FLARE-On is an annual contest that was started in 2014 for reverse engineers and hackers to test their skills.
Members of the FLARE team (FireEye Labs Advanced Reverse Engineering) design each of the challenges often
targeting different skill-sets commonly required in the fields of malware analysis and security testing.
The exact number of challenges is kept a secret until the very end, unless of course you finish them
all before the deadline, as each successfully completed challenge reveals a secret e-mail address that, when
e-mailed, provides you with the details on how to proceed. The challenges are also known as crackme's:
applications designed to be cracked for educational purposes. The challenges generally increase in difficulty
as you advance through the contest.
The 2015 contest was comprised of 11 challenges and ran for 42 days between July 28, 2015 8:00pm thru September
8, 2015 8:00pm (Eastern Daylight Time). I first heard of FLARE shortly after the 2015 contest began when a good
friend of mine was describing his progress into the first few challenges.
As stated on the FLARE-On.com website, the rules are:
It's simple: Analyze the sample, find the key.
Each key is an email address. Send an email to the address for the next puzzle.
Complete all the puzzles and win a prize.
As I was doing the challenges, I took notes so I could create these tutorials at a later time, so here they are.
Ultimately I lost a month and a half of my life and want to have something to show for it!
Hopefully these will help others who are interested in the field of reverse engineering, security testing, malware analysis,
To begin the challenge, you needed to visit FLARE-On website
inside a browser! From here, you could navigate to the different "directiories" and read the instructions using
the "ls" command which ultimately exposed the download link that started challenge #1. Although all of the
challenges ran primarily as 32-bit applications for the Windows platform (with exception of
Android challenge #6) I found it odd that the inital download was a 64-bit executable requiring a 64-bit version of Windows to get
started. This initial EXE's purpose was to to show the EULA and extract the first challenge. The act of
completing that first challenge is what officially enrolled your originating e-mail address as a contestant.
With exception of the initial download containing challenge #1, the other challenges were password protected ZIP
files whose name was the uppercase MD5 hash of the ZIP archive itself. I would have preferred the MD5 hash of
the file contained within the ZIP, but who'se complaining? The password for each ZIP was always "flare". Each
extracted challenge was single file with a funny name (see parens below) and no extension. The exceptions to
this were challenge #6 (where the file was an Android .APK app) and challenge #5 which contained an extra file.
Part of the exercise was determining what type of file you were dealing with.
I made it to the last Challenge (#11), but I didn't get it solved before the contest deadline.
Despite coming so close, it was a truly rewarding experience and well worth the effort. Below are
screenshots of FLARE's follow-up article with the results on September 8, 2015.