Sivaramakrishnan on Binary Ruins

Taming Rust With C - Cracking Caido Cli

Sun, 21 Jun 2026 20:34:55 +0530

Caido-cli is a proxy like BurpSuite, but written in Rust - but your dear borrow checker won’t stop a well-aimed linkerscript. Let’s make it free (as in freedom) again with C.

Pwn Echo

Sun, 21 Jun 2026 14:20:50 +0530

Ret2Win but you hunt where to return in memory. (+UEFI)

Rooting Android Without Magisk or Kernelsu

Fri, 19 Jun 2026 00:28:38 +0530

For the special one-off situations when you can’t use magisk or kernelsu, or if you really don’t want to use existing root solutions, you can get root with a backdoor’d kernel image.

Hacking on the Jiophone - From getting a rootshell to running Doom

Sun, 29 Mar 2026 23:01:53 +0530

A few days ago, I found an old Jiophone. At first, it appeared to be a simple, locked down KaiOS device. But after a day of tinkering around with it, I found myself running doom on it.

Jails, Not Containers: A CTFer's PWN Environment with Nix and Bwrap

Wed, 25 Mar 2026 16:27:20 +0530

My story of migrating from docker containers to a more hacky bwrap + nix based jail for isolated, low-friction, reproducible security research environments.

Fsop 4 Noobz - 1

Wed, 25 Feb 2026 23:41:04 +0530

" _wide_data my beloved… "

Fsop 4 Noobz - 2

Wed, 25 Feb 2026 23:41:04 +0530

" _wide_data my beloved… "

Patching ELFs with ~Assembly~ C, or abusing the linker for fun and profit

Tue, 13 Jan 2026 00:41:11 +0530

Using a little bit of linkerscript magic and C to patch binaries the toolchain-intended way - instead of manually patching assembly instructions like a madman.

Hacking Rustls: Adding Your Own CA for HTTP/S Proxies

Thu, 18 Dec 2025 15:16:36 +0530

Give rustls a gentle lobotomy and make it cooperate with the HTTP/S your proxy of choice :).

Mad Max

Wed, 10 Dec 2025 15:04:52 +0530

Spraying the kernel heap for fun, profit and filling up holes.

The Forbidden Fruit

Wed, 10 Dec 2025 14:59:45 +0530

EZ PZ Rop FTW

Shellcode

Wed, 10 Dec 2025 14:53:06 +0530

Nopsleds FTW

Heap Heap Hooray

Wed, 10 Dec 2025 14:34:57 +0530

Manipulating pointers like there’s no tomorrow.

Heap Heap Hooray 2

Wed, 10 Dec 2025 14:34:57 +0530

Who needs exit hooks when you can ROP on stack :rofl:

Reversing ARM Firmware

Fri, 03 Oct 2025 19:26:37 +0530

Reversing a raw firmware dump is very different from reversing an ELF executable or a PE image. There are no sections, no symbols, and often no clear format - just raw bytes.

In this post, I’ll walk through the process of reversing a simple ARM Cortex-M3 (ARMv7-M) firmware image using Ghidra, mapping memory regions, identifying initialization routines, and making sense of global variables.

Ssh Clip

Mon, 22 Sep 2025 12:11:26 +0530

Clipboard with SSH cause graphical web interfaces are just too overkill for copying text.

Reviewbot 3000

Mon, 25 Aug 2025 13:40:51 +0530

XXE is one of those things you never expect to be present but it somehow makes it way to a web chall.

Inference Override 1

Mon, 25 Aug 2025 13:02:33 +0530

BTW Always look at robots.txt :thumbs:.

No 549

Tue, 08 Jul 2025 08:58:13 +0530

modprobe_path overwrite exploit after kernel commit fa1bdca98d74472dcdb79cb948b54f63b5886c04. trigger modprobe using struct sockaddr_alg.

First ever kernel pwn!

Babyrop

Tue, 08 Jul 2025 00:25:41 +0530

Using strlen on binary data is the definition of insanity.

Limited inital ropchain => pivot stack to bss for unlimited control.

Xss Xss

Tue, 08 Jul 2025 00:01:53 +0530

From Text injection to open redirect using javascript: pseudo protocol for unrestricted XSS.

