I have participated VolgaCTF2024 with HKUSTFirebird and we achieve 5th in total and 3rd in foreign teams. Due to the extremely little challenges in this CTF, I have only solved one challenge with Ivan, he is bigbig! ( please consider give both of us the attendance ), this chal is done in vc so maybe helpers cant gather much information about the contribution. So I will try to write as details as possible and pleaseeeeeeee! consider give an exception on this CTF since out whole team only solved 9 chals and there are only 14 chals (without feedback) at total.... Ivan's writeup on this chal: https://hackmd.io/@ivanwong13768/HyT1pguJR I recommend you read bigbig's writeup first to have better reading experience. **Zeliard Tales** I start this challenge earlier than Ivan but I failed to discover the flag format. (In fact I cant even open the exe LOL) since it is about a tale and the description hint us that we are going to save the princess. > Uncover the secrets of the world of Zeliard and save Felicia! > So my initial thought is to strings the exe file and to look at the ending of the game. I saw a lot of chat dialog between characters but since I thought our goal is to defeat the final boss to save the princess, the flag related should be locate at the end also. However, when I strings the ZELIARD.exe, the following show up. > _^Yt > _^Yt > cga2 > mcga > mscmt.drv > yesno > The Fantasy Action Game ZELIARD Version 1.208 > Copyright (C) 1987 ~ 1990 Game Arts Co.,Ltd. > Copyright (C) 1990 Sierra On-Line, Inc. > $Not supported command ! > $Special mode !! > $Not enough memory to run 'ZELIARD'. > $Memory error !!! > $$Don't you STEAL THIS! > $File Error from $ Error Type : $File not found.$DISK read Error!!$USER file nothing.$Error in RESOURCE.CFG > $000102030405060708090A0B0C0D0E0FRESOURCE.CFG > MTINIT.COM > stick.bin > gmega.bin > gmcga.bin > gmhgc.bin > gmmcga.bin > gmtga.bin > game.bin > Though, the thing I do next is immediately run `stings *`. It works lol > lici > you > the > ht o > piri > the > wn." > The Duke answered quickly, as if to head off the next words of Princess Felicia. > For if he heard those words, he might not be able to leave, as he knew he must. > He turned and walked away... > n't > go, > ... and did not look back. > Duke Garland left the castle, and he felt as if his heart might break. > As she watched him go, Princess Felicia said to herself, > "He will return. > The road to his destiny, began here, and it shall end here." > "When his work in the world is done, he'll come back to me. > Until then, I can only believe it, and wait for him." We successfully found the chat! Sadly, the last chat dialog does not contain any flag related information and I stop at this point until Ivan show up. Ivan is so bigbig that he discovered the flag format in such a tedious gameflow.  when Ivan bigbig tell us this discovery I immediately go back to the stringsed file. And I have the same founding with Ivan soon, so I also stopped at that stage for a while since Ivan seems like he almost finish the challenge along. But he said he missed something in the flag.  I noticed some weird parts already. First, ther are some weird * replaced the space/underscore/dash in the flag. such as `W1LL*@1WAY$`, and some parts are in double dash such as `PR1NC3$$--7H3`. There remains two direction: 1. There are some interference item in the code, 2. There are some ordering problem in the flag. the reason I thought of 2 is that the flags are cut into pieces and hide in to many chat dialog, and most of the dialog contains a place. I thought it is ordering by the place, but actually it doesnt bother at all. And another reason might be Ivan overlook something since it is so tedious to look at the game dialog or in stringsed format. So while Ivan start to programming to filter out the flag. I manually restart the investigation with my eyes. (special thanks to Lay who trained my eyes in firebird ctf). It let me easily spotted out the weird typo in the chat and found the flag. first attempt: `VolgaCTF{7H3-H3RO-W1LL-@1W@Y$-f1ND-PIRATENH3-FL@G-@ND-$@V3-PR1NC3$$--7H3-@1ON3}` `PIRATENH3` is a weird words in the flag, no wonder this attempt failed. this word is from here: `-here is a certain place fn the caverns where you 1an pass through a wall, Nut only in one direction. Dy grandfather told me -he Place Is neaR A TrEeN one slab. There Hay be other places, but 3 couldn\t say where.` if you filter out the cap and typo, you get `-f1ND-PIRATENH3`. I thought it was something like `...find pirate n the ...`, but with the overall content you can guess the flag should be something like `the hero will always find the flag and save the pricess alone` to have a smooth reading, so after several attemp to tune the right word I got this final flag: `VolgaCTF{7H3-H3RO-W1LL-@1W@Y$-f1ND-TH3-FL@G-@ND-$@V3-7H3-PR1NC3$$-@1ON3}` Ivan did a key job here to spot out the flag! He is the real bigbig can't solve without him.