Hi friend, this year is my third year following Flare-on and is the first time i managed to solve all the challenges. I finished at 276th place as can be seen here. For those of you who don’t know what Flare-On is, you can read it here, is an annual reverse engineering CTF by Mandiant (formerly by FireEye). I’m not going to make write-up for challenge 1 because i don’t think it’s needed, so let’s jump to challenge 2.

[ Ransomware ] # The goal of ransomware is to encrypt files; fortunately, ransomware developers often ignore the #1 rule of crypto (never roll your own crypto). As a result, it is sometimes possible to recover encrypted files without paying the ransom. These challenges are designed to test your ability to recover ransomware encrypted data. Ransomware1 # Description: The administrator for FlagCorp was using an outdated Windows 7 system and got infected with some ransomware.

[ De-virtualization ] # Sometimes malware attempts to hinder reverse engineering by implementing a virtual machine which runs custom bytecode. These challenges are designed to test your ability to reverse engineer & manipulate custom bytecode. VM1 # Description: vm1.exe implements a simple 8-bit virtual machine (VM) to try and stop reverse engineers from retrieving the flag. The VM’s RAM contains the encrypted flag and some bytecode to decrypt it.

[ Shellcode ] # Position independent code (AKA Shellcode) is assembly code which can simply be copied to a memory location and run. Due to the lack of need for complex loading & initialization, it is popular for many tasks such as code injection. These challenges are designed to test your ability to reverse engineer malware shellcode. Shellcode2 # Hi, now we are given a PE file named shellcode2.

[ Shellcode ] # Position independent code (AKA Shellcode) is assembly code which can simply be copied to a memory location and run. Due to the lack of need for complex loading & initialization, it is popular for many tasks such as code injection. These challenges are designed to test your ability to reverse engineer malware shellcode. Shellcode1 # Hello friend, in this challenge we are given a PE file named shellcode1.