The environment is everything that isn’t me.


Let’s check the file format first.

Let’s disassemble its main function using IDA Pro.

The code looks really weird and meaningless. However, it has strings that indicates buffer overflow. That’s why I decided to check other functions and found this one.

This function has a loop that reads bytes from 0x201020 but skips one byte after reading a byte. Here is the decompilation of the function from IDA.

After checking the memory address of 0x201020, I noticed that the function above actually returns the flag. Then, I created a IDC script to print the flag to the IDA output window.

Here is the IDC script.

After running this script, I got the flag xiomara{reversing_is_fun_:-}.