{"componentChunkName":"component---src-templates-post-template-js","path":"/ctf-backdoorctf-2023-en","result":{"data":{"markdownRemark":{"id":"afaf0e27-8d7f-51d3-a0cb-12160c5d9719","html":"<blockquote>\n<p>This page has been machine-translated from the <a href=\"/ctf-backdoorctf-2023\">original page</a>.</p>\n</blockquote>\n<p>I participated in Backdoor CTF 2023, which started on December 16, 2023, with 0nePadding.</p>\n<p>We had fewer members than usual this time, but we still placed 57th out of 779 teams.</p>\n<p><span\n      class=\"gatsby-resp-image-wrapper\"\n      style=\"position: relative; display: block; margin-left: auto; margin-right: auto; max-width: 638px; \"\n    >\n      <a\n    class=\"gatsby-resp-image-link\"\n    href=\"/static/a80e8b5f2abdfa7ee4b83ab991802603/41be6/image-20231219124325476.png\"\n    style=\"display: block\"\n    target=\"_blank\"\n    rel=\"noopener\"\n  >\n    <span\n    class=\"gatsby-resp-image-background-image\"\n    style=\"padding-bottom: 40.416666666666664%; position: relative; bottom: 0; left: 0; background-image: url('data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABQAAAAICAIAAAB2/0i6AAAACXBIWXMAAAsTAAALEwEAmpwYAAAAsUlEQVQY042QQQ6DIBBFuYjEYpGiQQpKIJG4c+cNZOv9r9BvSRM3Wt8KknnzZ4bM87yua0pp27ZlWaqqet6DMUaUUs45Y0zf99ZaIcTrhzinrutdDiFM04RSmOjivS/LsigKSikej3N2GVrTNF3XIfl9AF+0z0VnECll27Zaa8RmzX65JSMZPmQMDGcYBnQZx5FzjrHZJQQJMUb4+WBIy6vi7Owfu4wcrJ0HxiWvRz3yAdavTEV4qPfDAAAAAElFTkSuQmCC'); background-size: cover; display: block;\"\n  ></span>\n  <picture>\n          <source\n              srcset=\"/static/a80e8b5f2abdfa7ee4b83ab991802603/8ac56/image-20231219124325476.webp 240w,\n/static/a80e8b5f2abdfa7ee4b83ab991802603/d3be9/image-20231219124325476.webp 480w,\n/static/a80e8b5f2abdfa7ee4b83ab991802603/a2d8a/image-20231219124325476.webp 638w\"\n              sizes=\"(max-width: 638px) 100vw, 638px\"\n              type=\"image/webp\"\n            />\n          <source\n            srcset=\"/static/a80e8b5f2abdfa7ee4b83ab991802603/8ff5a/image-20231219124325476.png 240w,\n/static/a80e8b5f2abdfa7ee4b83ab991802603/e85cb/image-20231219124325476.png 480w,\n/static/a80e8b5f2abdfa7ee4b83ab991802603/41be6/image-20231219124325476.png 638w\"\n            sizes=\"(max-width: 638px) 100vw, 638px\"\n            type=\"image/png\"\n          />\n          <img\n            class=\"gatsby-resp-image-image\"\n            src=\"/static/a80e8b5f2abdfa7ee4b83ab991802603/41be6/image-20231219124325476.png\"\n            alt=\"image-20231219124325476\"\n            title=\"image-20231219124325476\"\n            loading=\"lazy\"\n            style=\"width:100%;height:100%;margin:0;vertical-align:middle;position:absolute;top:0;left:0;\"\n          />\n        </picture>\n  </a>\n    </span></p>\n<p>There were several interesting challenges, and it was a lot of fun.</p>\n<p>As usual, I will write up a few of them.</p>\n<!