For this year's DEFCON CTF, the organizers decided to break all existing tooling by making a custom architecture with 9-bit bytes, 27-bit words, and middle-endian integers.
I was able to make a [Binary Ninja](https://binary.ninja) architecture plugin on the flight to Vegas, but unfortunately I had to expand everything to 16-bit bytes to be able to handle addressing. This made control flow graph recovery possible, but I had to choose between accurate data references or accurate immediates. I ended up going with accurate immediates and letting my data references fall into the middle of functions (because instruction addresses were all 2x).
The 27-bit words and middle-endianness wasn't a huge issue, but the 9-bit bytes really really sucked. We had IO buffering issues on every exploit we wrote and analyzing PCAPs was a huge pain.
Its great that the CTF organizers fielded a neutral architecture that no one would be familiar with. This helps put everyone on a more even footing and tests their knowledge of their tools and reverse engineering instead of knowledge of architecture internals
I was able to make a [Binary Ninja](https://binary.ninja) architecture plugin on the flight to Vegas, but unfortunately I had to expand everything to 16-bit bytes to be able to handle addressing. This made control flow graph recovery possible, but I had to choose between accurate data references or accurate immediates. I ended up going with accurate immediates and letting my data references fall into the middle of functions (because instruction addresses were all 2x).
The 27-bit words and middle-endianness wasn't a huge issue, but the 9-bit bytes really really sucked. We had IO buffering issues on every exploit we wrote and analyzing PCAPs was a huge pain.