Flare On 6

[kao]

Following the good old tradition, this thread will be dedicated to the annual Flare-On challenge.  Who's going to participate this year?

 

[Etor Madiv]

2nd post reserved.  

Happy Hacking.

[GautamGreat]

Last year I solved 6 challenges hopefully this time I'll improve  

[kao]

Quote

The FireEye Labs Advanced Reverse Engineering (FLARE) team is thrilled to announce that the popular Flare-On reverse engineering challenge will return for the sixth straight year. The contest will begin at 8:00 p.m. ET on Aug. 16, 2019. This is a CTF-style challenge for all active and aspiring reverse engineers, malware analysts, and security professionals. The contest runs for six full weeks and ends at 8:00 p.m. ET on Sept. 27, 2019.

This year’s contest will feature a total of 12 challenges covering a variety of architectures from x86 on Windows, .NET, Linux, and Android. Also, for the first time in Flare-On history, the contest will feature a NES ROM challenge. This is one of the only Windows-centric CTF contests out there and we have crafted it to represent the skills and challenges our FLARE team faces.

If you are skilled and dedicated enough to complete the Sixth Flare-On challenge, you will receive a prize and recognition on the Flare-On website for your accomplishment. Prize details will be revealed later, but as always, it will be worthwhile swag to earn the envy of your peers. Previous prizes included belt buckles, a replica police badge, a challenge coin, and a huge pin.

Check the Flare-On website for a live countdown timer, to view the previous year’s winners, and to download past challenges and solutions for practice. For official news and information, we will be using the Twitter hashtag: #flareon6

I better brush up my NES hacking skillz..

 

[endered]

It's my 4th time to participate this wonderful reversing feast.

[fasya]

Any hints where to look for the flag in level five(demo)? I have no clue where to look for :(

[evandrix]

On 8/18/2019 at 11:15 AM, fasya said:

Any hints where to look for the flag in level five(demo)? I have no clue where to look for

the pouet link http://www.pouet.net/prod.php?which=53563 containing http://demo.hack.se/crinkler_tutorial/crinkler_tutorial.zip is gone

anyone can share a copy please?

[Extreme Coders]

On 8/18/2019 at 8:45 AM, fasya said:

Any hints where to look for the flag in level five(demo)? I have no clue where to look for

Spoiler

With the right tool this can be solved in minutes.  You don't even need a debug or unpack it.

 

[evandrix]

2 hours ago, Extreme Coders said:

  Hide contents

With the right tool this can be solved in minutes.  You don't even need a debug or unpack it.

 

mmm... 🤔

do you mean something like https://niemand.com.ar/2019/01/01/how-to-hook-directx-11-imgui or https://github.com/Sh0ckFR/Universal-ImGui-D3D11-Hook?

like maybe use that to change the colors to reveal the flag

Edited August 19, 2019 by evandrix

[TheProxy RE]

59 minutes ago, evandrix said:

mmm... 🤔

do you mean something like https://niemand.com.ar/2019/01/01/how-to-hook-directx-11-imgui or https://github.com/Sh0ckFR/Universal-ImGui-D3D11-Hook?

like maybe use that to change the colors to reveal the flag

you need for directx 9 not 11, still possible to do without any hook

[evandrix]

4 minutes ago, TheProxy RE said:

you need for directx 9 not 11, still possible to do without any hook

ah yes, right, i was more referring to the idea when including the links

it worked for me on win10 directx12 though

[evandrix]

https://tomtech999.wordpress.com/2011/09/07/debugging-directx-applications-with-pix-for-windows

[evandrix]

https://apitrace.github.io

[Extreme Coders]

1 hour ago, evandrix said:

do you mean something like https://niemand.com.ar/2019/01/01/how-to-hook-directx-11-imgui or https://github.com/Sh0ckFR/Universal-ImGui-D3D11-Hook?

Spoiler

Yes something like that.

 

[evandrix]

6 minutes ago, Extreme Coders said:

  Hide contents

Yes something like that.

 

ok yay, awesome! i shall go try that

Edited August 19, 2019 by evandrix

[Extreme Coders]

8 minutes ago, evandrix said:

ok yay, awesome! i shall go try that

Spoiler

BTW, I used a different tool - to extract the 3d models and assets.

 

[evandrix]

9 minutes ago, Extreme Coders said:

  Hide contents

BTW, I used a different tool - to extract the 3d models and assets.

 

oh yeah, that's genius

[evandrix]

5 hours ago, Extreme Coders said:

  Hide contents

BTW, I used a different tool - to extract the 3d models and assets.

 

yep, i think i found/used the same tool as you

i ❤️ quick wins

[blank]

I am stuck at 6 (bmphide). I don't know if I am doing something wrong, or I just don't get it. From the exe I found that I should look at the red pixels for retrievable data (specifically, the last 3 bits of each red byte). However, when I try to apply this to the image they gave us, it fails. I wouldn't want to write too much here and spoil the fun. However, if anyone could give me a hint, I would really appreciate it.

[kao]

@blank:

Spoiler

it's not only red.. and the data are encrypted.

 

[jameswoods]

I am stuck on the second one for an overlong amount of time. Can someone point me in the right direction as I have look at this file in multiple dissemblers and hex editors but nothing stands out to me.... I feel I am missing something obvious. 

 

[kao]

@jameswoods: you can't see the message using disassembler or hex editor. You'll need to debug the challenge and decode it. 

[0X7C9]

I got to bmbhide. I can't write decrypt. And all I know. I will use is the beautiful functional JITHOOK. So I will not solve the challenge without any help. It's really very difficult. I participated for the first time.

[Extreme Coders]

42 minutes ago, 0X7C9 said:

I got to bmbhide. I can't write decrypt.

Spoiler

Its possible to brute force without writing a decryptor. But atleast you need to recover the encrypted data from the image.

 

[ForlaxPy]

is the flarebear apk broken ? Or my emulator just sux lol