What does the scouter say about their power level?

Micro hashes for micro blaze

Attached are serial captures of two different uploads to an embedded device.

We have a very safe core with a very safe enclave.

Attached is a forensics capture of an HMI (human machine interface) containing scheduled tasks, registry hives, and user profile of an operator account.

Where do you come from?

Tree in the forest

Should be a baby ROP challenge. Just need to follow directions and get first flag.

What kind of crackme doesn’t even ask for the password? We need to work on our COMmunication skills.

Expect difficulty running this one. I suggest investigating why each error is occuring. Or not, whatever. You do you.

Here at Reynholm Industries we pride ourselves on everything. It’s not easy to admit, but recently one of our most valuable servers was breached. We don’t believe in host monitoring so all we have is a network packet capture. We need you to investigate and determine what data was extracted from the server, if any.

Reverse engineer this little compiled script to figure out what you need to do to make it give you the flag (as a QR code).

This is the mobile device challenge for 2020 and features a pedometer app for the Tizen operating system.

Nobody likes analysing infected documents, but it pays the bills. Reverse this macro thrill-ride to discover how to get it to show you the key.

Unlike challenge 1, you probably won’t be able to beat this game the old fashioned way.

One of our team members developed a Flare-On challenge but accidentally deleted it. We recovered it using extreme digital forensic techniques but it seems to be corrupted.

This is a simple game. Win it by any means necessary and the victory screen will reveal the flag.

We’ve uncovered a strange device listening on a port I’ve connected you to on our satellite. At one point one of our engineers captured the firmware from it but says he saw it get patched recently. We’ve tried to communicate with it a couple times, and it seems to expect a hex-encoded string of bytes, but all it has ever sent back is complaints about cookies, or something. See if you can pull any valuable information from the device and the cookies we bought to bribe the device are yours!

The webpage for this challenge contains five textareas, each holding a snippet of assembly code for a different architecture.

We extracted the DRM module from a target device but haven’t been able to reverse engineer its validation logic.

We found the encryptor but it won’t decrypt encrypted?

We intercepted some foreign documents. We think there’s interesting information inside but the file is protected with a unique password algorithm

Upload a 64-bit ELF shared object of size at most 1024 bytes. It should spawn a shell when loaded using LD_PRELOAD

We are provided with a server that implements a custom protocol and a packet capture of the protocol being used.

For this challenge we start off with a program which is aptly named broken as it segfaults when run.