Jump to content
Tuts 4 You

Third annual Flare-On reverse engineering contest


Recommended Posts



On Sept. 23, 2016, the FireEye Labs Advanced Reverse Engineering (FLARE) team will be hosting its third annual Flare-On reverse engineering contest with a designated start time of 8pm ET. This is a CTF-style challenge for all active and aspiring reverse engineers, malware analysts and security professionals. The contest will run for six full weeks, ending Nov. 4, 2016, at 8pm ET.

A total of 10 exquisitely crafted challenges stand between you and a famed prize that serves as a badge of honor.


Last year was fun! :) 


Source: https://www.fireeye.com/blog/threat-research/2016/09/_announcing_the_thir.html

Challenge site: http://www.flare-on.com/


Edited by kao
2x broken formatting
  • Like 5
Link to comment

It's really not about cryptography. All you need to know about cryptography is that AES is a symmetric algorithm - the same key is used for both encryption and decryption.

You analyze the program, figure out how it generates encryption keys and how it encrypts files. Then somehow make a program that does the opposite and decrypts files instead.


Link to comment
Guest greenbite

For the 3rd challenge, I have reverse engineered the entire executable including the custom hash back to plain C code, but I still do not get the objective ?? :(
Do we need to print the good boy message which depends on the path and the arguments ??

Best regards.


Link to comment
Guest greenbite

Thank you for the help. 
Looks difficult for me as both the argument and path are variable. if find out atleast one of them, the other one could be bruteforced.

Link to comment


8 minutes ago, ktlq1412 said:

What 's hint lv5 (smokestack) ? :(. I don't think solution to decrypt :'(

No you don't have to bruteforce anything. Your input is being checked with the valid input but in a twisted way, look closer for it.


Any hint for level #8? I have no clue what to do

Link to comment

@fasya: There are some data in .text segment and plenty of unused imports and stuff in .data segment. I would guess you need to decode that somehow.

EDIT: there are some hint$ in .data segment. (No, I haven't solved it yet. But now I know where to look).

Edited by kao
Link to comment

@kao yes I noticed that unused imports and I guess that these will be used by the encrypted code when it gets decrypted.

Any more info about the hints in the .data segment? I cant find anything catchy.

Thanks Kao.

Link to comment
On 9/28/2016 at 3:45 PM, madskillz said:

Hi @kao ,

I cannot go past the first one itself. :(

Well without disclosing any info's any related RE tut to follow which will help learn to RE challenge1 ?


Makes me feel better, I don't even know what it's wanting from me.. Hoping to atleast get through a few of these lol. 

Link to comment

Can someone point me in #3? I reversed it, I re-wrote it in VS just to make sure I understand it at 100%, and I do...

But there is no way to beat the challenge without knowing that one secret word, which I assume you have to guess (because the hint the binary gives you, does not work, in any form whatsoever), and I suck at guessing. I tried all the possible combinations, but nope, nothing.

Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...