Hey there!

Disclaimer: This chall is intended for new gamers only ;-)! You veterans got plenty of other Challenges which will keep you busy, so please pass this Challenge to someone, who never or rarely reversed before! We encourage everyone who never reversed anything to try this challenge. We believe in you and your future reversing skills =). You CAN do it!

The task is to find the correct input which will be the flag. See the challenge files for more instructions.

Let’s start with checking the file information.

It is a 64-bit ELF executable which is statically linked and stripped.

Let’s run it to get more information about it.

In order to find the key, let’s disasseble the binary.

It starts with a jmp to 0x4000D2.

Here we have a function call. Let’s analyze it.

Notice that pop rsi instruction before the first syscall, it loads the return address of this function to the rsi register which is 0x4000D7 and it contains the welcome message.

The syscalls are respectively as the followings:

Which means after printing the welcome message, it reads the key into the same buffer.

After reading the input, it xors each byte from 0x4000D7 to 0x400105 with the byte right next to it. Then, it compares the 0x2E of 0x4000D7 and 0x40010C.

Since we know the key needs to start with ‘f’, we can find out the rest of it.

Here is the IDC script to calculate the real flag.

After running the script, we get the flag which is flag{Yay_if_th1s_is_yer_f1rst_gnisrever_flag!}.