Flare-On 11

[Rurik]

5 hours ago, NativeBridge said:

Anybody can help with ch3 ? i need to create file to match the yara rule ? dont understand what to do 

Yes. You need to discover data that would trigger the Yara rule.

[AUP]

22 hours ago, cl4whands said:

does challenge 6 require to guess an input string that should be hashed?

Spoiler

if you read the README carefully they said brute-force will not work...

 

[M.b]

Hi, anyone can help me with 5?

Spoiler

I believe I found the second key and nounce but I can not find where encrypted data is... Any hint? 

 

[pcmcia]

On 10/4/2024 at 6:35 AM, AUP said:

  Hide contents

if you read the README carefully they said brute-force will not work...

 

I'm stuck on #6 as well.   I could use a hint/nudge.  Thanks!

[NativeBridge]

Any hint to ch5 sshd ? 

[JimJ1m]

Any hint on the chall 2? I have pass the first operations easily. But can't understand how to find the hex checksum for the chacha20 decryption.

 

[jackyjask]

1 hour ago, JimJ1m said:

Any hint on the chall 2? I have pass the first operations easily. But can't understand how to find the hex checksum for the chacha20 decryption.

 

Spoiler

hint:  find the main.a() (main_a) and you'll have a fresh energy drive how to move forward (from the end...

 

[Washi]

On 10/5/2024 at 8:34 AM, M.b said:

Hi, anyone can help me with 5?

  Reveal hidden contents

I believe I found the second key and nounce but I can not find where encrypted data is... Any hint? 

 

Spoiler

Everything you need to get should be obtainable systematically via the code and crashdump. Think about where the keys and data would be stored when the relevant code is executed.

 

[RevEnjoyer]

Hi, could I get a small nudge for challenge 7 (fullspeed)? I believe I've reversed everything and am able to communicate successfully with the unmodified binary. But the used crypto seems to be secure (tried many attacks for a day) so no idea how to extract the flag from the .pcap.

Update: Got it! Had all the requisite information already but putting it together wasn't easy for me although in hindsight it is very obvious. (as always)

Edited October 8 by RevEnjoyer
Update

[AmyBrooklin]

Never mind! I wanted some help on level 2, but I was able to figure it out.

Edited October 7 by AmyBrooklin
I was able to figure it out.

[Washi]

On 10/6/2024 at 3:45 PM, RevEnjoyer said:

Hi, could I get a small nudge for challenge 7 (fullspeed)? I believe I've reversed everything and am able to communicate successfully with the unmodified binary. But the used crypto seems to be secure (tried many attacks for a day) so no idea how to extract the flag from the .pcap.

Spoiler

As a general note on attacks: Attack scripts almost never work right out of the box. You will always need to slightly adjust to your current situation.

Revisit the parameters involved. Are they all adhering to the standards that are generally expected of them?

 

[kekw]

I'm new to CTF and kinda stuck at chall 2. All I can make out of from the decompiled program is that it involves chacha20-poly1305 encryption and there are two other main functions. Can anyone pls drop a hint?

[g0lan]

Any hint on challenge 6? I'm browsing and trying to follow the code for a while now.
It looks very complicated, and I think I probably just don't know how to approach this.
I obviously have never seen verilog before in my life😅

[M.b]

Anyone can help me with 6?i really don't know how to understand what I'm reading 

[Rurik]

6 is just a PITA. 

Spoiler

Understand it, have reimplemented it, and am writing directly in Verilog now and making my own Verilog tbs to fuzz routines. But being told that I'm doing 1000000x more effort than necessary. It's interesting, but not fun.

 

[xdbruh1234]

Hint for 6

Spoiler

Find anything suspicious and focus on that

 

[JimJ1m]

Any hint for chall3? I'm able to get most of the char thanks to constants values xored or added, but unable to find the rest, there is too much possibilities.

[cl4whands]

need sanity check on challenge 7 (fullspeed)

Spoiler

it seems to me that internal state of the prng has to be replayed somehow. is that correct path? if so, are values in network handshake enough to recover that? or something like seed should be bruteforced?

 

[James7349]

I'm so stuck on challenge 5  Please can someone help me? I think I need it explaining like I'm a child 🤣

[understated1]

Hi guys I'm new to Reverse engineering CTF and at got stuck totally at chall 2.

i saw the code via ghidra and noe it has chacha20-poly1305 encryption somewhere nd there is 2 main functions. Can anyone pls drop a hint what to do next as i wont be able to go forward any more then? pls help !

[xdbruh1234]

Any hint on #7?

Spoiler

I checked the libraries implementation and it's pretty secure. I noticed something is small though I don't know how to exploit it. 

 

[Washi]

@JimJ1m

Spoiler

If there are too many options, that means you did not find or qualify all the constraints correctly. There is only one correct answer, and it can be found systematically

@cl4whands, @xdbruh1234

Spoiler

Everything required to decrypt all data can be found in the pcap and code. Figure out what the involved protocols are and find a weakness!

@understated1

Spoiler

There is something else other than the symmetric crypto schemes you mention. Did you look at the remainder of the code?

@James7349

Spoiler

Figure out where and why the server crashed. That should be your starting point of analysis.

Edited Thursday at 06:46 PM by Washi

[Peter]

More interested about your setups for challenge 5.

• Is it possible to dump the shellcode from gdb?
  I did and while I can see the shellcode in gdb it doesn't appear in the disassembler (tried with IDA Free). In the dump that section is all byte 0.
• Is it possible to connect the disassembler to the running gdb with the core file?

I managed to find the shellcode and extract what I think to be the encrypted RSA blob (0x200 bytes), additionally extracted e and N from the RSA structure, unfortunately cannot decrypt the blob. (the RSA part I think is only to verify the key signature so nothing to decrypt I guess).

Happy to bounce ideas here or in DM if anyone is interested. Thank you!

Edited Saturday at 11:25 AM by Peter

[xdbruh1234]

Spoiler

I still cant fornicationing solve 7 holy shit. I have tried every script on github and none of them worked. Im tilted so bad already

 

Edited Saturday at 04:39 PM by xdbruh1234

[Marie]

ch5 is quite hard

Edited 14 hours ago by Marie
i'm done