@ashoka_: that is a very good attitude!  

Every year we get some people who are just asking for answers. Sooner or later they get the flag - but they don't learn anything in the process.
So, keep on working and learning!

A little hint for the 4th, I remember it was about xoring, make sure the XORing produces the correct PNG header to get the flag.

After you get the annoying MP3 file, inspect it with 010 editor to find its last frame offset, then you will see the data you will have to "decrypt" to get the flag.

I'm not sure I remember this very well, but keep trying and you will make it.

I am analyzing ch11 now.
Can you debug the obtained pefile??
I loaded it directly to the memory, or I used 0xcc to attach the debugger, but the PE file still cannot process the code.

Hi! Anyone willing to give a last step push on 11th, please? Thank you!

Edited October 21, 20204 yr by petr

@petr

Spoiler

The final challenge is a lot similar to the leaked malware sources. The flag is stored in one of the values of the registry, the one that is not decryptable using the same way as for the  DLLs.
You've similar functions in the leaked sources too to store a value encrypted to the registry. Need to find out similar functions in the binaries.

 

3 hours ago, Extreme Coders said:

@petr

  Hide contents

The final challenge is a lot similar to the leaked malware sources. The flag is stored in one of the values of the registry, the one that is not decryptable using the same way as for the  DLLs.
You've similar functions in the leaked sources too to store a value encrypted to the registry. Need to find out similar functions in the binaries.

 

@Extreme Coders yup, thanks for your response. I am exactly at the last step of decryption(s), having trouble obtaining the plaintext. I think I have the right key(s), but one of the algorithms may be wrong...

@petr

Spoiler

The plaintext is encrypted twice before being written to the registry. One of the cipher algorithm is standard, the other is custom.
So you need two keys. One of them is easy to spot, the other is derived from some data. If that "data" is not correct, the key will also be wrong.

 

Official solutions are out: https://www.fireeye.com/blog/threat-research/2020/10/flare-on-7-challenge-solutions.html

 

Congrats to everyone who participated and huge respect to those who solved all the challenges! You guys rock!

 

in my humble opinion, some challenges were ridiculous from reverse engineering perspective.

but all in all, it was fun for those who learned new skills.

Congratulations to the winners.

2 hours ago, Kurapica said:

in my humble opinion, some challenges were ridiculous from reverse engineering perspective.

but all in all, it was fun for those who learned new skills.

Congratulations to the winners.

What challenges do you talk about, and why ?

Congrats to the winner ! This year was fun again

9 hours ago, masta said:

What challenges do you talk about, and why ?

Congrats to the winner ! This year was fun again

 

I've never played CTFs before but I was curios when kao posted about it few weeks ago.

I'm not a pro reverser like kao or those who do it as a job or as a source of income so my

experience was mostly with real life applications and protections, I expected something similar to

this field, I mean in how the challenges should be approached, problem with CTFs is that after you solve

several ones, you start to develop a pattern on how you should work with next challenges, like those "IQ"

patterns questions which are imposed by some recruiters to test your "IQ" ! , solving them is some kind of a skill

you develop just like learning a game of cards which doesn't mean you have a super IQ !

anyway practical or "real life" situations are different from what I saw

in those challenges, but I still have so much respect for the efforts of the authors who created this CTF.

 

 

 

github.com/LeoCodes21/ctf-writeups/tree/main/Flare-On%202020

can we aspect some writeup from @kao ?

Edited October 31, 20204 yr by GautamGreat

@GautamGreat: These days I have very limited free time, so I have no plans to write full solutions myself. 
Maybe I'll make an overview of other solutions and comment on how I approached that specific problem. No promises though.

For now just a collection of solutions. Hopefully I'll have some time over weekend to comment on those..

https://whitehatlab.eu/en/blog/
https://kienmanowar.wordpress.com/
https://zenhack.it/writeups/
https://0xdf.gitlab.io/
https://explained.re/
https://krabsonsecurity.com/2020/09/13/write-ups-for-the-flare-on-2020-challenges/
https://medium.com/bugbountywriteup/writeup-to-the-flare-on-7-challenge-47c8d2ef3366
https://medium.com/insomniacs/journal-flareon7-part-1-ca675815f204
https://github.com/gray-panda/grayrepo/tree/master/2020_flareon
https://github.com/enderdzz/ReverseThings/tree/master/2020/flareon7
https://github.com/LeoCodes21/ctf-writeups/tree/main/Flare-On 2020/
https://github.com/aleeamini/Flareon7-2020
https://github.com/zondatw/CTF-Write-Up/tree/master/2020-flare-on

Please feel free to add more links, if you find some!

 

Bonus image: 

Spoiler

 (c) f5_experts at https://twitter.com/f5_experts/status/1319816432167731200/

 

Edited November 3, 20204 yr by kao

I just published my own write-ups on my GitHub, if anyone is interested

https://github.com/Washi1337/ctf-writeups/tree/master/FlareOn/2020

Nice work man, Congratulations ...

@Washi: Fantastic writeups, both thumbs up!

 

On 11/7/2020 at 12:54 AM, Washi said:

I just published my own write-ups on my GitHub, if anyone is interested

https://github.com/Washi1337/ctf-writeups/tree/master/FlareOn/2020

@Washi The 6th one is codeit, not the report, may be you can fix the typo

BTW, Nice writeups.

Thanks

Edited November 9, 20204 yr by akkaldama

@akkaldama Thanks for pointing it out! I must have forgotten to change it after copying the template from another page.

Good work @Washi