Blog
->
CTF Writeups
->
Flare-on CTF 2025
->*

Challenge 1 ("Drill Baby Drill!")

Description

Welcome to the twelfth FLARE-On challenge!

Solve the challenge, submit the flag, unlock the next challenge. Repeat. All flags are in email address format ending in the @flare-on.com domain. All challenges are packaged with 7-zip using a password of 'flare'.

Writeup

We are given a 7-zip file with a small game written in python along with its source code.

I inspected the source code and saw a function called GenerateFlagText, which takes a number and uses it to xor-decrypt what seems to be the flag.

Without looking any further, I decided to just do the simplest thing I could:

>>> def GenerateFlagText(sum):
...     key = sum >> 8
...     encoded = "\xd0\xc7\xdf\xdb\xd4\xd0\xd4\xdc\xe3\xdb\xd1\xcd\x9f\xb5\xa7\xa7\xa0\xac\xa3\xb4\x88\xaf\xa6\xaa\xbe\xa8\xe3\xa0\xbe\xff\xb1\xbc\xb9"
...     plaintext = []
...     for i in range(0, len(encoded)):
...         plaintext.append(chr(ord(encoded[i]) ^ (key+i)))
...     return ''.join(plaintext)
... 
>>> g = (GenerateFlagText(x) for x in range(100000))
>>> next(x for x in g if 'flare-on.com' in x)
'drilling_for_teddies@flare-on.com'

Flag

drilling_for_teddies@flare-on.com