One of our team members developed a Flare-On challenge but accidentally deleted it. We recovered it using extreme digital forensic techniques but it seems to be corrupted. We would fix it but we are too busy solving today’s most important information security threats affecting our global economy. You should be able to get it working again, reverse engineer it, and acquire the flag.

The challenge provides a corrupted PE file, trying to opening it with some tools will lead to a crash of them. The goal of the challenge was to reconstruct the PE and run it to obtain the flag.

I decided to open the file with 010Editor to check what was corrupted. The first thing I noticed is that it is a UPX packed executable, then I noticed that something at the end was missing.

The first thing I made was to unpack the file using a UpxUnpacker, then I adjusted some metadata (i.e. Imports) using CFF Explorer and finally ran it using wine to find the flag!

C0rruptGarbag3@flare-on.com