Third annual Flare-On reverse engineering contest

[ktlq1412]

I find the bytes array, but it is not correct :3

[kao]

Most likely you overlooked one byte somewhere.. 

 

[ktlq1412]

1 minute ago, kao said:

Most likely you overlooked one byte somewhere.. 

 

I will try to check. Thank

[shawneg]

can someone point me to the right key size \ charset for challenge 10? 

[ktlq1412]

I don't find that byte

[ReverseUrApp]

7 hours ago, kao said:

Most likely you overlooked one byte somewhere.. 

 

Koa, how many hours should the first challenge take, An is there something similar with a write up to follow? I aspire to be as good as you guys one day. It's rather disappointing that I can't get past the first one. I see the function that's taking user input to create the hash, then compare to stored has. But I can't see a easy way to reverse the hash generation to find the original value of the stored key. 

[kao]

* for the best guys it took 5-10 minutes. But don't be discouraged if it takes much longer for you-this challenge is hard from the very beginning.

* that's not hash, that's a well-known encoding method (but uses custom alphabet). Once you figure out what method it is, you'll be able to make your own decoder.

how many characters this alphabet has?

[ReverseUrApp]

19 minutes ago, kao said:

* for the best guys it took 5-10 minutes. But don't be discouraged if it takes much longer for you-this challenge is hard from the very beginning.

* that's not hash, that's a well-known encoding method (but uses custom alphabet). Once you figure out what method it is, you'll be able to make your own decoder.

 

  Hide contents

how many characters this alphabet has?

 

I don't have enough experience with this. My method involved trying hash identifiers, decoding with base64, Nothing seemed to work. Now I have a new tool in the shed for the future. On to challenge 2. 

Thanks, being self employed 8 years now. You'd think I'd of get into RE years ago, having software leaked is never fun lol.

[Eskalina]

Hello guys.Can anybody help me with the decision of the 3rd assignment. I rewrote the job C and checked for correctness. I tried to pick an argument symbols are checked in the latter part of the algorithm. I'm having trouble understanding how to reverse the generation algorithm "checklist" to find out which way up the program to create. Since it is necessary to know the length of the argument with which to run the program, I expect that this length 26. (According to the number of constants stored in the program). Please give me a hint if possible. Thank you.

Spoiler

  md5.cpp md5.h Unknown_Solve.cpp 

 

[kao]

The brute charset consists of printable ASCII chars. But that's the smallest of your problems. See Extreme Coders comment:

You need to figure out correct path first

[hyper-v]

5 hours ago, Eskalina said:

Hello guys.Can anybody help me with the decision of the 3rd assignment. I rewrote the job C and checked for correctness. I tried to pick an argument symbols are checked in the latter part of the algorithm. I'm having trouble understanding how to reverse the generation algorithm "checklist" to find out which way up the program to create. Since it is necessary to know the length of the argument with which to run the program, I expect that this length 26. (According to the number of constants stored in the program). Please give me a hint if possible. Thank you.

  Reveal hidden contents

  md5.cpp md5.h Unknown_Solve.cpp 

 

Small unrelated hint: why don't you make a DLL, then load it into the process, and use its functions, instead of rewriting all the algorithms inside your code?
In fact, there are many ways of calling a binary's functions in order to avoid having to rewrite them yourself. Here are a few off the top of my head:

Spoiler

// Definition
auto imp_md5 = (void(__cdecl*)(void*, void*, size_t)) 0x402D10;
auto imp_RC4_Init = (void*(__fastcall*)(void*, void*, void*, int)) 0x401120;
auto imp_RC4_Crypt = (void*(__thiscall*)(void* state, void* data, size_t len)) 0x401230;

// Usage
imp_md5(md5_hash, rc4_key, 16);
imp_RC4_Init(state, rc4_key, rc4_key, 16);
imp_RC4_Crypt(state, hashTable, 104);

Spoiler

// IDA has to know everything about the function(s) before you call it(them)
.text:00402D10                             ; int __cdecl md5(void *, void *, size_t)
.text:00402D10                             md5             proc near
  
KernelBase.dll:74B0F002 ; int __stdcall kernelbase_VirtualAlloc(int a1, int a2, int a3, int a4)
KernelBase.dll:74B0F002 kernelbase_VirtualAlloc proc near       ; DATA XREF: kernel32.dll:off_76130908o

// Usage (Python)
Python>mem = Appcall.kernelbase_VirtualAlloc(0, 16, 0x3000, 64)
Python>hex(mem)
0x1c0000L
Python>hex(Appcall.md5(mem, 0x402B3C, 16))
0x1c0000L

// Memory contents
DE 62 47 24
9F 23 88 F4
F4 C0 A0 41
96 6F 95 72

 

Apart from this, you can always try debugging the program, running the call, adjusting the stack and the arguments, and changing EIP (but this usually doesn't work / is too complex for what it does). Tricks like these greatly speed you up, and allow you to focus on the challenge instead of on the implementation details.

