kao Posted September 14, 2016 Posted September 14, 2016 (edited) Quote On Sept. 23, 2016, the FireEye Labs Advanced Reverse Engineering (FLARE) team will be hosting its third annual Flare-On reverse engineering contest with a designated start time of 8pm ET. This is a CTF-style challenge for all active and aspiring reverse engineers, malware analysts and security professionals. The contest will run for six full weeks, ending Nov. 4, 2016, at 8pm ET. A total of 10 exquisitely crafted challenges stand between you and a famed prize that serves as a badge of honor. Last year was fun! Source: https://www.fireeye.com/blog/threat-research/2016/09/_announcing_the_thir.html Challenge site: http://www.flare-on.com/ Edited September 14, 2016 by kao 2x broken formatting 5
crystalboy Posted September 14, 2016 Posted September 14, 2016 Can't wait to start! Never attempt this CTF... Who knows, maybe someone this year will stole you the first place? XD
kao Posted September 14, 2016 Author Posted September 14, 2016 You can try last year's challenges to prepare for this year... http://flare-on.com/files/2015_FLAREOn_Challenges.zip 2
Loki Posted September 16, 2016 Posted September 16, 2016 Last year was good fun - I just wish I had more time to spare to do these things 1
kao Posted September 23, 2016 Author Posted September 23, 2016 (edited) It was fun until Level 7 which is Linux binary. I don't like Linux. Edited September 24, 2016 by kao 1
akkaldama Posted September 26, 2016 Posted September 26, 2016 Could anyone please point me to how to get the decryption key for challenge 2? I am new to the cryptography. Regards, akkaldama
kao Posted September 26, 2016 Author Posted September 26, 2016 It's really not about cryptography. All you need to know about cryptography is that AES is a symmetric algorithm - the same key is used for both encryption and decryption. You analyze the program, figure out how it generates encryption keys and how it encrypts files. Then somehow make a program that does the opposite and decrypts files instead.
Gyver75 Posted September 26, 2016 Posted September 26, 2016 Or simply patch the file DudeLocker.exe ... in DudeUnlocker.exe .
Guest greenbite Posted September 28, 2016 Posted September 28, 2016 For the 3rd challenge, I have reverse engineered the entire executable including the custom hash back to plain C code, but I still do not get the objective ?? Do we need to print the good boy message which depends on the path and the arguments ?? Best regards.
Guest greenbite Posted September 28, 2016 Posted September 28, 2016 Thank you for the help. Looks difficult for me as both the argument and path are variable. if find out atleast one of them, the other one could be bruteforced.
kao Posted September 28, 2016 Author Posted September 28, 2016 Without giving any further hints - your statement is wrong. Pay attention to details.
ktlq1412 Posted September 28, 2016 Posted September 28, 2016 What 's hint lv5 (smokestack) ? :(. I don't think solution to decrypt :'(
fasya Posted September 28, 2016 Posted September 28, 2016 8 minutes ago, ktlq1412 said: What 's hint lv5 (smokestack) ? :(. I don't think solution to decrypt :'( No you don't have to bruteforce anything. Your input is being checked with the valid input but in a twisted way, look closer for it. Any hint for level #8? I have no clue what to do
ktlq1412 Posted September 28, 2016 Posted September 28, 2016 (edited) 7 hours ago, fasya said: Edited September 28, 2016 by ktlq1412
madskillz Posted September 28, 2016 Posted September 28, 2016 Hi @kao , I cannot go past the first one itself. Well without disclosing any info's any related RE tut to follow which will help learn to RE challenge1 ? Regards
akkaldama Posted September 29, 2016 Posted September 29, 2016 @madskillz, It is a very baseic hashing with custom key. Regards, akkaldama.
kao Posted September 29, 2016 Author Posted September 29, 2016 (edited) @fasya: There are some data in .text segment and plenty of unused imports and stuff in .data segment. I would guess you need to decode that somehow. EDIT: there are some hint$ in .data segment. (No, I haven't solved it yet. But now I know where to look). Edited September 29, 2016 by kao
fasya Posted September 29, 2016 Posted September 29, 2016 @kao yes I noticed that unused imports and I guess that these will be used by the encrypted code when it gets decrypted. Any more info about the hints in the .data segment? I cant find anything catchy. Thanks Kao.
kao Posted September 29, 2016 Author Posted September 29, 2016 @fasya: Spoiler $ is the hint. So is the geezers reference.
ReverseUrApp Posted September 30, 2016 Posted September 30, 2016 On 9/28/2016 at 3:45 PM, madskillz said: Hi @kao , I cannot go past the first one itself. Well without disclosing any info's any related RE tut to follow which will help learn to RE challenge1 ? Regards Makes me feel better, I don't even know what it's wanting from me.. Hoping to atleast get through a few of these lol.
rektbyflare Posted October 1, 2016 Posted October 1, 2016 Can someone point me in #3? I reversed it, I re-wrote it in VS just to make sure I understand it at 100%, and I do... But there is no way to beat the challenge without knowing that one secret word, which I assume you have to guess (because the hint the binary gives you, does not work, in any form whatsoever), and I suck at guessing. I tried all the possible combinations, but nope, nothing.
Extreme Coders Posted October 1, 2016 Posted October 1, 2016 @rektbyflare Look at the binary closely You must be overlooking something.
kao Posted October 2, 2016 Author Posted October 2, 2016 @ktlq1412: why do you think that? I didn't notice any antidebug.
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now