Tag Archives: reverse-engineering

Flare-On 2015 #5

First we’ll check the PCAP to see what’s going on. We can see that there are a couple of HTTP packets so let’s filter for http: We can see that the last 4 bytes of each packet must be … Continue reading

Posted in Reverse Engineering | Tagged | Comments Off on Flare-On 2015 #5

Flare-On 2015 #4

Ok let’s start the sample first: Well, 2 +2 = 4, that’s right. Let’s have a look on the Imports: That’s not very much. Maybe it’s packed!? Let’s check it with ExeinfoPe: Seems to be packed with UPX. This … Continue reading

Posted in Reverse Engineering | Tagged | Comments Off on Flare-On 2015 #4

Flare-On 2015 #3

Starting the executable will result in a very nice picture but no real hint to start with. We can see that the file size of that executable is unsually big. Anyways, we’re doing some basic stuff like strings and let’s … Continue reading

Posted in Reverse Engineering | Tagged | Comments Off on Flare-On 2015 #3

Flare-On 2015 #2

Here we go again with my solution for challenge 2.

Again there is a little bit of XOR’ing and a little bit of bit-shifting. The function which is checking the password starts at address 401084 (see the screenshot). The loop … Continue reading

Posted in Reverse Engineering | Tagged , | Comments Off on Flare-On 2015 #2

Flare-On 2015 #1

Here we go again for the annual Fireeye Flare-On challenge. Unfortunately it started during my summer holidays so I did not have enough time to complete the whole challenge (I guess, I’m also not skilled enough but anyways..). Although the solutions are … Continue reading

Posted in Uncategorized | Tagged , | 1 Comment