Writeup for Baby Reeee (Rev) - Social Engineering Experts CTF (2022) 💜
Video Walkthrough
Description
You've never seen a flagchecker this helpful.
Solution
from pwn import*# This will automatically get context arch, bits, os etcelf = context.binary =ELF('./chall', checksec=False)context.log_level ='debug'# Encoded flag from .data section (offset found in GDB)raw_flag =str(elf.data[0x20f0:(0x20f0+ (52*4))].hex())# Each byte of flag stored in 4 byte, so remove 3 bytes of paddingenc_flag =unhex(raw_flag.replace('000000', ''))dec_flag =''for i, enc_char inenumerate(enc_flag):# XOR current encrypted char with loop counter, then subtract 69 dec_char =chr(int.from_bytes(xor(enc_char, i), 'little') -69)debug(dec_char) dec_flag += dec_charinfo(dec_flag)# Print flag