-- omit in toc -->\n<h2 id=\"table-of-contents\" style=\"position:relative;\"><a href=\"#table-of-contents\" aria-label=\"table of contents permalink\" class=\"anchor before\"><svg aria-hidden=\"true\" focusable=\"false\" height=\"16\" version=\"1.1\" viewBox=\"0 0 16 16\" width=\"16\"><path fill-rule=\"evenodd\" d=\"M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1.22 2 2.5S13.98 12 13 12H9c-.98 0-2-1.22-2-2.5 0-.83.42-1.64 1-2.09V6.25c-1.09.53-2 1.84-2 3.25C6 11.31 7.55 13 9 13h4c1.45 0 3-1.69 3-3.5S14.5 6 13 6z\"></path></svg></a>Table of Contents</h2>\n<ul>\n<li><a href=\"#beginner-menaceforensic\">Beginner-menace(Forensic)</a></li>\n<li><a href=\"#headacheforensic\">Headache(Forensic)</a></li>\n<li><a href=\"#indecipherable-image-or-is-itforensic\">Indecipherable-image-or-is-it?(Forensic)</a></li>\n<li><a href=\"#opensesamerev\">OpenSesame(Rev)</a></li>\n<li><a href=\"#secret-doorrev\">Secret Door(Rev)</a></li>\n</ul>\n<h2 id=\"beginner-menaceforensic\" style=\"position:relative;\"><a href=\"#beginner-menaceforensic\" aria-label=\"beginner menaceforensic permalink\" class=\"anchor before\"><svg aria-hidden=\"true\" focusable=\"false\" height=\"16\" version=\"1.1\" viewBox=\"0 0 16 16\" width=\"16\"><path fill-rule=\"evenodd\" d=\"M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1.22 2 2.5S13.98 12 13 12H9c-.98 0-2-1.22-2-2.5 0-.83.42-1.64 1-2.09V6.25c-1.09.53-2 1.84-2 3.25C6 11.31 7.55 13 9 13h4c1.45 0 3-1.69 3-3.5S14.5 6 13 6z\"></path></svg></a>Beginner-menace(Forensic)</h2>\n<blockquote>\n<p>Go off now and enjoy the 2 days of unlimited fun.</p>\n</blockquote>\n<p>You can obtain the flag by checking the Exif data of the file given as the challenge binary.</p>\n<div class=\"gatsby-highlight\" data-language=\"bash\"><pre class=\"language-bash\"><code class=\"language-bash\">$ exiftool friend.jpeg\nExifTool Version Number         <span class=\"token builtin class-name\">:</span> <span class=\"token number\">12.40</span>\nFile Name                       <span class=\"token builtin class-name\">:</span> friend.jpeg\nDirectory                       <span class=\"token builtin class-name\">:</span> <span class=\"token builtin class-name\">.</span>\nFile Size                       <span class=\"token builtin class-name\">:</span> <span class=\"token number\">6.3</span> KiB\nFile Modification Date/Time     <span class=\"token builtin class-name\">:</span> <span class=\"token number\">2023</span>:12:16 <span class=\"token number\">20</span>:26:01+00:00\nFile Access Date/Time           <span class=\"token builtin class-name\">:</span> <span class=\"token number\">2023</span>:12:16 <span class=\"token number\">20</span>:26:01+00:00\nFile Inode Change Date/Time     <span class=\"token builtin class-name\">:</span> <span class=\"token number\">2023</span>:12:16 <span class=\"token number\">20</span>:26:01+00:00\nFile Permissions                <span class=\"token builtin class-name\">:</span> -rw-r--r--\nFile Type                       <span class=\"token builtin class-name\">:</span> JPEG\nFile Type Extension             <span class=\"token builtin class-name\">:</span> jpg\nMIME Type                       <span class=\"token builtin class-name\">:</span> image/jpeg\nJFIF Version                    <span class=\"token builtin class-name\">:</span> <span class=\"token number\">1.01</span>\nExif Byte Order                 <span class=\"token builtin class-name\">:</span> Big-endian <span class=\"token punctuation\">(</span>Motorola, MM<span