Also, does anybody else find this year's challenges excessively guessing-based? I thought it was a reversing challenge, not a guessing game. It's annoying because I was expecting a good set of reversing challenges but instead I got to write brute forcers.

[kao]

1 hour ago, hyper-v said:

Also, does anybody else find this year's challenges excessively guessing-based?

Lol, you should have tried last year, it was even worse!  Unfortunately that's kinda trademark of FLARE..

 

[Gyver75]

Hi Hyper-v, which version of IDA do you have? i do this question to y because my IDA doesn't recognize the name of those functions. Probably y have a better FLIRT signature than mine.

And of course agree width y about the general approach vs this challenge, coz this challenge is 'special'. As Kao and Extreme Coder said, there 's some 'extra' info inside the binary. Bye bye

 

[Eskalina]

@kao @hyper-v @Gyver75 I solved this task, thank you. Many thanks. I understand why this "special" task, I've seen it many times but did not pay attention. I'm really grateful to you, you're cool. I love you guys

[hyper-v]

6 hours ago, Gyver75 said:

Hi Hyper-v, which version of IDA do you have? i do this question to y because my IDA doesn't recognize the name of those functions. Probably y have a better FLIRT signature than mine.

And of course agree width y about the general approach vs this challenge, coz this challenge is 'special'. As Kao and Extreme Coder said, there 's some 'extra' info inside the binary. Bye bye

 

It wasn't my IDA what recognized the functions, it was me, I named them. (MD5 and RC4; for the kernelbase functions there's another thing you can do, but I'm not sure if you were referring to this, I could explain it if you want)

Apart from that, you have to specify the type: put the cursor on the name and press Y, then put the type, like:

int __cdecl some_func(int arg1, int arg2, char* arg3)

(else IDA will not know *how* to call the function from Appcall)

Also, I didn't use signatures or anything like that, I just saw the big function with lots of constants and ROL4 so I assumed it was MD5 (I might be wrong, but it doesn't matter, the idea is that it is a hash function). Over time you get used to this and recognize most popular hashes / snippets by just looking at them.

Edited October 9, 2016 by hyper-v

[Rurik]

#7 is frustrating. The logic is straight forward, I see the final set of data, and the lookup, but not how to solve without an impossible brute force.

[Extreme Coders]

Yes, it is only solvable by brute force. To make it feasible you would need to predict some pieces of data.
There's a hint hidden in plain sight which should help you in guessing.

I am on the final challenge and it looks like a real deal breaker.

 

[kao]

@Rurik - it just looks impossible, it ain't. As I said earlier:

@Extreme Coders: same here. I'm not into digital dumpster-diving, so I take no pleasure in digging through 20MB PCAP..

 

[hyper-v]

2 hours ago, kao said:

@Rurik - it just looks impossible, it ain't. As I said earlier:

@Extreme Coders: same here. I'm not into digital dumpster-diving, so I take no pleasure in digging through 20MB PCAP..

 

I can't wait for all the writeups and the opinions/criticism on how is this even remotely RE related. It's not even funny.

[Rurik]

@Extreme Coders @kao, thanks. After half a day of brute forcing the answer came out.

Working from the back forward, you really only have to brute three blocks. I'd agree that the hint is in plain sight, but you wouldn't know it was a hint until you were done. At the very least, a good one to practice patching bytes.

[Extreme Coders]

@Rurik Definitely so. May be I was lucky and used the so called hint to make educated guesses, the answer came out in minutes instead of hours.

For #10, I am stuck on the first part where you would need to get the key to decrypt the embedded swf. A bruteforce seems infeasible, and the shuffling in the keystream generator makes it difficult to invert.

Edited October 11, 2016 by Extreme Coders

[evandrix]

https://github.com/CyberShadow/RABCDAsm ?

[Holy]

4 hours ago, Extreme Coders said:

@Rurik Definitely so. May be I was lucky and used the so called hint to make educated guesses, the answer came out in minutes instead of hours.

For #10, I am stuck on the first part where you would need to get the key to decrypt the embedded swf. A bruteforce seems infeasible, and the shuffling in the keystream generator makes it difficult to invert.

Same here, going the obfuscated javascript way after some layers seems to also need bruteforcing and is not feasible, so really stuck too.

[fasya]

8 hours ago, Extreme Coders said:

@Rurik Definitely so. May be I was lucky and used the so called hint to make educated guesses, the answer came out in minutes instead of hours.

For #10, I am stuck on the first part where you would need to get the key to decrypt the embedded swf. A bruteforce seems infeasible, and the shuffling in the keystream generator makes it difficult to invert.

You don't need to bruteforce the first key for the SWF, you have to get it from the obfuscated javascript.

 

4 hours ago, Holy said:

Same here, going the obfuscated javascript way after some layers seems to also need bruteforcing and is not feasible, so really stuck too.

It can be bruteforced but will take couple of hours to be done.

[Levis]

Just finished up today. Level 10 was really a nightmare, alongside with 5th and 8th (personally i think)