# [EN] Rev C 2 ###### tags:`Writeup` `Reverse` `English` > [name=FlyDragon] ## Step.1 By observing `output.txt` and executing the code, it can be inferred that the program `flag.exe` will output the flag after shuffling it. ## Step.2 By examining `main()` using Ghidra, it can be discovered that this program reads in the contents of `flag.txt` and outputs them after performing specific swaps in a particular order.   order = [5, 13, 0, 12, 1, 16, 3, 2, 8, 7, 15, 4, 6, 17, 11, 10, 9] The for loop's condition is `local_20 < 0x12`, but the length of `order[]` is only 0x11 (missing 14). So, add an extra zero at the end. order = [5, 13, 0, 12, 1, 16, 3, 2, 8, 7, 15, 4, 6, 17, 11, 10, 9, 0] ## Step.3 Writing a program to reverse the swap order and obtain the flag ```py= output = list("4_e_foyeXE__ouryCs") order = [5, 13, 0, 12, 1, 16, 3, 2, 8, 7, 15, 4, 6, 17, 11, 10, 9, 0] for i in reversed(range(len(order))): temp = output[i] output[i] = output[order[i]] output[order[i]] = temp print("".join(output)) ``` {%hackmd M1bgOPoiQbmM0JRHWaYA1g %}