2016 Flare-On Challenge Solutions

I would like to thank the challenge authors this year:

  1. Alexander Rich
  2. Matt Williams (@0xmwilliams)
  3. Dominik Weber
  4. James T. Bennett (@jtbennettjr)
  5. Tyler Dean
  6. Josh Homan
  7. Alex Berry
  8. Nick
    Harbour (@nickharbour)
  9. Jon Erickson (@2130706433)
  10. FireEye Labs Advanced Vulnerability Analysis Team (FLAVA)

The most noticeable change this year in the Flare-On format was a
welcomed move away from the email backend system to an interactive
framework based on CTFd. As a result of this change, we have much
improved metrics on active players and solutions, and for the first
time in Flare-On challenge history: 100 percent uptime. Let’s look at
how the challenge went.

By all accounts this was the hardest Flare-On challenge yet, with
Challenge 10 holding the dubious title of hardest challenge in
Flare-On history and hopefully keeping that title for all time. This
year’s first challenge was also significantly more difficult than last
year’s first challenge, which was a simple single-byte XOR loop. As a
result of this increase in difficulty, the number of people who solved
the first challenge dropped by more than 40 percent from last year.

The international appeal of the Flare-On challenge was as strong as
ever this year, with less than 14 percent of finishers coming from the
United States. Outside of the U.S., Vietnam saw the most finishers
with 13, a Flare-On international record, and Singapore more than
doubled its finishers from last year, putting them at a solid 9
finishers. A total of 38 countries were represented in the finishers
this year, up from 33 last year. Congratulations all around!

All the binaries from this year’s challenge are now posted on flare-on.com.
And here are the solutions written by each challenge author:

  1. SOLUTION
    1
  2. SOLUTION
    2
  3. SOLUTION
    3
  4. SOLUTION
    4
  5. SOLUTION
    5
  6. SOLUTION
    6
  7. SOLUTION
    7
  8. SOLUTION
    8
  9. SOLUTION
    9
  10. SOLUTION
    10

This is a Security Bloggers Network syndicated blog post authored by Nick Harbour. Read the original post at: Threat Research Blog