First major web solve since picoCTF.

Server_status Revenge

Mon, 07 Jul 2025 23:42:59 +0530

First time solving a race condition / shared memory CTF challenge.

Server_status

Mon, 07 Jul 2025 23:20:47 +0530

SUID Binary with relative path => recipie for disaster.

UN-INTENDED SOLVE, Notified organisers about it.

Nice

Wed, 14 May 2025 15:03:23 +0530

Very nice and niche CTF challenge

Chip8 Interpretter 1

Tue, 17 Dec 2024 00:35:46 +0530

Out of the blue, after my SIH victory, i decided to give web development and cybersecurity a little break and decided to write a chip8 emulator. This is one project that i have always been wanting to do for quite a long time, but never got free enough to do it.

Hexdump

Mon, 09 Dec 2024 06:28:35 +0530

Why is there not a simple CLI tool for converting hex to ascii? :pray:

Xss

Mon, 09 Dec 2024 06:11:40 +0530

Solution

HTML

`1`	`<img src="42" onerr="alert(2)">`

Flag: `root@localhost{Byp4ss_Sanitiz3r_123}`

Idoor

Mon, 09 Dec 2024 05:08:00 +0530

Cracking hashes like there’s no tomorrow.

Mini Compiler

Mon, 09 Dec 2024 05:02:41 +0530

“Remote code execution as a service.”. Reminded me of my freshman year’s moodle exploitation :lol:.

Ez Web

Mon, 09 Dec 2024 04:41:52 +0530

The statement

duh.

Solution

Inspect the html and find js file.

Find this encoded string in js file.

`1`	`const encodedFlag: 'cm9vdEBsb2NhbGhvc3R7VGhlX3dlYl9jaGFsbF9pc19lYXN5fQ==';`

Decode it

$_ base64 -d «< cm9vdEBsb2NhbGhvc3R7VGhlX3dlYl9jaGFsbF9pc19lYXN5fQ==

root@localhost{The_web_chall_is_easy}

Flag: `root@localhost{The_web_chall_is_easy}`

Pixel Secrets

Mon, 09 Dec 2024 03:39:07 +0530

The statement

Decode the hidden message embedded in this image. Use steganographic techniques to uncover the flag that lies beneath the pixels!

Solution

Should be pretty self explanatory. Classic steganography bruteforce.

$_ docker run –rm -it -v ‘$(pwd):/steg’ rickdejager/stegseek steg1.jpg password.txt

Unable to find image ‘rickdejager/stegseek:latest’ locally
latest: Pulling from rickdejager/stegseek
a70d879fa598: Pull complete
c4394a92d1f8: Pull complete
10e6159c56c0: Pull complete
2a9284816e0c: Pull complete
da918f5114c3: Pull complete
172662ab993b: Pull complete
Digest: sha256:a3c6a82d5b7dd94dc49098c5080a70da8103b7ed3b3718423b3a70d4b43c9a8a
Status: Downloaded newer image for rickdejager/stegseek:latest
StegSeek 0.6 - https://github.com/RickdeJager/StegSeek



Hidden Truth
Mon, 09 Dec 2024 03:14:23 +0530
The statement
A hidden message lies concealed within a jumble of characters and numbers. Can you crack the code and reveal the secret? The mystery is waiting for you to uncover it.
Solution
Strings on the file gives a base64 string.

    
        
            
                $_
            strings -n 65 challenge.png
    
    <x:xmpmeta xmlns:x=‘adobe:ns:meta/’ x:xmptk=‘Image::ExifTool 12.76’>
<rdf:RDF xmlns:rdf=‘http://www.w3.org/1999/02/22-rdf-syntax-ns#'>
Attrib:ExtId03825ccf-d796-4baa-8dda-96a2acd20326</Attrib:ExtId>
<rdf:li xml:lang=‘x-default’>cm9vdEBsb2NhbGhvc3R7QzBuZ3JAdCRfWTB1X0YwdW5kX1RoM19NeXN0M3J5X04wd30=</rdf:li>
cm9vdEBsb2NhbGhvc3R7QzBuZ3JAdCRfWTB1X0YwdW5kX1RoM19NeXN0M3J5X04wd30=


Decode it to get flag


Echo of Time
Mon, 09 Dec 2024 03:08:46 +0530
The statement
You found an audio file named ab Somewhere within this audio lies a crucial piece of information: a year that marks a significant event. Extract the year hidden in the audio using steganography techniques.
Solution
Open the given file in audacity, and view it as spectogram.

