This challenge is similar to the first intro rev challenge, but the password is not stored as plaintext anymore. The decompiled
int main(int argc, const char **argv, const char **envp)
{
char buf[40];
int v5;
int i;
initialize_flag(argc, argv, envp);
puts("Give me your password: ");
v5 = read(0, buf, 0x1Fu);
buf[v5 - 1] = 0;
for (i = 0; i < v5 - 1; ++i)
buf[i] -= 119;
if (!strcmp(buf, &s2))
{
puts("Thats the right password!");
printf("Flag: %s", flagBuffer);
}
else
{
puts("Thats not the password!");
}
return 0;
}
The program subtracts
The encoded bytes are:
s2 = bytes([
0x02, 0xea, 0x02, 0xe8, 0xfc, 0xfd, 0xbd, 0xfd, 0xf2,
0xec, 0xe8, 0xfd, 0xfb, 0xea, 0xf7, 0xfc, 0xef, 0xb9,
0xfb, 0xf6, 0xea, 0xfd, 0xf2, 0xf8, 0xf7,
])
password = bytes((b + 119) % 256 for b in s2)
print(password.decode())
This prints:
yay_st4tic_transf0rmation
Sending this password to the remote service gives us the flag:
ncat --ssl-verify sgmdmni23f3b2zqmjrzqqisrna-1024-intro-rev-2.challenge.cscg.live 443
Give me your password:
yay_st4tic_transf0rmation
Thats the right password!
Flag: CSCG{y0u_just_r3versed_a_st4tic_transf0rmation!}