Vietnam
by AnandSaminathan
The Viet Cong in transmitting a secret message. They built a password checker so that only a selected few can view the secret message. We’ve recovered the binary, we need you to find out what they’re trying to say.
Files
Solution
On decompiling using Ghidra:
undefined8 main(void)
{
undefined *puVar1;
int iVar2;
int local_18;
int local_14;
char *local_10;
local_10 = (char *)malloc(0x400);
fgets(local_10,0x400,stdin);
setbuf(stdout,(char *)0x0);
while (puVar1 = sa, *local_10 != '\0') {
switch(*local_10) {
case '!':
tmp = sa;
sa = sb;
sb = sc;
sc = puVar1;
break;
case '$':
sa = sa + 1;
*sa = 1;
break;
case '+':
sa[-1] = *sa + sa[-1];
sa = sa + -1;
break;
case ',':
iVar2 = getchar();
*sa = (char)iVar2;
break;
case '-':
sa[-1] = sa[-1] - *sa;
sa = sa + -1;
break;
case '.':
puVar1 = str + 1;
*str = *sa;
str = puVar1;
break;
case '[':
if (*sa == '\0') {
local_14 = 1;
while (local_14 != 0) {
local_10 = local_10 + 1;
if (*local_10 == '[') {
local_14 = local_14 + 1;
}
else {
if (*local_10 == ']') {
local_14 = local_14 + -1;
}
}
}
}
break;
case ']':
if (*sa != '\0') {
local_18 = 1;
while (local_18 != 0) {
local_10 = local_10 + -1;
if (*local_10 == '[') {
local_18 = local_18 + -1;
}
else {
if (*local_10 == ']') {
local_18 = local_18 + 1;
}
}
}
}
}
local_10 = local_10 + 1;
}
str = STR;
iVar2 = strcmp(STR,"HELLO\n");
if (iVar2 == 0) {
puts(str);
system("cat flag.txt");
}
else {
puts("Failed.");
}
return 0;
}
Although there are a lot of cases, ,
and .
looks interesting. ,
takes a single character input (ivar2
) and .
appends ivar2
to the string STR
. After all this, if STR
is “HELLO\n”, the flag will be printed. So the flag can be obtained using the following input:
,.,.,.,.,.,.
HELLO
Flag
csictf{l00k_4t_th3_t0w3rs_0f_h4n01}