Challenge Overview
The binary checks a flag using a simple byte-wise NOT comparison.
First, xmmword_2240 is loaded from the .rodata segment into v8.
Then, starting from v8[12], xmmword_2250 is loaded, so the two values overlap.
Note: .rodata is a segment where all constant data is stored
So we have:
Copy xmmword_2240 = 0A0CA96A0CA9697C884B9ABBC9E8B9AB2
xmmword_2250 = 8286CB88A0CC978BA08BCF91A0CA96A0 They overlap , and the final buffer becomes:
Copy 0A0CA96A0CA9697C884B9ABB8286CB88A0CC978BA08BCF91A0CA96A0 This is our final v8 buffer .
After that, some random-related code is executed, but it has no relevance to the actual reverse engineering logic.
The function uses fgets() to read the input string s, which represents the flag .
The trailing newline \n is removed .
Then v4 is set to the length of s.
If the length is not exactly 28, the check fails immediately .
v5 is initialized as a pointer to s.
Verification Logic
Inside the for loop :
At each iteration , the following condition is checked:
This comparison happens directly in the for condition.
If all bytes satisfy this condition , the loop continues without breaking .
Inside the loop , ++v5 advances the pointer through s.
When v5 reaches &v10, the condition becomes true .
Since v10 is declared immediately after s on the stack , reaching &v10 means the end of the string was reached successfully.
At that point, all bytes were verified correctly and the solution is accepted.
If the loop completes fully and v5 reaches v10, it means the entire string passed the NOT comparison and the flag is correct .
The reasoning and logic of the reverse are correct.
made by k0d
