# DREAMHACK ## rev-basic-3 #### Initial Analysis We were given an exe file to analyze. My first step to use Detect It Easy tool to check which language it was compiled in. Can you see it compiled by c/c++ language.  So I used the IDA tool to analyze that exe file, Press F5 to gen C code: ```c=1 int __fastcall main(int argc, const char **argv, const char **envp) { char v4[256]; // [rsp+20h] [rbp-118h] BYREF memset(v4, 0, sizeof(v4)); sub_1400011B0("Input : ", argv, envp); sub_140001210("%256s", v4); if ( (unsigned int)sub_140001000(v4) ) puts("Correct"); else puts("Wrong"); return 0; } ``` * The input is the value entered from the keyboard, which is then assigned to the string variable `v4` * Our task is to find the original v4 string, as it is the flag we need to retrieve. Inside the sub_140001000() function: ```c=1 __int64 __fastcall sub_140001000(__int64 a1) { int i; // [rsp+0h] [rbp-18h] for ( i = 0; (unsigned __int64)i < 0x18; ++i ) { if ( byte_140003000[i] != (i ^ *(unsigned __int8 *)(a1 + i)) + 2 * i ) return 0LL; } return 1LL; } ``` * The original variable v4 is now the parameter a1 of this function. * This function performs an XOR operation on each element of the flag and then compares the result with the string stored in the variable byte_140003000(). * Decrypt the encrypted data and perform a reverse translation.  #### SOLVE This is a python script to solve it: ```python=1 enc = bytes([ 0x49, 0x60, 0x67, 0x74, 0x63, 0x67, 0x42, 0x66, 0x80, 0x78, 0x69, 0x69, 0x7B, 0x99, 0x6D, 0x88, 0x68, 0x94, 0x9F, 0x8D, 0x4D, 0xA5, 0x9D, 0x45 ]) for i in range(0,24): print(chr((enc[i] - 2*i) ^ i), end="") #I_am_X0_xo_Xor_eXcit1ng ```