(Qiling/Triton/Unicorn/指令计数) → references/tools-emulation.md
- 硬件与特殊架构(HD44780 LCD/RISC-V/FPGA/自定义ISA) → references/platforms-hardware.md
- 逆向实战笔记(二进制类型速查/反调试绕过/常用patch) → references/field-notes.md
分类决策树
拿到逆向题?
├─ 识别文件类型: file binary
│ ├─ ELF → GDB + Ghidra
│ ├─ PE/DLL → x64dbg + IDA
│ ├─ Mach-O → lldb + Hopper
│ ├─ APK → apktool + jadx (Flutter → Blutter)
│ ├─ .NET → dnSpy / ILSpy
│ ├─ Python .pyc → uncompyle6 / decompyle3
│ ├─ WASM → wasm-decompile / wasm2wat
│ └─ 未知 → binwalk + strings + hexdump
├─ 分析策略
│ ├─ 静态优先 → Ghidra反编译 → 找 main/check 函数
│ ├─ 动态辅助 → GDB断点 / Frida hook
│ ├─ 符号执行 → angr(自动探路)
│ └─ 反混淆 → D-810 / GOOMBA / Miasm
├─ 有反调试? → [references/anti-analysis.md](references/anti-analysis.md)
│ ├─ ptrace → LD_PRELOAD hook
│ ├─ /proc/self/status → 修改返回值
│ └─ 时间检测 → 跳过或 patch
└─ 常见模式
├─ 逐字符校验 → 逐字节爆破/约束求解
├─ 矩阵变换 → numpy/Z3 逆运算
├─ 自定义VM → 提取opcode表 → 反汇编
└─ 迷宫 → BFS/DFS 自动求解
快速启动命令
# 基础分析
file binary && checksec binary
strings -n 6 binary | grep -iE "flag|pass|correct"
objdump -d binary | head -100
# GDB 调试
gdb -q binary -ex 'b main' -ex 'r'
# Ghidra 无头分析
analyzeHeadless /tmp/proj proj -import binary -postScript ExportDecompiled.java
# angr 符号执行
python3 -c "
import angr
p = angr.Project('./binary')
s = p.factory.entry_state()
sm = p.factory.simgr(s)
sm.explore(find=0x TARGET_ADDR)
print(sm.found[0].posix.dumps(0))
"
常见反调试绕过
| 技术 | 绕过方法 |
|---|---|
| ptrace(PTRACE_TRACEME) | LD_PRELOAD hook 返回0 |
| /proc/self/status | 修改 TracerPid |
| 时间检测 | patch 掉 rdtsc/clock |
| IsDebuggerPresent (Win) | PEB.BeingDebugged = 0 |
工具速查
| 工具 | 用途 |
|---|---|
| Ghidra | 免费反编译器(支持多架构) |
| GDB + pwndbg | Linux 动态调试 |
| Frida | 运行时 hook(跨平台) |
| angr | 符号执行引擎 |
| dogbolt.org | 在线多反编译器对比 |
Decide Fit First
Design Intent
How To Use It
Boundaries And Review