Quote

 

On Sept. 23, 2016, the FireEye Labs Advanced Reverse Engineering (FLARE) team will be hosting its third annual Flare-On reverse engineering contest with a designated start time of 8pm ET. This is a CTF-style challenge for all active and aspiring reverse engineers, malware analysts and security professionals. The contest will run for six full weeks, ending Nov. 4, 2016, at 8pm ET.

A total of 10 exquisitely crafted challenges stand between you and a famed prize that serves as a badge of honor.

 

Last year was fun!  

 

Source: https://www.fireeye.com/blog/threat-research/2016/09/_announcing_the_thir.html

Challenge site: http://www.flare-on.com/

 

Edited September 14, 20168 yr by kao
2x broken formatting

Can't wait to start!  Never attempt this CTF...

Who knows, maybe someone this year will stole you the first place? XD

 

You can try last year's challenges to prepare for this year...  http://flare-on.com/files/2015_FLAREOn_Challenges.zip

 

Last year was good fun - I just wish I had more time to spare to do these things

It was fun until Level 7 which is Linux binary. I don't like Linux.

Edited September 24, 20168 yr by kao

Could anyone please point me to how to get the decryption key for challenge 2?

I am new to the cryptography.

 

Regards,

akkaldama

It's really not about cryptography. All you need to know about cryptography is that AES is a symmetric algorithm - the same key is used for both encryption and decryption.

You analyze the program, figure out how it generates encryption keys and how it encrypts files. Then somehow make a program that does the opposite and decrypts files instead.

 

Or simply patch the file DudeLocker.exe ... in DudeUnlocker.exe  .

For the 3rd challenge, I have reverse engineered the entire executable including the custom hash back to plain C code, but I still do not get the objective ?? 
Do we need to print the good boy message which depends on the path and the arguments ??

Best regards.

 

Yes. Flag is in the arguments.

Thank you for the help. 
Looks difficult for me as both the argument and path are variable. if find out atleast one of them, the other one could be bruteforced.

Without giving any further hints - your statement is wrong. Pay attention to details.

What 's hint lv5 (smokestack) ? :(. I don't think solution to decrypt :'(

 

8 minutes ago, ktlq1412 said:

What 's hint lv5 (smokestack) ? :(. I don't think solution to decrypt :'(

No you don't have to bruteforce anything. Your input is being checked with the valid input but in a twisted way, look closer for it.

 

Any hint for level #8? I have no clue what to do

7 hours ago, fasya said:

 

Edited September 28, 20168 yr by ktlq1412

Hi @kao ,

I cannot go past the first one itself. 

Well without disclosing any info's any related RE tut to follow which will help learn to RE challenge1 ?

Regards

@madskillz,

It is a very baseic hashing with custom key. 

 

Regards,

akkaldama.

@fasya: There are some data in .text segment and plenty of unused imports and stuff in .data segment. I would guess you need to decode that somehow.

EDIT: there are some hint$ in .data segment. (No, I haven't solved it yet. But now I know where to look).

Edited September 29, 20168 yr by kao

@kao yes I noticed that unused imports and I guess that these will be used by the encrypted code when it gets decrypted.

Any more info about the hints in the .data segment? I cant find anything catchy.

Thanks Kao.

@fasya:

Spoiler

$ is the hint. So is the geezers reference.

On 9/28/2016 at 3:45 PM, madskillz said:

Hi @kao ,

I cannot go past the first one itself. 

Well without disclosing any info's any related RE tut to follow which will help learn to RE challenge1 ?

Regards

Makes me feel better, I don't even know what it's wanting from me.. Hoping to atleast get through a few of these lol. 

Can someone point me in #3? I reversed it, I re-wrote it in VS just to make sure I understand it at 100%, and I do...

But there is no way to beat the challenge without knowing that one secret word, which I assume you have to guess (because the hint the binary gives you, does not work, in any form whatsoever), and I suck at guessing. I tried all the possible combinations, but nope, nothing.

@rektbyflare Look at the binary closely  You must be overlooking something.

Has the Lv7  antidebug ?

@ktlq1412: why do you think that? I didn't notice any antidebug.