Jump to content
View in the app

A better way to browse. Learn more.

Tuts 4 You

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

Featured Replies

Posted

Seems like the website of Flare-On (http://flare-on.com/) just added a timer; Flare-On 10 is going to start on September 29!

I wonder if the medal shipments of last year will be in time before this next installment :D

 

Who's joining this year? :)

Edited by Washi

  • Replies 104
  • Views 32.2k
  • Created
  • Last Reply

Top Posters In This Topic

Most Popular Posts

  • My primary machine actually decided to die on me today... And since I'm "old sk3wl CTFer", I don't have all my infra in the cloud.    

  • Oh.... I've solved #ch10, that was crazy. The most difficult task in this year. However, I haven't seen 11,12,13 yet... 🙂 Only 1 advice: take a bag of the RedBull and be patient

Posted Images

I don't know... without medals it's not the same...

</irony>

  • Author
On 9/8/2023 at 5:00 PM, kao said:

I don't know... without medals it's not the same...

Seems like they had some problems with their previous vendor and that they will start shipping roughly at the same day flare 10 starts.

 

  • 2 weeks later...

The 10th annual Flare-On Challenge begins on September 29th, 2023 at 8:00pm ET. This year's flareon contains 13 challenges!

Spoiler

This year’s contest will feature 13 challenges covering a variety of architectures, including 32- and 64-bit Windows, Linux, and Android; and even a retro-computing challenge involving PDP-11.

 

 

Edited by akkaldama

Deleted

Edited by akkaldama

  • 2 weeks later...

Did you prepared your VM's?

no-source-meme.jpeg.efed3bcbd253113a899ab87b8424e1f3.jpeg

2 hours ago, bluedevil said:

Did you prepared your VM's?

which one is your favorite one :)

3 hours ago, bluedevil said:

Did you prepared your VM's?

My primary machine actually decided to die on me today... And since I'm "old sk3wl CTFer", I don't have all my infra in the cloud. :)

 

 

Someone finish the ch#2 ?

Spoiler

The pictures IV.png and ps.png are important or just another decoy?

Thanks ! cheers

 

Spoiler

yes

 

Edited by cybercat

Finally i did it the ch#2. hahaha😂

I need a nudge for #5.

Spoiler

I have decoded multi-stages of the payload.  I got to the code where it pops up the message box.  I also figured it out how different parts of the code communicate with each other.  I also found the hint near the code that popped up the message box.  However, I cant seem to locate what the thing/function the hint was pointing at.   Thanks in advance!

 

@pcmcia:

Spoiler

you need to find the exact thing that you can't seem to locate. Then feed it with some data.

 

Edited by kao

44 minutes ago, kao said:

@pcmcia:

  Hide contents

you need to find the exact thing that you can't seem to locate. Then feed it with some data.

Thanks for the reply / nudge!

Spoiler

I think I found the thing I needed to located.  I'm trying to feed it some "data" to unlock it.  But I can't seem to find that.   Is this some kind of guess work?  Also, how long is that "data" I need to feed it?

Edited by pcmcia

For everyone playing Flare-On this year - no challenge requires a *significant* computing power for bruteforcing large values, or an *unreasonable* guessing game. You might need to Google some things but that's about it.

 

@pcmcia: it's all there, keep looking. I can't tell you anything else w/o giving a full solution.

editing opcodes directly in memory - that is very confusing approach :)  (ch#3)

Oh... I'm on FlareSay task. How to get that key with a hash, any ideas? It seems not possible to brute that number of bytes. Im pretty sure the result has to be Winning + decrypted string (0x54 bytes) using that key.

I wonder if this task is about knowledge in crypto and there is some kind of crypto mistake, or need to search around..

P.S. [LATER] Hah... understand. Crazy. I hadn't been born yet.

Edited by Kolombo

  • Author
18 minutes ago, Kolombo said:

P.S. [LATER] Hah... understand. Crazy. I hadn't been born yet.

Sometimes just narrating what you've done so far really works wonders doesn't it :D

I have also a question regarding ch5:

Spoiler

I found the hint with the crypto algorithm but dont no where to look for it. I have also seen the decryption of the resources but I'm not sure if this is the algorithm that is to be found. Maybe somebody can help

Many thanks in advance

Spoiler
Spoiler

 

I just guessed  ch5, where it might be and hit the nail from the 1st attempt. It is quite straightforward. I'm really not sure if it is possible to solve other way (if anyone did please tell). So, you have a hint, find where and apply the hint.

Actually you have everything at this point. People tend to be lazy to do another way the thing you have already analysed.

Edited by Kolombo
added info

  • Author

@test

Spoiler

You can find an open source implementation of the algorithm on the web. You can then try to cross-reference it with anything you have found.

 

1 hour ago, Washi said:

@test

  Reveal hidden contents

You can find an open source implementation of the algorithm on the web. You can then try to cross-reference it with anything you have found.

 

Thanks for the response.

Spoiler

Thats what I tried all the time but I'm not really sure if I'm looking at the right spot. I tried to look for constants, but wasn't able to identify anything similar

 

Spoiler

Hmm.. I think the way to identify the place where the algo using open source implementation is difficult in this case and time consuming. Just need to set  a HW BP where the first byte will be written. You have a process creation and the memory where the decryption is done. Just backtrace it, find a call, identify params and use it to decrypt the last stage. That way I did.

 

Edited by Kolombo

Create an account or sign in to comment

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.