Flare On 6

[Extreme Coders]

@muppet

Hmm. That's how I did as well. May be you're missing something else or doing some calculations twice.

[muppet]

Ok wopr really was broken.

Spoiler

 

I solved the code and it was printable.

However it would not work when I run wopr.exe standalone.

Since the key decrypted the flag and the flag got approved by flareon site I know the key was correct but the key still not working in wopr.exe.

So I guess there was truth to the fact it was broken under some versions of win.

Broken challenges are no fun.

 

 

[j0hn19]

Hi again,

Which tools do you use to disassemble snake.nes file? 

[moly]

16 minutes ago, j0hn19 said:

Hi again,

Which tools do you use to disassemble snake.nes file? 

@j0hn19 I used Mesen

Edited September 22, 2019 by moly

[muppet]

reloadered giving a "application was unable to start, error 0x0000007b" when trying to run.

No debugger attached or anything.

Is this part of the challenge or another broken challenge ? 😕

I would've thought executable challenges should work out of the box but perhaps exhibit this behavior when run under a debugger.

But run stand alone and crash?

 

[j0hn19]

41 minutes ago, muppet said:

reloadered giving a "application was unable to start, error 0x0000007b" when trying to run.

No debugger attached or anything.

Is this part of the challenge or another broken challenge ? 😕

I would've thought executable challenges should work out of the box but perhaps exhibit this behavior when run under a debugger.

But run stand alone and crash?

 

It works fine on my vm machines (windows 7 and windows 10)

[muppet]

So I would be stuck trying to static solve it.

I duno. I tried reinstalling VC redists, dotnet stuff. Everything that was a proposed solution I've tried it. (VMs are nice *click click clickety click*

But this is a FRESH install on a VM.

Still getting error 0x0000007b unable to run it.

Running in x32dbg and halting on DLL loads I can see 3 dlls getting loaded then it dies.

If I remember correctly the last DLL was apphelp.dll which is some compatibility stuff.

Will continue digging tomorrow but if anyone has any input.. Please!

I want to continue this challenge until time runs out not because of another broken challenge... 😞

 

[noweileen]

Hello,

I'm stuck at mugatu. Can I please get a hint?

Spoiler

I'm trying to emulate access to mugatu.flare-on.com. Are there any good resources for configuring nginx on REMnux for this? Or any good tutorial on INetSim? 

Not sure this is even something I should be doing. But when running the file it only POST some stuff to mugatu.flare-on.com, so I assume it's expecting some kind of response back?

 

[scorpion77]

6 hours ago, muppet said:

So I would be stuck trying to static solve it.

I duno. I tried reinstalling VC redists, dotnet stuff. Everything that was a proposed solution I've tried it. (VMs are nice *click click clickety click*

But this is a FRESH install on a VM.

Still getting error 0x0000007b unable to run it.

Running in x32dbg and halting on DLL loads I can see 3 dlls getting loaded then it dies.

If I remember correctly the last DLL was apphelp.dll which is some compatibility stuff.

Will continue digging tomorrow but if anyone has any input.. Please!

I want to continue this challenge until time runs out not because of another broken challenge... 😞

 

@muppet - The setup I used to solve this was windows 7x64 inside vmware workstation. Infact I have multiple VM's (windows 10, win7 32bit etc) and the binary ran fine in all of them. Why dont you try downloading and extracting that challenge again

[AeroX2]

@noweileen - I wouldn't bother with nginx, setup a HTTP server with Python to make your life easier, something like (https://gist.github.com/bradmontgomery/2219997) but you are on the right track.

@muppet - Worked for me in Virtualbox Win10x64, I think your download or extraction got corrupted.

Edited September 23, 2019 by AeroX2

[adicto]

On 9/21/2019 at 2:17 PM, adicto said:

Challenge 11, got me beat. 

 

  Reveal hidden contents

I can see the jump lists, and the encryption part. but have no idea how to reverse the 2nd argument. Can anyone point me to the right direction? would highly appreciate it. two more levels, 6 days left. don't know if I can beat it in time lol

 

Update, finally got this. Google is your friend on this challenge.

[adicto]

For challenge 12 i have the dlls and the sys but cant seem to make heads or tails of them. When i try yo debug the dlls I always get to invalid address and then crash.

Update: turns out, its expecting an argument which is a pointer....still don't know what to do though

Edited September 23, 2019 by adicto

[muppet]

Update on reloadered. Was able to run it inside a Win7 x64 VM.

