Strace and the utumno0 CTF I'm trying to figure out the "utumno0" Capture The Flag (it can be found here[1]). No success so far, but trying to solve this exercise I decided to read the strace(1) manpage thoroughly, to understand if it could be a valuable tool. I find strace(1) to be really a valuable tool for reverse engineering and computer forensics! I collected a few flags that I find interesting in my "Today I Learned"[2] list, and I'll report them here too. [1] https://overthewire.org/wargames/ [2] gopher://dacav.org/0/textfiles/til.txt ... Useful strace(1) options The -e flag can be used for a variety of things: - To filter the systemcall. It supports classe of syscalls, e.g. `strace -e %file x` is equivalent to `strace -e trace=open,stat,chmod,unlink,... x`. Hidden jems in the available classes. - To dump the data of the read/write operations. - To decode information about the file descriptors (e.g path of the files) (see also -y / -yy / -Y) - To inject syscall behaviours. The -c flag shows a table of statistics on invoked syscalls. The -z/-Z flags filter successful and faulty syscalls respectively. The -r/-T flags measure times between and within syscalls respectively. Possibly useful for a rough performance assessment.