Jump to content
View in the app

A better way to browse. Learn more.
Tuts 4 You

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

Flare-On 9

Washi
Washi
in Reverse Engineering Articles

Featured Replies

  • Replies 117
  • Views 36.7k
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Most Popular Posts

  • Rurik
    Rurik

    Some of my more silly ones. I felt bad about 10 and 11, and then realized everyone else did shortcuts as well https://www.ghettoforensics.com/2022/11/flare-on-9-worst-writeups.html

  • Washi
    Washi

    I just pushed my own writeups: https://washi1337.github.io/ctf-writeups/writeups/flare-on/2022/ Challenge 1-9 should be all complete. I haven't done writeups for challenge 10 and 11 yet, as I do

  • deepzero
    deepzero

    Just for fun, check out my exotic solution for #5 in form of a superhacky bruteforce script ... cuts down required reversing to a minimum. runtime is about 30 min ... import ida_dbg, ida_byte

The timing couldn't be worse... but I'm still going to enjoy it immensely! :)

  • 1 month later...

hey anyone is playing? :)

7th challenge (anode) is a 55mb nodejs executable. Now waiting disassembler for loading it.

Any tips on how to approach the third challenge ?

Edited by w00she

6 hours ago, w00she said:

Any tips on how to approach the third challenge ?

Spoiler

U = up ;)

 

About the ch4, the VirtualAlloc function is only a decoy? thx

I also have problem this challenge. I try have put BP into "SDL_TEXTEDITING"  and "SDL_TEXTINPUT" but It is not working :(

3 hours ago, Coca said:

About the ch4, the VirtualAlloc function is only a decoy? thx

it's very important  for get correct strings

> About the ch4, the VirtualAlloc function is only a decoy? thx

no

> I try have put BP

Keep looking. For example

Spoiler

remember the action happens when you hit return key

 

Quick question regarding challenge 5, is it possible to solve this offline without data from the flare-on server? or is an online connection required?

@deepzeroall FLARE challenges can be solved offline.

EDIT: to clarify - you don't need to communicate with flare-on servers. But you might consider making your own server for... something... :)

Edited by kao

    • Like 1

    Hi, Can someone give me a small hint for ch6 ? I really don't get it right now. Something is obviously missing. Am I supposed to work with the provided sample ? I though it would be related to some past challenge's binaries, but nothing can interact with it ... This is a bit frustrating to face something like this

    anyone can give me a hint on ch4? 

    Spoiler

    Patched the exe so now I can enter passwords for the binary and see if that returns the flag. Should I write a brute forcer for the password?

     

    Congrats @kao 

    • Thanks 1
    9 hours ago, f355 said:

    anyone can give me a hint on ch4? 

      Hide contents

    Patched the exe so now I can enter passwords for the binary and see if that returns the flag. Should I write a brute forcer for the password?

     

    Spoiler

    Patching may not be the right approach. Bruteforcing is definitively not the right approach. Maybe what you've patched is acting as a way to check if the password is correct ... Take the time to understand what you've patched. It's here for a reason.

     

    Congrats @Washi

    • Like 1
    • Thanks 1

    hi can some give me a hint for ch6? Any help would be greatly appreciated.

    Spoiler

    Found the client code (dotNet), but I have no idea where to look for the server code.

     

    hello
    I'm on challenge 5.
    I'm doing an analysis, but I don't know what points to look at.
    Could you give me a little hint?

    • Author
    3 hours ago, loossy said:

    I'm doing an analysis, but I don't know what points to look at.

     

    Spoiler

    You have a network trace, and an executable that generated it somehow. Find out how it did it :)

     

    • Author

    @vfsrfs

    Spoiler

    It's all in the same program, just maybe not in the place you may expect it from a typical .NET application...

     

    Hi, could someone give me a hint on ch7 pls?

    Spoiler

    Can I solve it just by relying on that JS code alone? I didn't find any more valuable code other than JS code.

    But the JS code doesn't behave the same way as binary when I run it locally, there is an apparently weird `if` condition that doesn't trigger when executing the binary.

     

    @endered

    Spoiler
    6 hours ago, endered said:

    JS code doesn't behave the same way as binary when I run it locally

    Figure out why is that and how to work around it.

     

    Edited by kao

    .

    Edited by er3zoid

    Could I talk through my thought process with someone here on 6? I believe I'm looking at the pertinent part of the binary, and I've made progress and have written it up in notes and can discuss how I've made it this far, but I could use a sanity check.

    I'm doing challenge 5.

    The first communication was decrypted, but a binary that did not know what it meant came out.
    In the second communication, it was "CLR" and could not be decrypted.
    Are there any points I should focus on?

    Create an account or sign in to comment

    Go to topic listing

    Configure browser push notifications
    Chrome (Android)
    1. Tap the lock icon next to the address bar.
    2. Tap Permissions → Notifications.
    3. Adjust your preference.
    Chrome (Desktop)
    1. Click the padlock icon in the address bar.
    2. Select Site settings.
    3. Find Notifications and adjust your preference.