kao Posted October 16, 2020 Author Share Posted October 16, 2020 @ashoka_: that is a very good attitude! Every year we get some people who are just asking for answers. Sooner or later they get the flag - but they don't learn anything in the process. So, keep on working and learning! 1 Link to comment Share on other sites More sharing options...
Kurapica Posted October 16, 2020 Share Posted October 16, 2020 A little hint for the 4th, I remember it was about xoring, make sure the XORing produces the correct PNG header to get the flag. After you get the annoying MP3 file, inspect it with 010 editor to find its last frame offset, then you will see the data you will have to "decrypt" to get the flag. I'm not sure I remember this very well, but keep trying and you will make it. 1 Link to comment Share on other sites More sharing options...
loossy Posted October 16, 2020 Share Posted October 16, 2020 I am analyzing ch11 now. Can you debug the obtained pefile?? I loaded it directly to the memory, or I used 0xcc to attach the debugger, but the PE file still cannot process the code. Link to comment Share on other sites More sharing options...
Peter Posted October 21, 2020 Share Posted October 21, 2020 (edited) Hi! Anyone willing to give a last step push on 11th, please? Thank you! Edited October 21, 2020 by petr Link to comment Share on other sites More sharing options...
Extreme Coders Posted October 22, 2020 Share Posted October 22, 2020 @petr Spoiler The final challenge is a lot similar to the leaked malware sources. The flag is stored in one of the values of the registry, the one that is not decryptable using the same way as for the DLLs. You've similar functions in the leaked sources too to store a value encrypted to the registry. Need to find out similar functions in the binaries. Link to comment Share on other sites More sharing options...
Peter Posted October 22, 2020 Share Posted October 22, 2020 3 hours ago, Extreme Coders said: @petr Hide contents The final challenge is a lot similar to the leaked malware sources. The flag is stored in one of the values of the registry, the one that is not decryptable using the same way as for the DLLs. You've similar functions in the leaked sources too to store a value encrypted to the registry. Need to find out similar functions in the binaries. @Extreme Coders yup, thanks for your response. I am exactly at the last step of decryption(s), having trouble obtaining the plaintext. I think I have the right key(s), but one of the algorithms may be wrong... Link to comment Share on other sites More sharing options...
Extreme Coders Posted October 22, 2020 Share Posted October 22, 2020 @petr Spoiler The plaintext is encrypted twice before being written to the registry. One of the cipher algorithm is standard, the other is custom. So you need two keys. One of them is easy to spot, the other is derived from some data. If that "data" is not correct, the key will also be wrong. Link to comment Share on other sites More sharing options...
kao Posted October 24, 2020 Author Share Posted October 24, 2020 Official solutions are out: https://www.fireeye.com/blog/threat-research/2020/10/flare-on-7-challenge-solutions.html Congrats to everyone who participated and huge respect to those who solved all the challenges! You guys rock! Link to comment Share on other sites More sharing options...
Kurapica Posted October 24, 2020 Share Posted October 24, 2020 in my humble opinion, some challenges were ridiculous from reverse engineering perspective. but all in all, it was fun for those who learned new skills. Congratulations to the winners. Link to comment Share on other sites More sharing options...
masta Posted October 24, 2020 Share Posted October 24, 2020 2 hours ago, Kurapica said: in my humble opinion, some challenges were ridiculous from reverse engineering perspective. but all in all, it was fun for those who learned new skills. Congratulations to the winners. What challenges do you talk about, and why ? Congrats to the winner ! This year was fun again Link to comment Share on other sites More sharing options...
