Posts Tags Categories About

Flare-On 7 - Write-up of all write-ups

 included in write-up ctf
   492 words   3 minutes 

Intro

This is the write-up of all Flare-On 7 challenge write-ups. We assembled this list of the write-ups we found for the different challenges and wrote down the methods each challenge can be solved in.

Found a write-up that we did not mention? Wrote a write-up and can’t find it here? Send us a Pull-Request on Github.

This list will keep getting updates

Challenges

1 - fidler 🐍

  1. Static
    1. Call decode_flag with the correct number - explained.re, author✏️, asuna amawaka, @NotCoderL, @arnaugamez
    2. Guess correct input for decode_flag - @demonslay335 (video)
  2. Dynamic
    1. Cheat Engine
      1. Increase speed - @bbaskin
    2. Modify program
      1. current_coins > 100 billion - @_graypanda, @0xdf_, @pawel_lukasik
      2. Cat click increase in 100 billion - @xEHLE_, @L3cr0f, @AleeAmini
    3. Play and win - @g3rzi

2 - garbage 🚮

  1. Repair headers and manifest
    1. Execute - author✏️, @74wny0wl, @xEHLE_, @0xdf_
  2. Add junk and unpack
    1. Static
      1. XOR the strings - explained.re, author✏️, @_graypanda, @0xdf_, @NotCoderL, @g3rzi, asuna amawaka, @demonslay335 (video), @L3cr0f
      2. floss XORPlugin - 0xswitch
    2. Emulation
      1. Cutter - explained.re
      2. Unicorn Engine - 0xswitch
      3. radare2’s ESIL - @arnaugamez
  3. Manual unpack - @AleeAmini

3 - wednesday 🐸

  1. Dynamic
    1. Patch collision - explained.re, author✏️, @74wny0wl, @0xdf_, @AleeAmini, @g3rzi, @arnaugamez
    2. Cheat Engine - @xEHLE_, @demonslay335 (video), @arnaugamez
    3. Play and win - @NotCoderL
    4. Patch required score - asuna amawaka
  2. Static
    1. Decode binary flag from obstacles array - author✏️, @_graypanda, @L3cr0f, @arnaugamez

4 - Report 📄

  1. Static
    1. pcode2code - explained.re, author✏️, @74wny0wl, @0xdf_, @NotCoderL, @_graypanda
    2. pcodedmp - @xEHLE_, @g3rzi, @L3cr0f
    3. Educated guess and XOR with PNG header - asuna amawaka, @AleeAmini

5 - TKApp 🐯

  1. Run the flag getting routine with all the right inputs
    1. Python - explained.re, author✏️, @NotCoderL, asuna amawaka, @L3cr0f
    2. C# - @_graypanda, @74wny0wl, @xEHLE_, @AleeAmini, @g3rzi
  2. Emulate the watch OS with winning conditions - @0xdf_

6 - codeit 👩🏽‍💻

  1. Static - explained.re, author✏️, @_graypanda, asuna amawaka, @xEHLE_, @NotCoderL, @L3cr0f, @AleeAmini, @g3rzi

7 - re-crowd 🦈

  1. Analyze shellcode
    1. Static decode AlphanumUnicodeMixed - explained.re, author✏️, @_graypanda, @NotCoderL, @xEHLE_, @L3cr0f
    2. Dynamic analysis- asuna amawaka, @AleeAmini, @g3rzi

8 - Aardvark 🐧

  1. Static
    1. Patch board - explained.re, author✏️, @_graypanda, @xEHLE_, @L3cr0f
    2. Patch game check function - asuna amawaka, @AleeAmini
  2. Dynamic
    1. Change board
    2. Change game check function return value

9 - crackinstaller 🔫

  1. Dynamic
    1. Load driver and get the password
      1. Invoke credHelper functions
        1. COM - author✏️
        2. IDA Pro’s Appcall
        3. Build an executable
      2. Decrypt with RC4 - explained.re, @_graypanda, @xEHLE_, asuna amawaka, @AleeAmini
  2. Static
    1. Decrypt password with Salsa
      1. Decrypt flag with RC4

10 - break 🌈

  1. Stage 1
    1. Patch memcmp - explained.re
    2. Infinite loop and open proc mem - author✏️
    3. LD_PRELOAD - @_graypanda, @xEHLE_, asuna amawaka
  2. Stage 2
    1. Debug - explained.re, @xEHLE_
    2. Static - author✏️
    3. LD_PRELOAD - @_graypanda, asuna amawaka
  3. Stage 3
    1. Solve bignum equation
      1. Python - explained.re, @_graypanda, @xEHLE_
      2. Wolfram Alpha - author✏️
      3. Java - asuna amawaka

11 - rabbithole 🐰

  1. Dynamic - explained.re, author✏️, @_graypanda, @xEHLE_

   

Links to all available write-ups

Updated on 2020-11-01
 flare-on
Back | Home