Flag: r00t@localhost{2025}


Play With Qr
Mon, 09 Dec 2024 02:59:24 +0530
You don’t need A GUI FOR SORTING FILES BY SIZE.


Silent Courier
Mon, 09 Dec 2024 00:00:07 +0530
The statement
A mysterious file is being secretly transferred between servers. Your task is to intercept the transfer and uncover the hidden secret. Can you track it down before it’s too late?
Solution
File is analyzed using apacket.

The zip file is encrypted.

    
        
            
                $_
            unzip protected.zip
    
    Archive:  protected.zip
[protected.zip] secret.zip password: %


Crack it with johntheripper

    
        
            
                $_
            zip2john protected.zip > zip.hash
    
    ver 2.0 Scanning for EOD… FOUND Extended local header
protected.zip/secret.zip PKZIP Encr: cmplen=137, decmplen=178, crc=13905395


The Great Login Heist
Sun, 08 Dec 2024 23:48:26 +0530
The statement
In a daring attempt at digital mischief, a crafty threat actor tried to break into Cybertown Tech Solutions’ secure web interface. Their sneaky login attempts were caught red-handed in a PCAP file, thanks to our vigilant network monitoring.
flag format :root@localhost{username_password}
Solution
The pcapng file has the following string, which contains the username and password. ez win

**Flag: root@localhost{Liam_24_P%40ssw0rd!2024}** 
Quirks
I thought the password (P%40ssw0rd!2024) was meant to be Base64URLdecoded, but the organizers thought otherwise 😅.


Javascript Is Not The Answer
Wed, 16 Oct 2024 22:30:06 -0530
During the last three weeks, javascript has been the reason for all of my misery.
The more javascript i write, the more i wonder ‘Who put this piece of shit on the server!’
Even though it has always given me problems, there’s two problems that made me (almost) physically abuse my keyboard.
No, i won’t be talking about what {} - [] results in, why spend time thinking about things that you will never use?


Hello, world!
Sat, 12 Oct 2024 21:15:42 -0530
Finally doing this


Archive
Mon, 01 Jan 0001 00:00:00 +0000
Archive of all posts.

Sivaramakrishnan on Binary Ruins

Taming Rust With C - Cracking Caido Cli

Pwn Echo

Rooting Android Without Magisk or Kernelsu

Hacking on the Jiophone - From getting a rootshell to running Doom

Jails, Not Containers: A CTFer's PWN Environment with Nix and Bwrap

Fsop 4 Noobz - 1

Fsop 4 Noobz - 2

Patching ELFs with ~Assembly~ C, or abusing the linker for fun and profit

Hacking Rustls: Adding Your Own CA for HTTP/S Proxies

Mad Max

The Forbidden Fruit

Shellcode

Heap Heap Hooray

Heap Heap Hooray 2

Reversing ARM Firmware

Ssh Clip

Reviewbot 3000

Inference Override 1

No 549

Babyrop

Xss Xss

Server_status Revenge

Server_status

Nice

Chip8 Interpretter 1

Hexdump

Xss

Solution

Flag: root@localhost{Byp4ss_Sanitiz3r_123}

Idoor

Mini Compiler

Ez Web

The statement

Solution

Flag: root@localhost{The_web_chall_is_easy}

Pixel Secrets

The statement

Solution

Hidden Truth

The statement

Solution

Echo of Time

The statement

Solution

Flag: r00t@localhost{2025}

Play With Qr

Silent Courier

The statement

Solution

The Great Login Heist

The statement

Solution

Quirks

Javascript Is Not The Answer

Hello, world!

Archive

Flag: `root@localhost{Byp4ss_Sanitiz3r_123}`

Flag: `root@localhost{The_web_chall_is_easy}`

Flag: `r00t@localhost{2025}`