Flare-On 7 – Task 10

This year’s FlareOn was very interesting. I managed to finish it with 87th place. In this small series I will describe my favorite tasks, and how I solved them. I hope to provide some educational value for others, so this post is intended to be beginner-friendly.

My writeup to the previous task can be found here.


In this task we are provided with the following package (password: flare). It contains a 32 bit ELF (break), and a description that says:

As a reward for making it this far in Flare-On, we've decided to give you a break. Welcome to the land of sunshine and rainbows!

No hints this time, only trolling! And this is what we must get used to while doing this task that turns out far from the promised easy. Yet, it is full of red herrings and false hints…

This challenge is the most interesting crackme I ever encounter. Yet, it is very exhausting. In is in reality, it is more like 3 tasks in one. Instead of searching for one flag, we need to collect 3 different fragments of it. Each of them is protected by a different cipher that we need to break. But this is not the only challenge! Even to make sense of the code is going to be difficult – the flow is protected using some sort of nanomites – at least the first two layers. Functionality-wise, each layer is a bit different. Even to find where is the code that we need to analyze, may be a challenge itself (stage 3 is a shellcode, that is loaded to the main application by an overflow, that is exploited by the crackme itself).

Walk-through my solutions for particular parts:

Thanks to everyone who gave me hints during this long journey!

About hasherezade

Programmer and researcher, interested in InfoSec.
This entry was posted in CrackMe and tagged , . Bookmark the permalink.

1 Response to Flare-On 7 – Task 10

  1. 0xstan says:

    Great write-up !

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s