Day 2: Gift Wrapping

challenge description

The elves won't let you into their secret hideout without the password. 
Luckily, they've given it to you as a gift! But it seems to be wrapped up tight...

Poking around

We are provided with a binary that looked innocent. It asks for a magic word. Let's decompile it using Ghidra.

However, it seems gibberish! Looking at strings, we see it is packed using UPX. We can unpack it using upx tool.

Decompiling it with Ghidra this time shows much better results.

  printf("What\'s the magic word? ");
  __isoc99_scanf("%256s",&local_118);
  for (local_11c = 0; local_11c < 0x100; local_11c = local_11c + 1) {
    *(byte *)((long)&local_118 + (long)(int)local_11c) =
         *(byte *)((long)&local_118 + (long)(int)local_11c) ^ 0xf3;
  }
  iVar1 = thunk_FUN_004010e6(CHECK,&local_118,0x17);
  if (iVar1 == 0) {
    puts("Welcome inside...");
  }
  else {
    puts("Wrong password! Who are you?!?");
  }

It simply XORs each entered character with 0xf3 and check the final String with the bytes stored in CHECK.

Obtaining the bytes in CHECK, we can reverse and get back the flag.

solve.py
CHECK = [0xbb, 0xa7, 0xb1, 0x88, 0x86, 0x83, 0x8b, 0xac, 0xc7, 0xc2, 0x9d, 0x87, 0xac, 0xc6, 0xc3, 0xac, 0x9b, 0xc7, 0x81, 0x97, 0xd2, 0xd2, 0x8e]

flag = ''
for i in CHECK:
    rev = i ^ 0xf3
    flag += chr(rev)

print(flag)

Flag

HTB{upx_41nt_50_h4rd!!}

Day 2: Gift Wrapping

Poking around​

Flag​

Poking around

Flag