Jump to content
Tuts 4 You
Sign in to follow this  
kao

FLARE On Challenge - starts tonight!

Recommended Posts

SkyProud

Take easy KAO.

Your health is more important than a place on a contest.

Get some rest.

;)

@kao: You should take some rest during your period.

Share this post


Link to post
kao

:kick: 


 


I will assume you said that only because English is not your native language. ;)


  • Like 1

Share this post


Link to post
Hypnz

Rofl :-)

Share this post


Link to post
Extreme Coders

The final challenge has been solved after a long period (sorry, no pun intended).


 


The last couple of challenges were more of a guessing game.


Edited by Extreme Coders (see edit history)
  • Like 2

Share this post


Link to post
kao

@Extreme Coders: Congrats! :thumbs:


 


 


  • Like 1

Share this post


Link to post
Extreme Coders

The biggest possible hint is that @kao solved it under a mere 27 hours.


 


That should give an idea where to look into and where to not waste one's time.


Share this post


Link to post
akkaldama

Congrats, @Extreme.


Share this post


Link to post
dudewat

Finished the challanges aswell.


 




The biggest possible hint is that @kao solved it under a mere 27 hours.


 


That should give an idea where to look into and where to not waste one's time.




 


i think the last one was kind of anti-cheat, because some calculations there would still take few hours, at least on my computer :)


Share this post


Link to post
AcidShout

Oooookay, I'm kinda stuck on #10...


(you were right, kao/EC, it's not that much related to reversing lol)


 


I've found the secret message that tells you to try a specific *something*, but when trying that, it passes a pointer to a buffer full of NULLs and it decrypts to garbage.


 


I've also tried sequentially running the decryption functions so the passed buffer is not filled with zeroes, but it still decrypts to garbage.


 


Any pointers? (pun not intended)


Edited by AcidShout (see edit history)

Share this post


Link to post
kao

@dudewat: I'm pleasantly surprised how many great reversers are here! Congrats! :thumbs:


As for #11: required calculations took just few minutes on my i5-2500K. Maybe I cheated..


 


@AcidShout: You have already solved 95% of it. :) IDA knows everything...


  • Like 1

Share this post


Link to post
AcidShout

@kao: actually, your hint helped, I made it to #11, thanks! :-p


Share this post


Link to post
pateohom

I must be missing something on #c10.  I've got the driver, and know what the ioctls do.  I don't see a secret message tho?  I don't see anything that I havn't reversed?!


 


This one seems a bit silly, or I'm missing something obvious.


Share this post


Link to post
kao

You are missing something. Recheck last few messages from AcidShout. And if that doesn't help..

There's a hint hidden in ioctl handler 22e0dc. It will tell you where to look for answer.

Share this post


Link to post
pateohom

I had looked at that before, but not from the 'not really reversing' perspective.  Time to look at the specific *something*


Share this post


Link to post
pateohom

Well, now I'm exactly where AcidShout was.  Hrmmm... :/


Share this post


Link to post
AcidShout

Well, now I'm exactly where AcidShout was.  Hrmmm... :/

double-check and triple-check the spoiler hint @kao gave you.

 

there's a hidden (string) message in it; you just need to "extract" it.

 

 

EDIT: just found the key for #11 (or that's what I think :P)

Let's hope the decryption doesn't take too long...

Edited by AcidShout (see edit history)

Share this post


Link to post
pateohom

double-check and triple-check the spoiler hint @kao gave you.

 

there's a hidden (string) message in it; you just need to "extract" it.

 

 

EDIT: just found the key for #11 (or that's what I think :P)

Let's hope the decryption doesn't take too long...

No I had extracted that, I was stuck in the *something*, but I got through that.  It really had nothing to do with reversing tho.

Share this post


Link to post
some0ne

I'm also stuck at #10 after trying the hint, not sure what you guys mean by not related to reversing


Share this post


Link to post
Extreme Coders

@some0ne: Actually you never need the hint. I did not find that during my re session.


Just have a look in the data section and use your intuition.  :)


Share this post


Link to post
AcidShout

yay, #11 completed!


 


was fun :P


Share this post


Link to post
kao

@AcidShout: congratulations! :thumbs:


  • Like 1

Share this post


Link to post
noregret

Hello guys,


 


Can I get some hints regarding challenge 4?


 


Here is what I have done/found out.


 


The exe crashes by default, so I fixed its PE header.


When executed, it prints "2 + 2 = 5". No idea what that means.


After dynamic/static analysis, it takes an integer arg and gets its MD5 (and compares it to a random decoded b64 string), then it randomly chooses b64 strings and XOR them with each other (16bytes with 24bytes). So i brute forced the b64 strings (using cartesian product) by XORing them with each others. AND... I got nothing..


 


I noticed that numbers from 0x7 to 0x37 are being passed to a location before getting the b64 string then number 5 is replaced with them.. no idea what that does actually.


Any hints?


Share this post


Link to post
kao

@noregret: Carefully read the email you got from FLARE.



Fix the stuff you broke during unpacking and then get back to analysis.



Share this post


Link to post
noregret

kao,


 


The email? you mean "Always be sure to run the challenge on the command line to confirm that it is actually doing what you think it's doing.? I already do that on all apps anyways.


 


I forgot to mention that I did all the above *after* unpacking. When packed, it printed "2 + 2 = 4" which to me, is the same as "2 + 2 = 5" xD


 


You said something broke after unpacking, and I agree since the file execution changed after it. So I changed all occurances of 5 to 4 just for testing, that also didn't work out.


Share this post


Link to post
kao

You broke more than just one number during unpacking. :)


 


Don't trust any static UPX unpacker. Instead use the dynamic approach and you should get a properly working unpacked file to analyze.


Share this post


Link to post

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  
×
×
  • Create New...