class=\"token punctuation\">)</span>\nX Resolution                    <span class=\"token builtin class-name\">:</span> <span class=\"token number\">1</span>\nY Resolution                    <span class=\"token builtin class-name\">:</span> <span class=\"token number\">1</span>\nResolution Unit                 <span class=\"token builtin class-name\">:</span> None\nArtist                          <span class=\"token builtin class-name\">:</span> flag<span class=\"token punctuation\">{</span>7h3_r34l_ctf_15_7h3_fr13nd5_w3_m4k3_al0ng<span class=\"token punctuation\">}</span>\nY Cb Cr Positioning             <span class=\"token builtin class-name\">:</span> Centered\nImage Width                     <span class=\"token builtin class-name\">:</span> <span class=\"token number\">266</span>\nImage Height                    <span class=\"token builtin class-name\">:</span> <span class=\"token number\">190</span>\nEncoding Process                <span class=\"token builtin class-name\">:</span> Baseline DCT, Huffman coding\nBits Per Sample                 <span class=\"token builtin class-name\">:</span> <span class=\"token number\">8</span>\nColor Components                <span class=\"token builtin class-name\">:</span> <span class=\"token number\">3</span>\nY Cb Cr Sub Sampling            <span class=\"token builtin class-name\">:</span> YCbCr4:2:0 <span class=\"token punctuation\">(</span><span class=\"token number\">2</span> <span class=\"token number\">2</span><span class=\"token punctuation\">)</span>\nImage Size                      <span class=\"token builtin class-name\">:</span> 266x190\nMegapixels                      <span class=\"token builtin class-name\">:</span> <span class=\"token number\">0.051</span></code></pre></div>\n<h2 id=\"headacheforensic\" style=\"position:relative;\"><a href=\"#headacheforensic\" aria-label=\"headacheforensic permalink\" class=\"anchor before\"><svg aria-hidden=\"true\" focusable=\"false\" height=\"16\" version=\"1.1\" viewBox=\"0 0 16 16\" width=\"16\"><path fill-rule=\"evenodd\" d=\"M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1.22 2 2.5S13.98 12 13 12H9c-.98 0-2-1.22-2-2.5 0-.83.42-1.64 1-2.09V6.25c-1.09.53-2 1.84-2 3.25C6 11.31 7.55 13 9 13h4c1.45 0 3-1.69 3-3.5S14.5 6 13 6z\"></path></svg></a>Headache(Forensic)</h2>\n<blockquote>\n<p>I’ve had a headache since last evening. Is there a magic spell that can cure it immediately?</p>\n</blockquote>\n<p>The file given as the challenge binary was corrupted, so I opened it in a binary editor. There was a region that appeared to be the <code class=\"language-text\">IHDR</code> chunk, but the magic number at the beginning was not that of a PNG file.</p>\n<p><span\n      class=\"gatsby-resp-image-wrapper\"\n      style=\"position: relative; display: block; margin-left: auto; margin-right: auto; max-width: 675px; \"\n    >\n      <a\n    class=\"gatsby-resp-image-link\"\n    href=\"/static/340ea327c0741031bab15320c598af71/23296/image-20231219221637396.png\"\n    style=\"display: block\"\n    target=\"_blank\"\n    rel=\"noopener\"\n  >\n    <span\n    class=\"gatsby-resp-image-background-image\"\n    style=\"padding-bottom: 