Jump to content
Tuts 4 You

Flare-On 8

kao

By kao
in Reverse Engineering Articles

 Share

Recommended Posts

adicto

adicto

Posted
Posted
1 hour ago, Washi said:

 

  Reveal hidden contents

Verify that you are using the right "source data" for the actual messages.

Thank you!!!! @Washi

  • Replies 178
  • Created
  • Last Reply

Top Posters In This Topic

  • kao

    36

  • adicto

    10

  • Washi

    7

  • Oggy

    7

Popular Days

Top Posters In This Topic

Popular Days

Popular Posts

Washi
Washi

I just pushed my write-ups for all challenges as well. Could contain some spelling mistakes here and there, but here you go: https://washi1337.github.io/ctf-writeups/writeups/flare-on/2021/

kao
kao

Get ready! Source: http://www.fireeye.com/blog/threat-research/2021/08/announcing-the-eighth-annual-flare-on-challenge.html

Extreme Coders
Extreme Coders

Indeed. Started late this year but managed to get all 10 done. Challenge 5 is literally the worst in my opinion. So much for guessing and making sense of all the weird recipes. 😂

Posted Images

Darth Blue

Darth Blue

Posted
Posted (edited)

Hello i am on chall #9
Any hints are welcome

Spoiler

I have found the api-func resolver function and the exception handler function. I still didn't get what the challenge does unfortunately

 

Edited by Darth Blue
typo
bianrycat

bianrycat

Posted
Posted

Any hint for challenge #5?
I can't seem to be able to figure out even the 1st step

adicto

adicto

Posted
Posted
1 hour ago, bianrycat said:

Any hint for challenge #5?
I can't seem to be able to figure out even the 1st step

It’s partly an IR forensic challenge. Triage the machine. Snoop around and check artifacts that you would check if you were investigating a machine for inspection

bianrycat

bianrycat

Posted
Posted
25 minutes ago, adicto said:

It’s partly an IR forensic challenge. Triage the machine. Snoop around and check artifacts that you would check if you were investigating a machine for inspection

Thank you!

Got it now

saagaraS

saagaraS

Posted
Posted
On 9/15/2021 at 5:06 AM, adicto said:

Thank you!!!! @Washi

Hi! I am having the same problem with the actual larger message to process. How is it different from the others? 

kao

kao

Posted
  • Author
Posted

@saagaraS

Spoiler

If you mean the 10KB message, you should be able to recover at least part of it. 

But even if you can't, that message is only "nice-to-have" and challenge can be solved without it.

 

saagaraS

saagaraS

Posted
Posted (edited)

@kao

Spoiler

Not too sure if this is appropriate to be posted here or a DM is better. I am referring to the one together with the message with the PNG header

I figured it out in the end. Thanks!

Edited by saagaraS
Remtaku

Remtaku

Posted
Posted

Hi, I'm actually having a hard time understanding how to procced with challenge 8.

Spoiler

I figured out where most of the code snippets are from. The rest of the part and how the input is used doesn't make sense.

Any hints on how to move forward ?

adicto

adicto

Posted
Posted

Yeah im stuck on 8 as well. Of all things javascript lol. Finding new respect for it

The code just comes out as garbage

Remtaku

Remtaku

Posted
Posted
27 minutes ago, adicto said:

The code just comes out as garbage

Yeah.

 

adicto

adicto

Posted
Posted

for number 8, I understand what to input and how long its supposed to be. Question is how are we supposed to reverse that input to get the correct output haha. I think I'm missing a clue somewhere

kao

kao

Posted
  • Author
Posted

@adicto

Spoiler

You can make a good guess what output should look like.

 

Darth Blue

Darth Blue

Posted
Posted

@kao i am on chall #9

Spoiler

I have found the 4 string (L0ve, 5Ex ...) but i still cannot get how rsa use these as a key!

Thanks for any hint

kao

kao

Posted
  • Author
Posted

@Darth Blue: good job, you're almost there! I can't give you any hint without giving out a full solution.

Spoiler

There is no RSA

 

unionselect

unionselect

Posted
Posted

I can decrypt files in 5, but it's gibberish. Does that mean my decryption isn't good, or that I'm missing another piece. If I encrypt my own test file it decrypts without issue. Anyone willing to DM?

kao

kao

Posted
  • Author
Posted

@unionselect: you've done just the very first step of the challenge. Now you need to figure out the rest.

 

unionselect

unionselect

Posted
Posted

Should I be looking in the same binary? Or back in the VM? I've found nothing in either, lol

unionselect

unionselect

Posted
Posted
3 hours ago, bohaw said:

@unionselectAre all of the files gibberish? Or is at least one in readable text?

Thanks. I noticed that a few hours ago. I'm kicking myself, because I wasted a lot of time checking the first three and giving up on them, lol.

pepegaswiper69

pepegaswiper69

Posted
Posted

I've been stuck on chall 8 for 3 days now

Spoiler

I know that we need to input something that will decrypt the blob into executable JS code, but I can't seem to guess what that code will look like. I'm trying to search the encrypted blob for some possibilities and derive the input from them, for example some JS keywords like "function", "return" and stuffs, but the result doesn't seem to be correct.

Am I going in the wrong direction?

kao

kao

Posted
  • Author
Posted

@pepegaswiper69: the direction is right, just one of your assumptions is wrong.

Spoiler


3 hours ago, pepegaswiper69 said:

JS code

What symbols it may/may not contain?

 

  • Like 2

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing
×
×
  • Create New...