simple-go
Unbreakable Romania 2025
Category
Reverse Engineering
Difficulty
Easy
Challenge Overview
This challenge consists of reversing the file that we're given and get the flag.
As we analyze it using file chall command, we see that we have to deal with a Mach-O ARM64.
I immediately tried to decompile it using IDA Pro, and was a bit tricky. I figure it out that
it wasn't only about decompile it then press F5 to see the pseudocode view, but also to look for a
useful function. "main.getFlag" catch my eyes so I analyzed it
There are a lot of variables but the idea is that this algorithm XOR that values with a fixed key.
Firstly, in the main loop *(&v6 + i) reads consecutive bytes starting from v6.
The key is deduced from here:
*((_BYTE *)&v4 + v2)
but what's the value of v2?
v2 = i - 6 * ((__int64)(((unsigned __int128)((__int64)0xAAAAAAAAAAAAAAABLL * (__int128)i) >> 64) + i) >> 2);
It seems so complicated but after searching how it compiles it simply means:
v2 = i % 6
So, we're starting from v4 (14099 - 2 bytes) and go forwad 6 bytes , so we're reaching the end of v5 (-272716322 - 4 bytes), then the v2 resets (cuz v2 = i % 6)
It means that the key is v4 combined with v5, in HEX
v4 = 14099 (DEC) = 3713 (HEX) = 13 37 (HEX - LITTLE ENDIAN)
v5 = -272716322 (DEC) = EFBEADDE (HEX SIGNED 2'S COMPLEMENT - for negative numbers) = DE AD BE EF (HEX - LITTLE ENDIAN)
Note: Use https://www.rapidtables.com/convert/number/decimal-to-hex.html to calculate these values.
Key (v4, v5 combined) is: 13 37 DE AD BE EF
We can either use CyberChef or make a Python Script but I preffer the first option.
Note: Don't forget to swap the given values to little-endian.
Final flag
CTF{608a7a08146a334aad37d4c751b01b854ee1e42e8254d3a0048c639d1ddf9e89}
made by k0d
Last updated