kao 2,161 Posted July 28, 2015 Share Posted July 28, 2015 (edited) The FireEye Labs Advanced Reverse Engineering (FLARE) team is hosting its second annual CTF-style challenge for all reverse engineers, malware analysts, and security professionals. ... The puzzles start with basic skills and escalate quickly to more difficult reversing tasks. At FLARE we have to deal with whatever challenges come our way, so the challenge reflects this. If you take on the challenge you might see puzzles involving Packers, Mobile platforms, steganography, obfuscated .NET, and so on. The Second FLARE On Challenge will open at July 28, 2015 20:00EDT and close on Sept. 8, 2015 20:00EDT. You can finish any time before Sept. 8 to qualify for a prize. ... After completing the final challenge, you’ll be contacted by a FLARE team member. Once you provide a mailing address we’ll ship you your prize. Last year, the prize was a coin and this year we have something new and special for the winners . The full details can be found at: www.flare-on.com. @moderators: sorry, could not find a better place to post it. Edited July 28, 2015 by kao (see edit history) 6 Link to post
kao 2,161 Posted July 30, 2015 Author Share Posted July 30, 2015 After 27 hours of reversing, I've done it again! https://twitter.com/nickharbour/status/626765867519508480 Now I need to get some sleep. 12 Link to post
madskillz 24 Posted July 30, 2015 Share Posted July 30, 2015 Congrats Kao. Well if I had to reverse the first binary , where should I look ? examples, book ref , etc ? Link to post
Extreme Coders 443 Posted July 30, 2015 Share Posted July 30, 2015 @kao Impressive Skills. What is the total number of challenges? @madskillz For the first refer to xor encryption. Link to post
kao 2,161 Posted July 30, 2015 Author Share Posted July 30, 2015 @Extreme Coders: 11. The real fun starts from #8. @madskillz: To avoid spoiling it for others I won't be commenting on specific challenges. There is a list of suggested materials on flare-on.com, you can start with those. Link to post
Loki 384 Posted July 31, 2015 Share Posted July 31, 2015 Nice work - congrats Kao I took a look at the first one in work yesterday which was a nice eay primer - hoping to get some time over the next couple of weeks to dig through the others Link to post
GIV 1,158 Posted July 31, 2015 Share Posted July 31, 2015 @moderators: sorry, could not find a better place to post it. Take easy KAO. Your health is more important than a place on a contest. Get some rest. 1 Link to post
kao 2,161 Posted July 31, 2015 Author Share Posted July 31, 2015 @GIV: I just love to win. And second place is just the first loser. Also, who needs sleep when you got mate? Link to post
akkaldama 12 Posted July 31, 2015 Share Posted July 31, 2015 @Anybody please, from where i can download the files? at 'http://www.flare-on.com/'i get a page like command prompt. Link to post
Extreme Coders 443 Posted July 31, 2015 Share Posted July 31, 2015 Currently on challenge 6 (android). Need to study ARM arch in more detail. Link to post
kao 2,161 Posted July 31, 2015 Author Share Posted July 31, 2015 @akkaldama: type 'help' and follow instructions.@Extreme Coders: you're doing well! Thumbs up! :-) 1 Link to post
akkaldama 12 Posted August 1, 2015 Share Posted August 1, 2015 @kao, thanks.My problem is the syntax of CD ccomand.I have used square brackets with that.:-().BTW congrats for the first place. Link to post
Extreme Coders 443 Posted August 2, 2015 Share Posted August 2, 2015 Challenge 6 is over. But there is a bug in the challenge.There are 2 possible email addresses which are valid. However only 1 of them accepts an email to progress to the next challenge. Link to post
kao 2,161 Posted August 2, 2015 Author Share Posted August 2, 2015 (edited) Really? Both of them are accepted by Android app? My tool only found one, and it was a proper one. You could always ping Nick Harbour ( https://twitter.com/nickharbour/) who's managing the challenge - maybe you get extra points for finding unexpected solutions? EDIT: auto-format broke my twitter link Edited August 2, 2015 by kao (see edit history) Link to post
Extreme Coders 443 Posted August 2, 2015 Share Posted August 2, 2015 (edited) @kao My tool found two. Both are accepted by the android app. There may even be more. The addresses are proper, i.e. they contain legit chars allowed in an email id. Need to open a twitter account for this EDIT: Alright, he has an email ID too. Edited August 2, 2015 by Extreme Coders (see edit history) Link to post
Antelox 0 Posted August 2, 2015 Share Posted August 2, 2015 Hi reversers,some hints about level 4? I miss some things to close the circle... :\ Tnx in advance. Antelox Link to post
Extreme Coders 443 Posted August 4, 2015 Share Posted August 4, 2015 Finished Challenge #9, but their mail server seems to be down. No response. Link to post
ultrain 0 Posted August 4, 2015 Share Posted August 4, 2015 @kao Congratulation to u~ @Extrem Coders: I have just finished Challenge #7, and are going mad by #8. It seemed that "the key" was neither in exe nor png. For I almost analyse all png bytes.. But Likely in twitter... Link to post
kao 2,161 Posted August 4, 2015 Author Share Posted August 4, 2015 @Extreme Coders: did you finally get the email? If not, you probably found another bug or something. If you want to check your solution, SHA1 of accepted pass starts with 64e7d343.... @antelox: read and follow instructions in the mail. And don't spend too much time debugging it. @ultrain: password is in the PNG but if you look at bytes, you won't see it. Link to post
Extreme Coders 443 Posted August 4, 2015 Share Posted August 4, 2015 (edited) @kao: No response email till now.. Yes the sha1 starts with those and ends with ....33a6e8f2. EDIT:Received Challenge #10. Let's see. Edited August 4, 2015 by Extreme Coders (see edit history) Link to post
Extreme Coders 443 Posted August 7, 2015 Share Posted August 7, 2015 Finally completed challenge #10.However, frankly speaking, this did not look like a Reversing challenge at all. Link to post
AcidShout 2 Posted August 9, 2015 Share Posted August 9, 2015 (edited) Finally completed challenge #10. However, frankly speaking, this did not look like a Reversing challenge at all. why do you think so? I just started reversing it, and a driver seems very much like reversing to me :-p Edited August 9, 2015 by AcidShout (see edit history) Link to post
kao 2,161 Posted August 9, 2015 Author Share Posted August 9, 2015 @AcidShout: you'll know what he meant when you solve it. ;-) Link to post
0xd4d 377 Posted August 10, 2015 Share Posted August 10, 2015 (edited) After 27 hours of reversing, I've done it again! https://twitter.com/nickharbour/status/626765867519508480 Now I need to get some sleep. LOL, I hope you just woke up before the contest and hadn't been awake for 16 hours already. Congratulations on the win! Edited August 10, 2015 by 0xd4d (see edit history) Link to post
kao 2,161 Posted August 10, 2015 Author Share Posted August 10, 2015 It started at 2AM my time - I was too tired and fell asleep before the contest started. So, I actually slept for the first 6 hours of the contest. Thanks! Link to post
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now