Flare-On is a reverse engineering challenge set created by FireEye. The tasks include executables for Linux, Windows, Android, and Arduino. I was to complete 11 of 12 tasks, only 5.7% of participates completed 11 tasks.


Reversing coolprogram.exe, Flare-on Challenge 12 Part 1

For this challenge we were given an executable coolprogram.exe, and a network capture of suspicious traffic. I was not able to finish this one during the competition, so I have been working on it to learn more about reversing. The farthest I got was to pull the encrypted secondstage from the pcap, and to see coolprogram.exe call out to a suspicious URL. I was also able to learn that coolprogram checks the registry for different keys, and was written in Delphi.

Read More

Reversing Covfefe.exe, Flare-on Challenge 11

Reversing the binary of 11 was easy, but it wasn’t meant to be hard. The difficult part was reversing the VM code that the binary runs. When implementing the VM I made a mistake in the code that caused me problems trying to sort out. When it checks the index at each loop I had “index < end”, when it should have been “index <= end”. This caused it to end prematurely.

Read More