Jump to content
Tuts 4 You

Flare-On 7


Recommended Posts

  • 2 weeks later...
  • Replies 87
  • Created
  • Last Reply

Top Posters In This Topic

  • Kurapica

    9

  • kraxgrr

    9

  • kao

    8

  • ECX

    8

Top Posters In This Topic

Popular Posts

Get your tools ready!  

After spending three days i m still stuck at 4th challenge now i understand what it mean to be a reverse engineer. May be i will not solve all(or may be even the half of them) the challenge but i stil

With all respect to the efforts of the authors of the challenges, I advise you guys not to evaluate yourself or skills based on how many challenges of those you were able to solve, do it only for

Posted Images

Washi

Registration already open? I cannot seem to find the form.

Also I still haven't received my badge from last year :(

Link to post
Washi

Yea I did get an e-mail in late November but the tracking code was missing, so I don't even know where it went:

Screenshot_20200813_000249.png.1eed3b1a10b18fef5ad58ed1a1d9b84d.png

Tried already a few times to contact nickharbour but can't seem to get him to read my messages. At this point I don't think I'll ever receive it. Maybe this year I have more luck  😅

  • Like 1
Link to post
  • 4 weeks later...

After burning hours on challenge #2, does anybody have a hint or can confirm that I am on the right track:

After fixing the binary, it still does not "work". Taking a look at the code hows 3 interesting functions. Stuff is being manipulated by heavy pointer usage? I tried rebuild the relevant code parts but after a few iterations it crashes. Does this sound familiar to anyone or am I completely off track?

w.

Link to post
Kurapica

scanning the "garbage.exe" file shows it's packed with UPX 3.94, several fields in the "Data directories" have invalid values, and the Import directory is also missing

The Imports are missing from the .rsrc section, you can fix some stuff by hand and manipulate it to force stub to unpack UPX1, but it won't resolve the imports correctly

the dumped section contains several suspicious strings and a "covid19sucks" message, a quick look at the dumped section in IDA shows some xor functions at the main

function, I'm not a big fan of those challenges but I think kao can shed more light since he solved 9 challenges on first day :D

Link to post
deepzero

They have considerable skill placing this challenge at times where i absolutely cant spare the time to participate... :D

I just solved the first two though - little hint: Wine seems more allowing with corrupted exe files, it's relatively easy to fix it up to a point where Wine will eat it. ;)

 

Link to post
akkaldama
Spoiler

1. Used some unpacker tool to unpack this file
2.Used CFF explorer to fix the corrupted pe file
3.Run the exe and get the key

 

Here is how I solved it

 

Edited by akkaldama (see edit history)
Link to post

Im trying challenge 4. I have a decent idea of how to solve if only I had access to MS Office. But I can't run the scripts due to I lack MS Office.

Any suggestions for other ways of running the scripts ?

 

Link to post
Kurapica

you may have to wait until the end of the match, no one will be posting info during the match for the sake of honest competition.

you can find several downloads of office on the web if it's needed to solve the challenge

Good Luck

Link to post

Well. My idea of how to solve was correct. I was just lacking a copy of office. I can't see that as cheating to ask if any alternatives to pirating office exist.

Now I pirated office and I'm on to challenge #5.

Link to post

Retail copy of MS Office offers a 30 day trial before mandatory activation. That's not piracy. :)

In one of the next challenges, you'll also need pretty new build of Windows 10. Again, there are evaluation copies available.

 

Link to post

I feel pretty stupid for asking for a hint again. This time, it's ch3. Feel free to DM me if somebody wants to avoid spoilers.

I can control pretty much everything, score, highscore, obstacles, etc. I know how many points I need and I can win the game, winner screen appears but no flag is displayed. So I think there might be more "tamper" protection? Did anybody else have this problem?

Link to post
noweileen

Does anyone have any hints for 6/codeit? I deobfuscated the autoit script, but I'm not sure how to get the hash for decryption (or if this is even required)

Edit: Solved 🙂

Edited by noweileen (see edit history)
Link to post
4 hours ago, kraxgrr said:

So challenge #8 I get CoCreateInstance() fails.

Is this part of the challenge or my setup is bad ?

That's your setup. It should just run cleanly on a standard Windows 10 system.

Link to post
2 hours ago, Rurik said:

That's your setup. It should just run cleanly on a standard Windows 10 system.

Thanks. I managed to get it working by turning on "virtual machine platform". Only "WSL" was not enough.

Link to post

Hello,

Can someone give me a little tip for CodeIT. I deobfuscated code and i understand how the app works ( more or less)

Spoiler

 

1. Do i need to focus on bruteforce the hash stuff somehow (search for any weakspot)? I think it is not possible. AES / SHA256 etc inside.

2. Should i focus on the picture stuff and name?

 

Thanks for any help. Cheers.

Edited by ECX (see edit history)
Link to post
46 minutes ago, ECX said:

Hello,

Can someone give me a little tip for CodeIT. I deobfuscated code and i understand how the app works ( more or less)

  Reveal hidden contents

 

1. Do i need to focus on bruteforce the hash stuff somehow (search for any weakspot)? I think it is not possible. AES / SHA256 etc inside.

2. Should i focus on the picture stuff and name?

 

Thanks for any help. Cheers.

Spoiler

Focus on the function that used the computer name

 

  • Thanks 1
Link to post
8 hours ago, Futex said:
  Hide contents

Focus on the function that used the computer name

 

Spoiler

 

I work with this task 3-4 days and my brain is going to explode :) I have rewritten the code related with pc-name generation and manipulation. At this moment i would like to try bruteforcing the computer name. Is it good direction?

What i found is : take pcname-> lowercase it->perform manipulation of pcname with picture = output. Take output->sha256. use this sha256 to decrypt data. If contains magic string in front and at the end do manipulation with data in QRCode data-> Convert QR to Bitmap. Probably after that manipulation there will be encoded flag in the QRCode bitmap.

ps. Is it possible to get PCname from the picture? (like reverse it )

 

Can you give me more tips. Thank you. 

 

Link to post
Kurapica

don't brute-force it, and forget about the crypto function, it's all in the function which does the shifting

A pseudo code would look like


 

Local $flxmdchrqd = DllStructCreate("struct;byte[54];byte[" & $flvburiuyd - 54 & "];endstruct", DllStructGetPtr($flnfufvect))

Local $Counter = 1

;first Loop >>

For $dummy = 1 To DllStructGetSize($lowerCompName)

    Local $flydtvgpnc = 0

    ;second loop

    For $LoopCounter = 6 To 0 Step -1

        $flydtvgpnc += BitShift(BitAND(Number(DllStructGetData($flxmdchrqd, 2, $Counter)), 1), -1 * $LoopCounter)
        
        $Counter += 1

    Next

    ConsoleWrite("ASCII >> " & $flydtvgpnc & @CRLF)

Next

 

Watch for that ASCII value

 

 

 

Edited by Kurapica (see edit history)
  • Thanks 1
Link to post

Thank you for help. I managed to get the flag. Still little confused with this task. But i am glad that i pass it. Thank for help. I owe you a tea/coffee/beer:)

Link to post

If there was more of a hint, it'd be the answer. IMO what's already here for that problem is stretching it for acceptable help, especially in public.

Link to post

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×
×
  • Create New...