Project 1: De-evil Obfuscated C

This is a personal assignment. DO NOT copy solutions from others. DO NOT discuss solutions with the original authors of the obfuscated flag checkers.

Introduction

Unleash the power of LLMs to deobfuscate C code!

Instructions

1. Download the obfuscated C flag checkers from here. You will find 16 different protected C flag checkers in the archive.
2. You have roughly three days to solve as many of these flag checkers as possible. Your goal is to find at least one flag for each flag checker that it accepts.
3. Given the limited amount of time, you should use LLMs to help you understand and defeat obfuscation! Choose your favorite LLM (e.g., GPT, Claude, Qwen, etc.) and use it to help you understand the obfuscated C code. Arizona State University provides free access to ChatGPT for all current ASU students; feel free to use ChatGPT if you do not have access to any other LLMs.
4. Of course, you can choose to use or not use any tools. This means you do not have to use any LLMs.

Submission

For each flag checker that you manage to solve, you should submit the following:

1. README.md: A brief report in plaintext that documents how you solved the flag checker.
2. flag: A flag that the flag checker accepts.
3. solve.c/cpp/py: Any code that you wrote to help you solve the flag checker. Skip this file if you did not write any code.
4. llm_log.txt: If you used any LLMs to help you solve the flag checker, please include the chat logs or request logs (in plaintext) that show how you used the LLMs. If you did not use any LLMs, you can skip this file.

Please structure your submission as follows before compressing all directories into a single ZIP archive:

a/
    README.md
    flag
    solve.py
    llm_log.txt
b/
    README.md
    flag
    solve.c
    llm_log.txt
c/
    README.md
    flag
    solve.py
d/
    README.md
    flag
    llm_log.txt

Points

This project is worth 16 points. Because one of the flag checkers is yours, you should get at least 1 point.

Grading

We will grade your submission based on the following criteria:

• You get 1 point for each flag checker that you successfully solve (i.e., provide a valid flag that the flag checker accepts in the flag file) with a reasonable report (README.md).
• You get 0.5 additional point for each flag checker that you solve with only LLM usage. This means that LLMs must generate a valid solution for you, and you did not write any code to help you solve the flag checker. Please include a sharable chat log URL (if you use ChatGPT or Claude) to prove your LLM usage in this case.
• For each flag checker that you did not solve, you may get up to 1 point depending on how close you managed to get to the final solution.

FAQ

• Q: Can I compile the obfuscated C code?

• A: Yes, you can compile and run the obfuscated C code, especially if you want to test your potential flags.

• Q: Can I use angr?

• A: Yes, you can use angr or any other binary analysis tools.

• Q: Can I use no LLMs for this project?

• A: Yes, you can choose to not use any LLMs.

• Q: Can I use LLMs without reporting my usage?

• A: No, you must report your LLM usage in llm_log.txt if you used any LLMs.

• Q: Can I read the source code and manually solve each flag checker?

• A: Yes, you can read the source code and manually solve each flag checker.

• Q: Can I stay up late to work on this project?

• A: Yes, but remember that sleep deprivation is bad for your health!

• Q: Are all flag checkers solvable?

• A: Probably not.

Deadline

Please submit your submission to Zion Basque before 1762689599.