Flare-On 9

[fl0wer]

Could use some help with challenge 5..

I am rather new to reversing, sorry for the dumb questions here. I am too stuck on ch5.
 

Spoiler

When you guys are decrypting, are you editing the actual binary before execution (through some python script that iterates through the binary)? Or are you decrypting during runtime? It looks like stuff is getting encrypted/obfuscation, but I struggle to find some kind of input key that I can follow to identify what exactly is getting encrypted.

First thing I did was to set the time back to June 14th 2022, I did this manually through the Windows systime. I also tried to just set `eax` to `0xF` where the program does a `cmp eax, F` to see if time is right. Both things "works" it seems - gets me out of the long `sleep`.

However, when moving forward, I am not sure what and where something gets encrypted - and how I decrypt it. I see where the first base64 encoded string is being created, but I feel I need to figure out what is being base64 encoded in the first place, which I struggle with. The word `ahoy` prefixed by some numbers seems to what's doing a XOR obfuscation, but I am not sure at all.

I spent around 8 hours looking at this 😅. I guess I need to read up on encryption/decryption. I learned something new about base64 encoding/decoding - didn't know you could change the scheme's index cipher and it would still be valid base64, pretty cool.

 

Hope someone can help 🙂 

Edited October 23, 2022 by fl0wer

[Rurik]

Me: "You can be a good reverse engineer without a background in software development and computer science."

 

Me, on challenge 8: "Well, crap ..."

Edited October 23, 2022 by Rurik

[fl0wer]

1 hour ago, Rurik said:

Me: "You can be a good reverse engineer without a background in software development and computer science."

 

Me, on challenge 8: "Well, crap ..."

Pretty jealous you made it that far. Well done!

Edited October 23, 2022 by fl0wer

[vpn]

Hi, could someone give me a hint on ch7 pls? i can predict with math.random but i don't know what to do 'state'??

[deepzero]

Spoiler

look into control flow flattening.

@vpn

Edited October 24, 2022 by deepzero

[vpn]

23 hours ago, deepzero said:

  Hide contents

look into control flow flattening.

@vpn

Any more in-depth suggestions? 

[Extreme Coders]

3 hours ago, vpn said:

Any more in-depth suggestions? 

Spoiler

Try to convert the code to a linear form - without the loop & switch-case.

The value of 'state' at the end of each case is known, so its possible to deduce which case executes next. Alternatively you may just insert an appropriate logging statement within each case to know the execution order.

Once the order is known,  the statements can be rearranged in a linear form without the switch-case. No special tools are needed. Use of regex, text-manipulation utilities like sed, grep  and a decent text editor are enough.

 

[cybercat]

Hi,

Regarding the CH8...Does the hash from the based64 commands is crucial for this task? I think i am at the end of this task, but still cannot get any good output to Process.Start. Is this hash calculation is some kind of anti-tamper trick? If someone is willing to help please send me a direct message because i don't know if i got the correct hash.

is there any fast method to acquire the correct hash or i need to take all necessary stuff 'manually' by extracting strings and mixing it with those Stackmethod strings.

ps. If i could compare my values with someone, please send me a PM. Thank you

Edited October 25, 2022 by cybercat

[nullul]

5 hours ago, Extreme Coders said:

  Hide contents

Try to convert the code to a linear form - without the loop & switch-case.

The value of 'state' at the end of each case is known, so its possible to deduce which case executes next. Alternatively you may just insert an appropriate logging statement within each case to know the execution order.

Once the order is known,  the statements can be rearranged in a linear form without the switch-case. No special tools are needed. Use of regex, text-manipulation utilities like sed, grep  and a decent text editor are enough.

 

Spoiler

sorry I might have missed out something, but for every case, after the `state` is assigned a new value, it goes to back to the beginning of the loop and xor with some random value again, how do you determine it's value? or the random value can somehow be predicted?

edit:

nvm, I think I know it. anode.exe has some weird behaviour. thank you always~

 

Edited October 25, 2022 by nullul

[Cat4425]

Hello, I stuck on challenge 10 since I cannot even boot up the machine...

Spoiler

I've tried to recompile the software to disable checksum check but it doesn't help, 

could someone advise me how to continue ?

[deepzero]

@cybercat

Spoiler

yes, the hash is used for decryption. there are probably different ways to go about it but the easiest is probably massaging the exe into a state where it is working with the right hashes internally by itself.

@fl0wer

Spoiler

you are broadly on the right track. keep reversing. the xor encryption you mention might be hashing.

@Cat4425

Spoiler

what software did you recompile? probably easiest is to use one of the OS images floating around in the internet..

 

[vpn]

14 hours ago, nullul said:

  Hide contents

sorry I might have missed out something, but for every case, after the `state` is assigned a new value, it goes to back to the beginning of the loop and xor with some random value again, how do you determine it's value? or the random value can somehow be predicted?

edit:

nvm, I think I know it. anode.exe has some weird behaviour. thank you always~

 

what kind of strange behavior is the anode doing??

[regexninja826]

On 10/6/2022 at 3:14 AM, predat0r said:

The bcrypt function is Hashing. So how are we supposed to get the password? I see that the characters inputted as passwords in the command line args are added to the value stored that starts with P^^. the salt is there. But I couldnt get anywhere else.

