Jump to content
Tuts 4 You

Recommended Posts

Posted
  On 10/4/2020 at 10:47 AM, lazydaemon said:

The in instruction appears after the running this code (thats the code, doing stuff on the data from the PCAP):

 

challenge7.png

 

Could it be a problem with the endianness? Because I just copied the data from the pcap into the allocated memory region (instead of providing data for the 'recv' call)

Expand  

 

Oh I thought you encountered the IN instruction early on. Like just after unpacking the shellcode.

Then I don't know.

I just copied the required data and provided it by a netcat session.

I think eventually as I went over it again I just pasted the data into the recv() buffer and set retval as successful and skipped over the actual call

Do check that whatever data you provide is actually correct.

I had an issue with python in the sense that it encoded weirdly.

As in the string "\x86" instead of setting 0x86 in a binary it would encode each character so I would have '\', 'x', '8', '6' in hex. 4 characters instead of 1.

Seems to have been an issue with the way python3 wants data compared to how it was done in python2.

 

Posted
  On 10/4/2020 at 1:44 PM, AeroX2 said:

I've really hit a wall with challenge #9 this year. I've been trying for a probably more than a week now and I still haven't felt like I have made any progress.
Can someone point me in the right direction? Thanks
 

  Reveal hidden contents

 

Expand  

 

The password you find should be understandable by human.

So if it is all non-human-readable (non-ASCII) you have the wrong one.

 

Posted
  On 10/4/2020 at 3:22 PM, kraxgrr said:

 

Oh I thought you encountered the IN instruction early on. Like just after unpacking the shellcode.

Then I don't know.

I just copied the required data and provided it by a netcat session.

I think eventually as I went over it again I just pasted the data into the recv() buffer and set retval as successful and skipped over the actual call

Do check that whatever data you provide is actually correct.

I had an issue with python in the sense that it encoded weirdly.

As in the string "\x86" instead of setting 0x86 in a binary it would encode each character so I would have '\', 'x', '8', '6' in hex. 4 characters instead of 1.

Seems to have been an issue with the way python3 wants data compared to how it was done in python2.

 

Expand  

I basically did the same.

 

  Reveal hidden contents

 

Posted

Found my mistake 😉

Posted (edited)

For 9

I am at the point where I can step through 9 and see what is happening with the driver. I now have seen a pop culture quote. Am I on the right track, or is this something added in to be funny like the covid19-sucks string in an early challenge?

and it is okay if this question is not answered, but can the flag be observed through a debugger without writing additional code? Or will I not be able to get around writing something to communicate with the DLL.

Edited by bohaw
Posted

Thankfully, you don't need to know meaning of any memes or recognize any pop culture references to solve the challenge. String is just a string.
 

  Reveal hidden contents

I didn't have to write any COM client to get the flag. YMMV.

Posted

I found that as a rule of thumb, when you start seeing quotes, jokes or texts that refer to flare-on, it is usually a clue put in by the challenge authors indicating that you are on the right track. Also, just noticing that it is a quote is enough, flare-on never seems to rely on riddles that go beyond the scope of reverse engineering.

 

Posted (edited)

Hello again.

Does Challenge 9 need clean windows 10 or any special settings? I get BSOD on DeviceIOControl. thanks for reply.

Edited by ECX
Posted

@ECX There have been multiple reports of challenge 9 causing blue screens for some people. The organizers suggested the following:

  Quote

Avoid a possible blue-screen by debugging this on a single core VM

Expand  

Did you try this already?

Posted
  On 10/9/2020 at 10:14 PM, ECX said:

Hello again.

Does Challenge 9 need clean windows 10 or any special settings? I get BSOD on DeviceIOControl. thanks for reply.

Expand  

I used from a windows 7 with 1 core cpu in virtualbox. But you may get BSOD sometimes in debugging but a restart solves the problem. Run your debugger as administrator

Posted

Hi, any hints on the last challenge ?

What I have done is:

  Reveal hidden contents

 

Posted

I am doing flare-on7's 10th challenge.

I found first flag.

I analyzed the whole code, but couldn't find second flag.

Does anyone have any advice for me?

Bloew is what I did.

  Reveal hidden contents

 

Posted
  On 10/11/2020 at 3:13 PM, loossy said:

I am doing flare-on7's 10th challenge.