Kurapica Posted October 25, 2020 Share Posted October 25, 2020 9 hours ago, masta said: What challenges do you talk about, and why ? Congrats to the winner ! This year was fun again I've never played CTFs before but I was curios when kao posted about it few weeks ago. I'm not a pro reverser like kao or those who do it as a job or as a source of income so my experience was mostly with real life applications and protections, I expected something similar to this field, I mean in how the challenges should be approached, problem with CTFs is that after you solve several ones, you start to develop a pattern on how you should work with next challenges, like those "IQ" patterns questions which are imposed by some recruiters to test your "IQ" ! , solving them is some kind of a skill you develop just like learning a game of cards which doesn't mean you have a super IQ ! anyway practical or "real life" situations are different from what I saw in those challenges, but I still have so much respect for the efforts of the authors who created this CTF. 3 Link to comment Share on other sites More sharing options...
whoknows Posted October 27, 2020 Share Posted October 27, 2020 github.com/LeoCodes21/ctf-writeups/tree/main/Flare-On%202020 Link to comment Share on other sites More sharing options...
GautamGreat Posted October 31, 2020 Share Posted October 31, 2020 (edited) can we aspect some writeup from @kao ? Edited October 31, 2020 by GautamGreat Link to comment Share on other sites More sharing options...
kao Posted October 31, 2020 Author Share Posted October 31, 2020 @GautamGreat: These days I have very limited free time, so I have no plans to write full solutions myself. Maybe I'll make an overview of other solutions and comment on how I approached that specific problem. No promises though. 2 Link to comment Share on other sites More sharing options...
kao Posted November 3, 2020 Author Share Posted November 3, 2020 (edited) For now just a collection of solutions. Hopefully I'll have some time over weekend to comment on those.. https://whitehatlab.eu/en/blog/ https://kienmanowar.wordpress.com/ https://zenhack.it/writeups/ https://0xdf.gitlab.io/ https://explained.re/ https://krabsonsecurity.com/2020/09/13/write-ups-for-the-flare-on-2020-challenges/ https://medium.com/bugbountywriteup/writeup-to-the-flare-on-7-challenge-47c8d2ef3366 https://medium.com/insomniacs/journal-flareon7-part-1-ca675815f204 https://github.com/gray-panda/grayrepo/tree/master/2020_flareon https://github.com/enderdzz/ReverseThings/tree/master/2020/flareon7 https://github.com/LeoCodes21/ctf-writeups/tree/main/Flare-On 2020/ https://github.com/aleeamini/Flareon7-2020 https://github.com/zondatw/CTF-Write-Up/tree/master/2020-flare-on Please feel free to add more links, if you find some! Bonus image: Spoiler (c) f5_experts at https://twitter.com/f5_experts/status/1319816432167731200/ Edited November 3, 2020 by kao Link to comment Share on other sites More sharing options...
Washi Posted November 6, 2020 Share Posted November 6, 2020 I just published my own write-ups on my GitHub, if anyone is interested https://github.com/Washi1337/ctf-writeups/tree/master/FlareOn/2020 5 2 Link to comment Share on other sites More sharing options...
Kurapica Posted November 6, 2020 Share Posted November 6, 2020 Nice work man, Congratulations ... Link to comment Share on other sites More sharing options...
kao Posted November 6, 2020 Author Share Posted November 6, 2020 @Washi: Fantastic writeups, both thumbs up! Link to comment Share on other sites More sharing options...
akkaldama Posted November 9, 2020 Share Posted November 9, 2020 (edited) On 11/7/2020 at 12:54 AM, Washi said: I just published my own write-ups on my GitHub, if anyone is interested https://github.com/Washi1337/ctf-writeups/tree/master/FlareOn/2020 @Washi The 6th one is codeit, not the report, may be you can fix the typo BTW, Nice writeups. Thanks Edited November 9, 2020 by akkaldama Link to comment Share on other sites More sharing options...
Washi Posted November 9, 2020 Share Posted November 9, 2020 @akkaldama Thanks for pointing it out! I must have forgotten to change it after copying the template from another page. Link to comment Share on other sites More sharing options...
Geryon Posted November 29, 2020 Share Posted November 29, 2020 Good work @Washi Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now