I am in the same place. I am completely bumfuzzled by this challenge. I know the answer is staring me right in the face like the previous 2. I have the password or I think I do. The virtual alloc function is providing the correct result. Now what? I get a crypted output 


update: yup staring me right tin the face (details matter) lol.. finished
 

Edited October 26, 2022 by regexninja826
update

[fl0wer]

Challenge 5

Thank you @deepzero

Did someone ever stumple upon a similar CTF-exercise before? I'd really like to solve this one, but I feel I need more experience with encryption, could be nice to try another, similar one, but with some sort of write-up!
 

Spoiler

I feel the exact time is really important, down to the milisecond, am I way off here?  I get that hunch because I am looking at a function's input which also calculates with miliseconds:

GetLocalTime(&SystemTime);
sub_D32015(SystemTime.wMilliseconds + 1000 * (SystemTime.wSecond + 60 * SystemTime.wMinute));

 

 

Edited October 26, 2022 by fl0wer

[nullul]

9 hours ago, vpn said:

what kind of strange behavior is the anode doing??

Spoiler

hmmm, the Math.random in anode.exe is not actually random, that's all I see..

 

[Rurik]

After staring at #9 for a long long time...

Spoiler

I get the idea. I've found multiple simplistic implementations in the wild. I've labeled up my code and it's matching what I expect, taking into account the large sized basic maths. I've compared them to known code, and compiled my own to compare the bytecode against. I've read 5 white papers on theorems to find exploits, Chinese Remainder, Shors, Euclidean etc, and reviewed a ton of CTF write-ups for similar attacks (PicoCTF seems to do this often).

For us people that don't have math brains to understand literally linear quadratic formulas, is there something that is easy to overlook?

 

[Pon]

Hey, I would really appropriate some help with CH8

Spoiler

Till now Im stuck with a very basic understanding of the EXE.
The file sends DNS to <random>.flare-on.com

When I tried to approach the file using DnSpy, there were that those annoying compilation errors.

Looking deeper, I came to a realization that flare_70 & flare_71, are in charge of decryption (or more accurately obfuscation) and execution. So I injected code the mscorlib, that would get me the real IL for each method executed, but that only got me few functions decrypted (flared_66, flared_69, flared_35, flared_47, flared_67, flared_68).

Then I tried to injected code that iterate on each method and tries to decrypt it using a copy of flare_71 and the corresponding array&dict but it didn't really work...

Some nudge to the right direction will be much appreciated ( or any tool that might make my life easier)

 

[kao]

@Rurik

Spoiler

1 hour ago, Rurik said:

I've labeled up my code and it's matching what I expect

Recheck your labels. Or your expectations.

Hint: you don't need a supercomputer or PhD in applied mathematics to solve it.

 

[milomoli]

For chall11
 

Spoiler

The binary makes a request to a sever with sth looks like base64 encoded
But when i decode it there is no interesting stuff in there
Can someone give me a hint for next step?

 

[Extreme Coders]

@milomoli

Spoiler

5 hours ago, milomoli said:

The binary makes a request to a sever with sth looks like base64 encoded
But when i decode it there is no interesting stuff in there
Can someone give me a hint for next step?

The interesting stuff is encrypted and base64 encoded just before making the request.

 

[Rurik]

On 10/29/2022 at 11:38 AM, kao said:

 

  Hide contents

 

 

Recheck your labels. Or your expectations.

 

Hint: you don't need a supercomputer or PhD in applied mathematics to solve it.

@kaothank you. You were right.

Spoiler

I edited the numbers in memory to be easier to track by sight and I got them confused.

 

[kao]

@Rurik: congratulations on finishing FLARE!  

Are you planning to publish your solutions once the competition is over?

[Rurik]

@kaoI haven't done a proper writeup in years. And most of my attempts haven't been very novel.  I also force myself to revert snapshots so that I'm not tempted to do a full writeup  
But, I have fun with my horrible methods to get answers. Which includes #2, #10, and most definitely #11 (which took about 5 mins of effort  and was way dirtier than the dirty method). I may get a few up. I don't think I've done a lulz writeup since writing an Excel spreadsheet to do x86 rotate / xchg / xor decryption for me.

[milomoli]

On 11/1/2022 at 4:12 AM, Rurik said:

@kaoI haven't done a proper writeup in years. And most of my attempts haven't been very novel.  I also force myself to revert snapshots so that I'm not tempted to do a full writeup  
But, I have fun with my horrible methods to get answers. Which includes #2, #10, and most definitely #11 (which took about 5 mins of effort  and was way dirtier than the dirty method). I may get a few up. I don't think I've done a lulz writeup since writing an Excel spreadsheet to do x86 rotate / xchg / xor decryption for me.

can i have a hint for chall11 pls? how can you solve that in such a short time ??

[Rurik]

1 hour ago, milomoli said:

can i have a hint for chall11 pls? how can you solve that in such a short time ??

Spoiler

Just do the basics of malware analysis. Work on it like a Junior Analyst  No reverse engineering required.

 

Edited November 2, 2022 by Rurik