In 2014 the inaugural FLARE On presented seven challenges. As a finisher, you can read my write-up here. Each participant has a different take on the challenges. Each person has different methods, skills, and strengths. Mine are forged by years of forensics, log analysis, and working a mission where results are required regardless of ability, training, or excuses. At the end of this post I've linked to other write-ups that I've seen.
Let's begin by setting a level of expectation. You are reading a blog named GhettoForensics. The ultimate goal of Ghetto Forensics is to get by with whatever tools and knowledge you have to complete a mission. You will not find first-rate techniques and solutions here. In fact, when presented with multiple options, I often went out of my way to choose to worst, most cringe-worthy option available. For the lulz, and to show that you don't need advanced reverse engineering training and experience to survive the industry. I hope you enjoy.
For simplicity sake, unless necessary all IDA output will be as decompiled.
Without further ado.
Flare-On!
Challenge #1
Let's roll up our sleeves and ... oh, nevermind, there's the routine.
The routine takes a given email address through ReadFile(), XOR's
it by 0x7D, and compares it to an embedded value. So, just find
that value in the executable with WinHex (one of my favorite
tools) and XOR it there to get the answer. WinHex lets you just
highlight text and do basic on-the-fly modification (rotate,
addition, subtraction, XOR, etc).
bunny_sl0pe@flare-on.com