<-- BYTE* Articles Index / FLARE-On Challenge 2015 / 2nd Annual Contest Tutorials 
FLARE-On Challenge 2015 / 2nd Annual Contest Tutorials

What is the FLARE-On Challenge?

FLARE-On is an annual contest that was started in 2014 for reverse engineers and hackers to test their skills. Members of the FLARE team (FireEye Labs Advanced Reverse Engineering) design each of the challenges often targeting different skill-sets commonly required in the fields of malware analysis and security testing. The exact number of challenges is kept a secret until the very end, unless of course you finish them all before the deadline, as each successfully completed challenge reveals a secret e-mail address that, when e-mailed, provides you with the details on how to proceed. The challenges are also known as crackme's: applications designed to be cracked for educational purposes. The challenges generally increase in difficulty as you advance through the contest.

The 2015 contest was comprised of 11 challenges and ran for 42 days between July 28, 2015 8:00pm thru September 8, 2015 8:00pm (Eastern Daylight Time). I first heard of FLARE shortly after the 2015 contest began when a good friend of mine was describing his progress into the first few challenges.

As stated on the FLARE-On.com website, the rules are:
It's simple: Analyze the sample, find the key.
Each key is an email address. Send an email to the address for the next puzzle.
Complete all the puzzles and win a prize.
As I was doing the challenges, I took notes so I could create these tutorials at a later time, so here they are. Ultimately I lost a month and a half of my life and want to have something to show for it! Hopefully these will help others who are interested in the field of reverse engineering, security testing, malware analysis, hacking, etc.

To begin the challenge, you needed to visit FLARE-On website and use a trimmed-down JavaScript `nix shell simulation. It was quite creative to have a command line running inside a browser! From here, you could navigate to the different "directiories" and read the instructions using the "ls" command which ultimately exposed the download link that started challenge #1. Although all of the challenges ran primarily as 32-bit applications for the Windows platform (with exception of Android challenge #6) I found it odd that the inital download was a 64-bit executable requiring a 64-bit version of Windows to get started. This initial EXE's purpose was to to show the EULA and extract the first challenge. The act of completing that first challenge is what officially enrolled your originating e-mail address as a contestant.

With exception of the initial download containing challenge #1, the other challenges were password protected ZIP files whose name was the uppercase MD5 hash of the ZIP archive itself. I would have preferred the MD5 hash of the file contained within the ZIP, but who'se complaining? The password for each ZIP was always "flare". Each extracted challenge was single file with a funny name (see parens below) and no extension. The exceptions to this were challenge #6 (where the file was an Android .APK app) and challenge #5 which contained an extra file. Part of the exercise was determining what type of file you were dealing with.

Finally, here are the challenges:

Challenge #1 (i_am_happy_you_are_to_playing_the_flareon_challenge)
Challenge #2 (very_success)
Challenge #3 (elfie)
Challenge #4 (youPecks)
Challenge #5 (sender, challenge.pcap)
Challenge #6 (android.apk)
Challenge #7 (YUSoMeta)
Challenge #8 (gdssagh)
Challenge #9 (you_are_very_good_at_this)
Challenge #10 (loader)
Challenge #11 (cryptograph)
   FLARE-On 2015 Kickoff Announcement

FLARE-On 2015 Website

I made it to the last Challenge (#11), but I didn't get it solved before the contest deadline. Despite coming so close, it was a truly rewarding experience and well worth the effort. Below are screenshots of FLARE's follow-up article with the results on September 8, 2015.

FLARE-On 2015 Results part 1
FLARE-On 2015 Results part 2