Jump to content
Tuts 4 You

Flare-On 7


Recommended Posts

ashoka_
On 10/13/2020 at 7:28 PM, Kurapica said:

Man, Flareon is for experienced reversers or at least those who are not just starting, I recommend that you start mastering the basics

and familiarize yourself with the many concepts that you may need to understand, and come back next year to play those

Flareon challenges, you will definitely score better.

After spending three days i m still stuck at 4th challenge now i understand what it mean to be a reverse engineer. May be i will not solve all(or may be even the half of them) the challenge but i still try my best till the last day. 

  • Like 3
Link to post
  • Replies 82
  • Created
  • Last Reply

Top Posters In This Topic

  • kraxgrr

    9

  • ECX

    8

  • Kurapica

    7

  • Rurik

    7

Top Posters In This Topic

Popular Posts

Get your tools ready!  

After spending three days i m still stuck at 4th challenge now i understand what it mean to be a reverse engineer. May be i will not solve all(or may be even the half of them) the challenge but i stil

With all respect to the efforts of the authors of the challenges, I advise you guys not to evaluate yourself or skills based on how many challenges of those you were able to solve, do it only for

Posted Images

kao

@ashoka_: that is a very good attitude! :) 

Every year we get some people who are just asking for answers. Sooner or later they get the flag - but they don't learn anything in the process.
So, keep on working and learning!

  • Like 1
Link to post
Kurapica

A little hint for the 4th, I remember it was about xoring, make sure the XORing produces the correct PNG header to get the flag.

After you get the annoying MP3 file, inspect it with 010 editor to find its last frame offset, then you will see the data you will have to "decrypt" to get the flag.

I'm not sure I remember this very well, but keep trying and you will make it.

Link to post

I am analyzing ch11 now.
Can you debug the obtained pefile??
I loaded it directly to the memory, or I used 0xcc to attach the debugger, but the PE file still cannot process the code.

Link to post
Extreme Coders

@petr

Spoiler

The final challenge is a lot similar to the leaked malware sources. The flag is stored in one of the values of the registry, the one that is not decryptable using the same way as for the  DLLs.
You've similar functions in the leaked sources too to store a value encrypted to the registry. Need to find out similar functions in the binaries.

 

Link to post
3 hours ago, Extreme Coders said:

@petr

  Hide contents

The final challenge is a lot similar to the leaked malware sources. The flag is stored in one of the values of the registry, the one that is not decryptable using the same way as for the  DLLs.
You've similar functions in the leaked sources too to store a value encrypted to the registry. Need to find out similar functions in the binaries.

 

@Extreme Coders yup, thanks for your response. I am exactly at the last step of decryption(s), having trouble obtaining the plaintext. I think I have the right key(s), but one of the algorithms may be wrong...

Link to post
Extreme Coders

@petr

Spoiler

The plaintext is encrypted twice before being written to the registry. One of the cipher algorithm is standard, the other is custom.
So you need two keys. One of them is easy to spot, the other is derived from some data. If that "data" is not correct, the key will also be wrong.

 

Link to post

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×
×
  • Create New...