Try   HackMD

[EN] Rev C 2

tags:Writeup Reverse English

FlyDragon

Step.1

By observing output.txt and executing the code, it can be inferred that the program flag.exe will output the flag after shuffling it.

Step.2

By examining main() using Ghidra, it can be discovered that this program reads in the contents of flag.txt and outputs them after performing specific swaps in a particular order.

Image Not Showing Possible Reasons
  • The image file may be corrupted
  • The server hosting the image is unavailable
  • The image path is incorrect
  • The image format is not supported
Learn More →

Image Not Showing Possible Reasons
  • The image file may be corrupted
  • The server hosting the image is unavailable
  • The image path is incorrect
  • The image format is not supported
Learn More →

order = [5, 13, 0, 12, 1, 16, 3, 2, 8, 7, 15, 4, 6, 17, 11, 10, 9]

The for loop's condition is local_20 < 0x12, but the length of order[] is only 0x11 (missing 14). So, add an extra zero at the end.

order = [5, 13, 0, 12, 1, 16, 3, 2, 8, 7, 15, 4, 6, 17, 11, 10, 9, 0]

Step.3

Writing a program to reverse the swap order and obtain the flag










output = list("4_e_foyeXE__ouryCs")
order = [5, 13, 0, 12, 1, 16, 3, 2, 8, 7, 15, 4, 6, 17, 11, 10, 9, 0]

for i in reversed(range(len(order))):
    temp = output[i]
    output[i] = output[order[i]]
    output[order[i]] = temp

print("".join(output))
Last changed by 
LoTuX CTF
0
321

Read more

[CH] Cookie Stealer

[name=FlyDragon]

May 28, 2025
[EN] Cookie Stealer

[name=FlyDragon]

May 28, 2025
LoTuX CTF 投稿說明

在 LoTuX 平台上取得 2000 分以上

Apr 4, 2025
[CH] Rev C 2

[name=FlyDragon] Step.1 觀察 output.txt 以及執行程式碼 可猜測 flag.exe 會將flag打亂後輸出 Step.2 使用ghidra查看 main() 可以發現這個程式會讀入flag.txt、照特定的順序交換後輸出

Nov 1, 2023
Read more from LoTuX CTF
Published on HackMD