I analyzed the whole code, but couldn't find second flag.

Does anyone have any advice for me?

 

Expand  

They like to hide their flag checks in some really nice routines.

Posted

Hello guys, I'm currently doing challenge 6 and I've found the correct thing that needs to be found.
I have some issues with the actual decryption, I am getting an error from CryptDecrypt (0x80090005 - NTE_BAD_DATA) and I do not understand why, If someone can help me out with this a little I would be glad.
BTW I tried to change the value in the au3 script and I still get the same error (also when I implement the same api calls in C)

Posted
  On 10/11/2020 at 8:40 PM, sysc4ll said:

I am getting an error from CryptDecrypt (0x80090005 - NTE_BAD_DATA)

Expand  

Crypto is 100% standard, so this error probably means you didn't find "the correct thing that needs to be found".

  Reveal hidden contents

 

Posted
  On 10/12/2020 at 7:43 AM, kao said:

Crypto is 100% standard, so this error probably means you didn't find "the correct thing that needs to be found".

  Reveal hidden contents

 

Expand  

The answer to your question is yes,

(the spoiler one), I just have no idea how to make a hidden text in here... 

Posted

Hello,i am quite new to reverse engineering. My friend suggested me to try flareon challenge. I will start today. I just want to know can anyone please recommend me good reference material in case i stuck at some challenge. 

Posted

So you are new to reverse engineering and your friend suggested Flareon ?

you really have some good friends.

  • Haha 2
Posted
  On 10/13/2020 at 7:41 AM, Kurapica said:

So you are new to reverse engineering and your friend suggested Flareon ?

you really have some good friends.

Expand  

thanks

Posted
  On 10/13/2020 at 7:41 AM, Kurapica said:

So you are new to reverse engineering and your friend suggested Flareon ?

you really have some good friends.

Expand  

LOL, some friends he got there... 😂

Posted
  On 10/13/2020 at 7:51 AM, ashoka_ said:

thanks

Expand  

Man, Flareon is for experienced reversers or at least those who are not just starting, I recommend that you start mastering the basics

and familiarize yourself with the many concepts that you may need to understand, and come back next year to play those

Flareon challenges, you will definitely score better.

  • Like 1
Posted

I am analyzing ch 10.

If possible, could you advice me how to checked key table information (logging, tracing.. some anything) OR reverse engineering know-how in this situation(fork-ptrace-waitpid)?

Posted (edited)
  On 10/13/2020 at 1:58 PM, Kurapica said:

Man, Flareon is for experienced reversers or at least those who are not just starting, I recommend that you start mastering the basics

and familiarize yourself with the many concepts that you may need to understand, and come back next year to play those

Flareon challenges, you will definitely score better.

Expand  

To be fair though, the first few challenges are relatively easy. If you're new, you probably won't finish all challenges, maybe not even half of them, but it doesn't hurt to give it a shot :)

Also a lot can be learnt while reading write-ups of previous runs of the flare-on CTF.

  

  On 10/13/2020 at 3:37 PM, loossy said:

I am analyzing ch 10.

If possible, could you advice me how to checked key table information (logging, tracing.. some anything) OR reverse engineering know-how in this situation(fork-ptrace-waitpid)?

Expand  
  Reveal hidden contents

 

Edited by Washi
Posted (edited)

Hi, need help with CH 9.

 Does CreateThread(kernel version) is important? I am stuck in the driver.  What is important in the driver?

I noticed that my remote debugging session in one certain point does not have RETN. Did you also have it when you were struggling with driver?

Thanks for any tips.

Also thanks for tip with 1 core VM (windows 7)...it works better but still crashing on some actions.

Is windows 10(1-Core VM) a must have?

 

 

 

 

Edited by ECX
Posted
  On 10/13/2020 at 1:58 PM, Kurapica said:

Man, Flareon is for experienced reversers or at least those who are not just starting, I recommend that you start mastering the basics

and familiarize yourself with the many concepts that you may need to understand, and come back next year to play those

Flareon challenges, you will definitely score better.

Expand  

After spending three days i m still stuck at 4th challenge now i understand what it mean to be a reverse engineer. May be i will not solve all(or may be even the half of them) the challenge but i still try my best till the last day. 

  • Like 3

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...