Same downloaded file for the challenge as in a Win10 where I get the error when trying to run.

Well.. f*** me. I was just able to run in a Win10 box as well. The cryptic message meant to download and install the VC runtime.

Not just any runtime. There was a specific one I found through someones else question on forum.

The first hit on vc runtime when searching was not right apparently cause with that one I continued receiving error.

Guess I will be able to try this one out after all.... in two days because thats when Ill be back at this computer again.

Probably wont make deadlines for this and the rest but at least I get to try them.

EDIT:

And yes I got both 32&64 bit of VCs whenever I downlaoded them so it was not that I chose the wrong one the previous time.

EDIT2:

And I only figured that out because in Win7 it started working after it complained speciiffically which runtime I needed instead of the error 0000007b.

Also fun fact. In XP the file is not recognized as an executable at all.

Edited September 23, 2019 by muppet
Add comment

[noweileen]

Challenge 10 - mugatu

Spoiler

So I'm somehow missing the encryption part?

When running the file it displays 2 images, but doesn't seem to be doing anything else. I also found a DLL, but again not sure how it relates to everything.

Any hint?

 

[AeroX2]

Spoiler

@noweileen - Is there something weird about the bottom of the first image that appears (Hint hint)

 

Edited September 24, 2019 by AeroX2

[drw0z0]

Hello all,

I'd appreciate your input on the dnschess challenge:

Spoiler

edited - never mind, answered my own question.

 

 

Edited September 24, 2019 by drw0z0

[noweileen]

Spoiler

Erm, so I seem to really be missing something here. The bottom of the image seems to contain parts from an executable file. I guess is the same one I dumped and the one responsible for the actual encryption, however I can't get it to run - by itself or in the initial mugatu executable.

Challenge 10 - mugatu ^

Edited September 25, 2019 by noweileen

[AeroX2]

Challenge 10 - mugatu
My memory is a little bit fuzzy with this challenge and my VM keeps crashing but if I remember correctly

Spoiler

@noweileen - If you analyze the file with APILogger you should notice it making calls to Twitter but also [*******].flareon.com, what is it expecting back from that server?
If the response is correct it should run and do something not visible to the user.

[thega96]

Hi, I need a small hint for challenge 4 - Dnschess

Thank you

Spoiler

Does the order of the moves in the pcap matter?

 

[blank]

Just now, thega96 said:

Hi, I need a small hint for challenge 4 - Dnschess

Thank you

  Hide contents

Does the order of the moves in the pcap matter?

 

Spoiler

The order from the pcap doesn't matter from what I noticed, but the order in which you make the moves does matter. You could find the right order just by trial and error or by analyzing the AI.

 

[thega96]

16 minutes ago, blank said:

  Hide contents

The order from the pcap doesn't matter from what I noticed, but the order in which you make the moves does matter. You could find the right order just by trial and error or by analyzing the AI.

 

Thank you, I had forgot that little detail while reversing the AI.

[noweileen]

Challenge 10 - mugatu

Spoiler

I though it was expecting the orange string xored with 4D and some padding to make it to 3C. Guess the 'padding' should be something specific?

 

Edited September 25, 2019 by noweileen

[SP2EIO]

Can anyone recommend me a good tool for solving the system of equasions in wopr? My initial thought was to solve it with Gaussian elimination however it's only for addition, not XORing 😕

[noweileen]

@SP2EIO wopr

Spoiler

https://github.com/Z3Prover/z3

 

[Zulu]

Stuck on 3, just because I cannot debug that apk in Android Studio.
I can see the device in adb devices

./adb devices
List of devices attached
emulator-5554	device

but in the debug window it just repeats the error

Waiting for application to come online: com.fireeye.flarebear

although the application is running in the emulator without any problems.
I just don't hit any breakpoints and cannot see the application in the "Attach Debugger to Android Process" window. 
Restarting the adb server, wiping the data from the device/emulator and switching to a different SDK did not help.

Did someone have the same problem before? Are there alternative GUIs to debug APKs? Which tools did you use?
I know that some ppl may be able to solve it simply by looking at the decompiled java code, but I need to look at it in a debugger.

Cheers & thanks

P.S. Congrats to kao (and all others who managed to solve all 12 challenges) 😉

Edited September 25, 2019 by Zulu