Jump to content
Tuts 4 You

Flare-On 9

Washi

By Washi
in Reverse Engineering Articles

 Share

Recommended Posts

  • Replies 117
  • Created
  • Last Reply

Top Posters In This Topic

  • kao

    13

  • deepzero

    9

  • Extreme Coders

    9

  • Rurik

    7

Popular Days

Top Posters In This Topic

Popular Days

Popular Posts

Washi
Washi

Fasten your seatbelts; Flare-On 9 starts on September 30! https://www.mandiant.com/resources/blog/announcing-ninth-flareon-challenge

Rurik
Rurik

Some of my more silly ones. I felt bad about 10 and 11, and then realized everyone else did shortcuts as well https://www.ghettoforensics.com/2022/11/flare-on-9-worst-writeups.html

Washi
Washi

I just pushed my own writeups: https://washi1337.github.io/ctf-writeups/writeups/flare-on/2022/ Challenge 1-9 should be all complete. I haven't done writeups for challenge 10 and 11 yet, as I do

  • 1 month later...
Ralf

Ralf

Posted
Posted
3 hours ago, Coca said:

About the ch4, the VirtualAlloc function is only a decoy? thx

it's very important  for get correct strings

Link to comment
Share on other sites
deepzero

deepzero

Posted
Posted

> About the ch4, the VirtualAlloc function is only a decoy? thx

no

> I try have put BP

Keep looking. For example

Spoiler

remember the action happens when you hit return key

 

Quick question regarding challenge 5, is it possible to solve this offline without data from the flare-on server? or is an online connection required?

Link to comment
Share on other sites
kao

kao

Posted
Posted (edited)

@deepzero: all FLARE challenges can be solved offline.

EDIT: to clarify - you don't need to communicate with flare-on servers. But you might consider making your own server for... something... :)

Edited by kao
  • Like 1
Link to comment
Share on other sites
Aeri

Aeri

Posted
Posted

Hi, Can someone give me a small hint for ch6 ? I really don't get it right now. Something is obviously missing. Am I supposed to work with the provided sample ? I though it would be related to some past challenge's binaries, but nothing can interact with it ... This is a bit frustrating to face something like this

Link to comment
Share on other sites
f355

f355

Posted
Posted

anyone can give me a hint on ch4? 

Spoiler

Patched the exe so now I can enter passwords for the binary and see if that returns the flag. Should I write a brute forcer for the password?

 

Link to comment
Share on other sites
Aeri

Aeri

Posted
Posted
9 hours ago, f355 said:

anyone can give me a hint on ch4? 

  Hide contents

Patched the exe so now I can enter passwords for the binary and see if that returns the flag. Should I write a brute forcer for the password?

 

Spoiler

Patching may not be the right approach. Bruteforcing is definitively not the right approach. Maybe what you've patched is acting as a way to check if the password is correct ... Take the time to understand what you've patched. It's here for a reason.

 

Link to comment
Share on other sites
vfsrfs

vfsrfs

Posted
Posted

hi can some give me a hint for ch6? Any help would be greatly appreciated.

Spoiler

Found the client code (dotNet), but I have no idea where to look for the server code.

 

Link to comment
Share on other sites
Washi

Washi

Posted
  • Author
Posted
3 hours ago, loossy said:

I'm doing an analysis, but I don't know what points to look at.

 

Spoiler

You have a network trace, and an executable that generated it somehow. Find out how it did it :)

 

Link to comment
Share on other sites
endered

endered

Posted
Posted

Hi, could someone give me a hint on ch7 pls?

Spoiler

Can I solve it just by relying on that JS code alone? I didn't find any more valuable code other than JS code.

But the JS code doesn't behave the same way as binary when I run it locally, there is an apparently weird `if` condition that doesn't trigger when executing the binary.

 

Link to comment
Share on other sites
kao

kao

Posted
Posted (edited)

@endered: 

Spoiler
6 hours ago, endered said:

JS code doesn't behave the same way as binary when I run it locally

Figure out why is that and how to work around it.

 

Edited by kao
Link to comment
Share on other sites
Even

Even

Posted
Posted

Could I talk through my thought process with someone here on 6? I believe I'm looking at the pertinent part of the binary, and I've made progress and have written it up in notes and can discuss how I've made it this far, but I could use a sanity check.

Link to comment
Share on other sites
loossy

loossy

Posted
Posted

I'm doing challenge 5.

The first communication was decrypted, but a binary that did not know what it meant came out.
In the second communication, it was "CLR" and could not be decrypted.
Are there any points I should focus on?

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing
×
×
  • Create New...