"See one, Do one, Teach one". The goal of this project will be to develop your own sequence of metamorphic challenges that can be used to help someone learn a topic or tool in reverse engineering that is not currently addressed in your homework assignments. Source code for several MetaCTF challenges can be found here.
After doing so, you will create a narrated screencast of no longer than 15 minutes that walks-through the source code of your level and a demo of how you would go about solving the level using an example binary that is produced. Screencast submission is to be done via PSU's MediaSpace on the course's channel. After uploading your screencast to MediaSpace, ensure that the screencast is published as unlisted.
Submit the source-code for your levels and the MediaSpace URL for your screencast in a zip file. To do so, create a directory called
final with the following directory structure where
url.txt contains your unlisted screencast's URL and where the level files are replaced with your own. To name your level directories, use the format
Chapter_LevelName_OdinID as shown below. Ensure the
final ├── Ch03DynA_Ltrace_wuchang │ ├── build.zsh │ └── program.c.template ├── Ch08Dbg_StackSmash_wuchang │ ├── build.zsh │ └── program.c └── url.txt
Ensure that in each level directory, your C source code (
program.c.template), build script (
build.zsh), and any supporting files for your level are included, but do not include any binaries or non-necessary files.
Then, in the directory above final, zip the file up.
zip -r final.zip final
final.zip to the D2L dropbox.
Re-download your submission from D2L and validate the MediaSpace link is accessible in an Incognito window.
The rubric for the project is below:
1. Learning objective
How focused is the learning objective of each challenge? Do they address a core concept from the course? What is the value of the pedagogy?
Does the assignment use a novel technique or teach a new topic?
What is the quantity of functionality within the code? What is the quality of the code? Does the code force the student to apply a targeted concept in order to solve? Does the code generate metamorphic binaries?
Is the description sufficiently clear so that the level can be solved in under 60 minutes?
Does the level meet the formatting guidelines? Does the level follow the naming convention that includes the chapter it is derived from and a descriptive name of the concept it is teaching? Does the build.zsh script take a list of usernames and build a 32-bit binary for each within the directory obj/<username> as the template does?
Does the screencast explain the level's learning objective and walk-through its code thoroughly? Does the screencast perform a demonstration of the steps required by someone to solve the level using the intended method?
The goal of this final project is to reverse-engineer a piece of recent malware using everything you have learned in this course. After doing so, you will create a narrated screencast that walks-through your process of obtaining the malware, running the analysis on it, and analyzing its behavior. Properly edit the screencast so that your analysis is under 20 minutes. Screencast software and uploading the screencast will be done via PSU's MediaSpace. After uploading the screencast, create a file
url.txt and place the URL for your unlisted screencast on MediaSpace in it. Submit the file to the D2L dropbox for the course.
For Windows-based malware, you may use our institution's academic account to download copies of recent versions of the operating system. Follow the instructions at this link: https://cat.pdx.edu/services/software/users/microsoft-software/ . You may also use Microsoft Edge Developer to download Virtual Machines for testing: https://developer.microsoft.com/en-us/microsoft-edge/tools/vms/. After installation, you may perform the analysis on equivalent static and dynamic analysis tools.
To find resources for malware to analyze, visit the links below:
The rubric can be found below:
Does the walkthrough provide sufficient detail to reproduce including how to obtain the malware being analyzed? Are there instructions for setting up the VM and/or installing any software outside of that used in the course VM?
2. Static analysis
Does the walkthrough show the application of the tools applied in Part 1 of the textbook for analyzing the malware sample?
3. Dynamic analysis
Does the walkthrough examine key functionality of the malware as identified in disassemblers and debuggers used to analyze it?
4. Difficulty and depth
How much analysis has been done in the walkthrough? How precise and concise is the analysis?
You may use software of your choice for the screencasts. Options include video conferencing applications such as Google Meet and Zoom or dedicated programs such as OBS Screen Recorder, QuickTime (MacOS), Screencast-O-Matic (Windows), or RecordMyDesktop (Linux). In addition, CaptureSpace Lite is available via PSU's Media Space (https://media.pdx.edu).
Upload your completed screencast on MediaSpace. Ensure that it is published as "Unlisted". To do so, visit MediaSpace and click on "My Media".
Click on the screencast video that has been uploaded. Then, in the tabs below, select the "Publish" tab, click on "Unlisted", and then "Save".
Find the video on MediaSpace and get its URL. Include it in your D2L submission in a file called
url.txt. Bring up the URL in an Incognito Window to ensure the video can be played.