Commit e2bc5a08 authored by Giovanni's avatar Giovanni 🖥

plaid ctf 2020 reee writeup

parent fdbafe40
Pipeline #137909948 passed with stages
in 29 seconds
This diff is collapsed.
from z3 import *
data = [
0x48, 0x5f, 0x36, 0x35, 0x35, 0x25, 0x14, 0x2c, 0x1d, 0x01, 0x03, 0x2d,
0x0c, 0x6f, 0x35, 0x61, 0x7e, 0x34, 0x0a, 0x44, 0x24, 0x2c, 0x4a, 0x46,
0x19, 0x59, 0x5b, 0x0e, 0x78, 0x74, 0x29, 0x13, 0x2c
]
flag = [BitVec(f'{i:2}', 8) for i in range(len(data))]
s = Solver()
for f in flag:
s.add(f > 0x20, f <= 0x7f)
bVar4 = 0x50
indx = 0
while (indx < 0x539):
index = 0
while (index < len(flag)):
flag[index] = flag[index] ^ bVar4
bVar4 = bVar4 ^ flag[index]
index = index + 1
indx += 1
for f, d in zip(flag, data):
s.add(f == d)
print(s.check())
m = s.model()
model = sorted([(d, m[d]) for d in m], key = lambda x: str(x[0]))
for m in model:
print(chr(m[1].as_long()), end='')
print()
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment