Flare-On 8

[pcmcia]

Can I get a nudge / hint on the rc4 and the formula for the ch#5?  Can anyone dm me please?

[kao]

2 hours ago, whitesocks said:

I can't find anything about the signature used in these requests

 

Spoiler

ME0W is not the signature you're looking for. Search more, for example, adding "signature" to the query keywords.

[barber]

6 hours ago, barber said:

Hello all,

 

Could someone give me a nudge (maybe better in DM?) on level 6.

I am not experienced with pcap's, I have trying for 4 days to find a start. But even with duckduckgo I can't figure out where to begin.

Found it.

Edited October 5, 2021 by barber

[Rurik]

I've now spent more time trying to make muffins for Chal5 than I have for anything else this year, and am still trying. Now I see why everyone is dunking on this challenge 😡

Even though we all know what "number" they are referring to avoid having to make them  

 

[edit -- gave up on all their hints and clues and just bruteforced it ... and now the hints make sense once you see the answer]

Edited October 12, 2021 by Rurik

[Extreme Coders]

Indeed. Started late this year but managed to get all 10 done.

Challenge 5 is literally the worst in my opinion. So much for guessing and making sense of all the weird recipes. 😂

[pula3241]

I have been stuck on ch9 for many days. Can someone please give me a hint?

Spoiler

I am not able to find the part about how the threads handle my packet after receiving the data.

 

[tycolli]

Can anyone please help me on CH4 seems that I'm lost or to stupid to see the solution.

Spoiler

I found the second ... and also the fish strings

Done it.

Edited October 12, 2021 by tycolli

[Extreme Coders]

@pula3241

Spoiler

Tracking usage of IPC APIs is a good starting point. Mutex, Semaphore, Event objects.
Would be easier after you've decoded all the apis resolved by hash.

@tycolli

Spoiler

The exe has been compiled by a special tool.  Similar to Flash Builder which generates an exe from SWFs. (This challenge is not about Flash though.)
That tool can can also import the exe as a project. Would be easier to analyze of you go about this way.

[DrSauerkraut]

Heya all o/

Wouldn't mind to get a few help around Chall #3. I got several steps validated but I'm stuck about what to do next.

 

Spoiler

I did get the layer order and all the books of armament, but I'm unable to extract any flag from there. I suppose I need to merge all armaments versions but how ?

Thanks in advance :)

[Extreme Coders]

@DrSauerkraut

Spoiler

Merging is just copying all the armaments from a specific layer to a directory while allowing overwrite. Order of copying is important as a later armament file will overwrite a same named file from before.
And of course you can pull the ELF from the docker container to execute it directly on the system, without needing to tinker with the docker files.

[DrSauerkraut]

Thanks

Spoiler

I just finished the merging of all files and I obtain kind of an ascii art. But no clue about what to do next 😕

 

[tycolli]

41 minutes ago, DrSauerkraut said:

Thanks

  Hide contents

I just finished the merging of all files and I obtain kind of an ascii art. But no clue about what to do next 😕

 

You die not arrange them correctly

[score1]

Hi Im currently in Ch7 

Got to the point when it tried to connect to the subdomain

I made some changes to connect 

it send and recv but it keep looping 

should I edit the landing page? to make it like reading a command from page? 

 

any help would be appreciated 

DM is open 

[Oggy]

Hi, I'm on 9 and have some confusions

Spoiler

When I debug reach CryptImportKey, It always returns 0 (fail). Have I some mistakes??

 

[kao]

@Oggy:

Spoiler

most likely - when you disabled anti-debug, you also disabled one critical piece of code and now challenge is not working properly.

 

[ECX]

Hello, 

I think i need a little help in the end of CH#7. I think i have everything, but i don't know how to connect dots

Does in CH#7 some kind of values are needed to be entered? I mean the situation that i need to pass a password or something? 

At the end there is decryption and some other 'operations'....but for me it does not depend on any input value. Am i right?

I try to avoid spoilers so my description is at it is.

 

[Brisco2077]

Having a bit of trouble on CH8.

Spoiler

I know I'm supposed to decode that base64 blob but have tried searching for plaintext words like "function" or some of the longer 64 byte strings in the random functions the original code uses for obfuscation. I have also tried using the text input field names with no luck. Am I on the right path here or is there an easier way to find the key?

 

[kao]

@Brisco2077: the idea is right, just some of your assumptions are incorrect.

[Brisco2077]

20 minutes ago, kao said:

@Brisco2077: the idea is right, just some of your assumptions are incorrect.

Sorry just so I'm understanding

Spoiler

The assumption that those words would be in the decoded output or something else I am doing?

 

[m0nk]

Can't seem to figure out the second piece to Challenge 6

Spoiler

I combined the messages in stream 0 to get the PE file which doesn't run. Haven't been able to figure out how to combine the patches in stream 1 into any meaningful data. Static analysis of the exe doesn't seem to be giving anything super helpful. Am I missing something obvious here?

 

[kao]

@Brisco2077:

Spoiler

28 minutes ago, Brisco2077 said:

The assumption that those words would be in the decoded output

Exactly that.  

@m0nk:

Spoiler

28 minutes ago, m0nk said:

Static analysis of the exe doesn't seem to be giving anything super helpful.

Assuming you decompressed both streams correctly - static analysis should reveal how messages in stream 1 are encrypted. 

 

[0xccoxcc]

I have tracked all code of Ch7 and got some interesting strings but have no idea now. Some tips will be helpful.

Spoiler

1. Tow Registry Key and I know how they generated.

    Computer\HKEY_CURRENT_USER\Software\Microsoft\Spel

    0: 80 97 c4 90 xx xx xx xx .........

    1: ec 71 e8 67 xx xx xx ....

2. A String very closed to FLAG "l3rlcps_7r_vb33eehskc3"

 

Now I don't know what to do..... Am I on the right way?

[kao]

@0xccoxcc:

Spoiler

You have found 2 encrypted halves of the flag. What you do with them, is entirely up to you...

 

[0xccoxcc]

14 minutes ago, kao said:

@0xccoxcc:

  Reveal hidden contents

You have found 2 encrypted halves of the flag. What you do with them, is entirely up to you...

 

Done after a bath...I think that part just a guesswork....

[kao]

Hehe, it's not the best part for sure. But still much much better than Challenge#5...