Nuit du Hack CTF Quals 2016 : Matriochka - Step 2
How to solve
I have extracted some decompiled code to collect the flag.
((flaglen + 1) * 0x2a == 0x1f8) // Length of flag is 12 cVar1 = **(char **)(argv + 8) cVar2 = *(char *)(*(long *)(argv + 8) + 3) cVar3 = **(char **)(argv + 8) cVar4 = *(char *)(*(long *)(argv + 8) + 6) cVar5 = *(char *)(*(long *)(argv + 8) + 5) (int)*(char *)(*(long *)(argv + 8) + 8) - (int)*(char *)(*(long *)(argv + 8) + 7) == 0xd && ((int)*(char *)(*(long *)(argv + 8) + 2) - (int)*(char *)(*(long *)(argv + 8) + 1) == 0xd && (*(char *)(*(long *)(argv + 8) + 4) == 'i' && (*(char *)(*(long *)(argv + 8) + 3) == *(char *)(*(long *)(argv + 8) + 9) && (*(char *)(*(long *)(argv + 8) + 1) + -0x11 == (int)**(char **)(argv + 8) && (*(char *)(*(long *)(argv + 8) + 1) == *(char *)(*(long *)(argv + 8) + 10) && (*(char *)(*(long *)(argv + 8) + 1) == *(char *)(*(long *)(argv + 8) + 7) && (long)cVar5 == flaglen * 9 + -4 && (cVar3 + 0x10 == cVar4 + -0x10 && (((int)cVar2 & 0x7fffffffU) == 100 && cVar1 == 'P')))
According to the information written above, we can calculate the flag.
ord()
and chr()
of Python is very useful on this procedure :)
Flag
Pandi_panda