Hello
This challenge is a little bit hard but you can do it.
I started by unzipping the file and I got two output: getme & dunnoWhatIAm. I analyzed the files and I got a price by running “strings getme”.
After taking time in static analysis, I decided to use Ghidra tool. I opened the getme file and started analyzing again.
By going to the functions in the system tree (left panel), I got many memory addresses as shown in figure 2, these addresses encouraged me to go and see what inside them.
Figure 3 does not show the full code
so I copied it here
while (local_c < 0x16) {
auStack200[local_c] = local_68[local_c] ^ 0x29a;
printf(“%x”,(ulong)auStack200[local_c]);
local_c = local_c + 1;
}
By reading it, it gave me three valuable information:
1- does not want the address to exceed 0x16
2- take the address and ^0x29
3- print it
that helped me when I wrote my python script, I took all the memory addresses values and put it in an array. Then I wrote a loop to take each address and ^0x29a (as written in the file and analyzed above). Finally I converted to character by chr.
I ran the script and I got a worried result :)
After searching, I figured that the flag is written in a Caesar Cipher, so I have to convert it. I found this website for encoding/decoding
and the flag will appear
