1. `wasm2c qCCYI0ajpD`, since `wasm-decompile qCCYI0ajpD`'s output is not quite useful(I later found this [walkthrough vid](https://youtu.be/GBM9wj_xmU0?t=117), he's using dcmp tho). And there's a section of hex numbers ```clike static const u8 data_segment_data_w2c__d0[] = { 0x9d, 0x6e, 0x93, 0xc8, 0xb2, 0xb9, 0x41, 0x8b, 0x9f, 0x90, 0x8c, 0x62, 0xc5, 0xc3, 0x95, 0x88, 0x34, 0xc8, 0x93, 0x92, 0x88, 0x3f, 0xc1, 0x92, 0xc7, 0xdb, 0x3f, 0xc8, 0x9e, 0xc7, 0x89, 0x31, 0xc6, 0xc5, 0xc9, 0x8b, 0x36, 0xc6, 0xc6, 0xc0, 0x90, 0x00, 0x00, }; static const u8 data_segment_data_w2c__d1[] = { 0xf1, 0xa7, 0xf0, 0x07, 0xed, }; ``` 2. Use [CyberChef](https://gchq.github.io/CyberChef/#recipe=XOR(%7B'option':'Hex','string':'0x9d,%200x6e,%200x93,%200xc8,0xb2,%200xb9,%200x41'%7D,'Standard',false)To_Hex('Space',0)To_Decimal('Space',false/disabled)&input=cGljb0NURg)  and we can see that the key set `0xf1, 0xa7, 0xf0, 0x07, 0xed` is being reversed. 3. Write a script to solve this. ```python= flag=[0x9d, 0x6e, 0x93, 0xc8, 0xb2, 0xb9, 0x41, 0x8b, 0x9f, 0x90, 0x8c, 0x62, 0xc5, 0xc3, 0x95, 0x88, 0x34, 0xc8, 0x93, 0x92, 0x88, 0x3f, 0xc1, 0x92, 0xc7, 0xdb, 0x3f, 0xc8, 0x9e, 0xc7, 0x89, 0x31, 0xc6, 0xc5, 0xc9, 0x8b, 0x36, 0xc6, 0xc6, 0xc0, 0x90, 0x00, 0x00] key=[0xed, 0x07, 0xf0, 0xa7,0xf1] index=0 plain="" for f in flag: plain+=chr(f^key[index%5]) index+=1 print(plain) ``` =>`picoCTF{8aae5dde384ce815668896d66b8f16a1}ð` <hr> So actually the key for `xor` operation in the previous challenge can be discovered this way😥