Tools

• BlobRunner
• HxD
• IDA
• x64dbg
• WireShark
• Online Disassembly
• IONinja
• Python

We received a capture network file named: re_crowd.pcapng.

Notice that there are number of records with PROPFIND:

I noticed the file is packed with UPX:

We received a packed TPK file that we can just unpack with 7zip. Inside the “bin” folder we had number of interesting DLLs, the one that was the most interesting was the “TKApp.dll”, so we analyzed it with dnSpy.

When I tried to open the report.xls file I received an error:

Tools to use:

• IDA
• x64dbg

When start the program, we received a game menu:

Tools to use:

• x64dbg
• HxD
• pestudio
• upx-3.96-win64
• IDA
• Python

When I tried to load the file to x64dbg I received a message that this is an invalid PE file:

We received the application binary file together with the python source code.

Tools to use:

• notepad++

When you start the application, you get:

This year I participated in Flare-On 7 (2020) and I wanted to share my thoughts about this great CTF.

Overview

The challenges were great this year, I learned a lot and they were pure reversing. For anyone wants to strength his reversing skills, flare-on is a great choice. This is like an intensive reversing course for six weeks that you will suffer and enjoy both together.

Solutions

I separated my solutions into different pages to make it more readable:

1. Challenge #1 - Fidler
2. Challenge #2 - garbage
3. Challenge #3 - wednseday
4. Challenge #4 - report
5. Challenge #5 - TKApp
6. Challenge #6 …