2016 Flare-On Challenge Solutions
We are pleased to announce the conclusion of the third Flare-On challenge. This year’s prize is a police-style badge that is still in production, but we can share with you this teaser outline. All 124 winners of this year’s challenge will receive one (as of 10am Eastern). This year we had fantastic participation with a total of 2,063 players!
I would like to thank the challenge authors this year:
- Alexander Rich
- Matt Williams (@0xmwilliams)
- Dominik Weber
- James T. Bennett (@jtbennettjr)
- Tyler Dean
- Josh Homan
- Alex Berry
- Nick Harbour (@nickharbour)
- Jon Erickson (@2130706433)
- FireEye Labs Advanced Vulnerability Analysis Team (FLAVA)
The most noticeable change this year in the Flare-On format was a welcomed move away from the email backend system to an interactive framework based on CTFd. As a result of this change, we have much improved metrics on active players and solutions, and for the first time in Flare-On challenge history: 100 percent uptime. Let’s look at how the challenge went.
By all accounts this was the hardest Flare-On challenge yet, with Challenge 10 holding the dubious title of hardest challenge in Flare-On history and hopefully keeping that title for all time. This year’s first challenge was also significantly more difficult than last year’s first challenge, which was a simple single-byte XOR loop. As a result of this increase in difficulty, the number of people who solved the first challenge dropped by more than 40 percent from last year.
The international appeal of the Flare-On challenge was as strong as ever this year, with less than 14 percent of finishers coming from the United States. Outside of the U.S., Vietnam saw the most finishers with 13, a Flare-On international record, and Singapore more than doubled its finishers from last year, putting them at a solid 9 finishers. A total of 38 countries were represented in the finishers this year, up from 33 last year. Congratulations all around!
All the binaries from this year’s challenge are now posted on flare-on.com. And here are the solutions written by each challenge author: