Loading up the binary in IDA, we can see the program asks us to enter a key to continue, after which it calls a function
verify_key on the input given.
verify_key checks if the input is between 9 and 64 chars, otherwise it exits. We can see the function
enc is called on the input string, and after the function runs, the returned value is compared to the string
[OIonU2_<__nK<KsK. If they are equal, we’ll get the flag.
enc, we can see a 64 elements array initialised with
malloc, the length of the input string is stored in a variable, and a counter variable is initialised to 0.
We can then see a loop until the counter reaches the same value as the input string length. The loop performs the following opperations:
So, the value of
arr has to be equal to
[OIonU2_<__nK<KsK at the end of the
My solution was to write a script that would compute the value of the input string
s and it dealt with the
mod operation by computing 1000 (tweaked the program a bit while settling on this number) values the expression
((s[cnt] + 12) * v72 + 17) could have had. Not perfect, but quick and dirty.
What you get is a dictionary of possible values each character of the input could take:
And you can pick what your input should be. I chose
G4ZxS09_7009_G26 after verifying a couple of options with GDB.