44.166666666666664%; position: relative; bottom: 0; left: 0; background-image: url('data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABQAAAAJCAYAAAAywQxIAAAACXBIWXMAAAsTAAALEwEAmpwYAAABPElEQVQoz1WRWZKDMAxEfQpIUgmBBDBgdsh2/4NpeMqohvnoaglD+0m4LKtkXj/SdKMkaSZRFEkcx3+K4v/9r3jveDzK6XRSR4fDQZwvSwl1I9M4yrLM6l3XyTzPEkKr3neDDO0k43ZWVX5TJU3TSJqmcj6f5XK5qCNXbwd5Xkjbfj9e11WmaVJH7/db/fF46LldRh9CkOv1KkmSSFEUUm5wzleNtBAMg7xeL33x+XyqL8uigdQWXNe1BkDlvdcgSG+3m9auLLcRtpG5DTLG6vteL4AG0XOGE0gANIx+v981jGfUTsPab4CNDBm19ZDj9OyOAESAXUAPsSt9JXUT9EXo+AganEsI4rkR2piI/eGsIM/zb+CecE/GHq22n8Q5REaWZZmG0hu5K3Y7hITgvWynOIICItsbgdQW/gMxDApwF8R4KgAAAABJRU5ErkJggg=='); background-size: cover; display: block;\"\n  ></span>\n  <picture>\n          <source\n              srcset=\"/static/340ea327c0741031bab15320c598af71/8ac56/image-20231219221637396.webp 240w,\n/static/340ea327c0741031bab15320c598af71/d3be9/image-20231219221637396.webp 480w,\n/static/340ea327c0741031bab15320c598af71/3bfaf/image-20231219221637396.webp 675w\"\n              sizes=\"(max-width: 675px) 100vw, 675px\"\n              type=\"image/webp\"\n            />\n          <source\n            srcset=\"/static/340ea327c0741031bab15320c598af71/8ff5a/image-20231219221637396.png 240w,\n/static/340ea327c0741031bab15320c598af71/e85cb/image-20231219221637396.png 480w,\n/static/340ea327c0741031bab15320c598af71/23296/image-20231219221637396.png 675w\"\n            sizes=\"(max-width: 675px) 100vw, 675px\"\n            type=\"image/png\"\n          />\n          <img\n            class=\"gatsby-resp-image-image\"\n            src=\"/static/340ea327c0741031bab15320c598af71/23296/image-20231219221637396.png\"\n            alt=\"image-20231219221637396\"\n            title=\"image-20231219221637396\"\n            loading=\"lazy\"\n            style=\"width:100%;height:100%;margin:0;vertical-align:middle;position:absolute;top:0;left:0;\"\n          />\n        </picture>\n  </a>\n    </span></p>\n<p>Given that the challenge name was Headache, it seemed that the broken header itself was the point of the problem.</p>\n<p>So I changed the first 4 bytes to <code class=\"language-text\">89 50 4E 47</code>.</p>\n<p><span\n      class=\"gatsby-resp-image-wrapper\"\n      style=\"position: relative; display: block; margin-left: auto; margin-right: auto; max-width: 675px; \"\n    >\n      <a\n    class=\"gatsby-resp-image-link\"\n    href=\"/static/36c08ecf6b3b53e480c159ecb4b7c6b5/23296/image-20231219221826913.png\"\n    style=\"display: block\"\n    target=\"_blank\"\n    rel=\"noopener\"\n  >\n    <span\n    class=\"gatsby-resp-image-background-image\"\n    style=\"padding-bottom: 47.91666666666667%; position: relative; bottom: 0; left: 0; background-image: url('data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABQAAAAKCAYAAAC0VX7mAAAACXBIWXMAAAsTAAALEwEAmpwYAAABX0lEQVQoz1WSWZaCQAxF2YUjKspYQAEqgz/uf1fpurFD2x85SQpy671A1PaT5K6VOEllt9vJZrPR2G63Gp/674x3LPb7/Rr2fuQbL9630jS15jzPxdVOyqKUsqqkDnWRhVzVkmWpnE4nuVwuGsfjcY3D4aA5yrJcyrKU5/Mp0zTJ4/GQZVk0v14vPVvmRcbnKPf7Xbquk/f7LeM4yvl81gvIaZrK9XqVqPVDUFQrkGAIYN/3K5jMOXWSJDqMQmqCGmdFUUhUB8tV5fRl1ADidu+9npE5H4ZBw2AMV2El9Aa93W4AO3GuVhADAKjJ9Fic5znsuPmnEHuoosYyMPqo8b0qNGVAsA6IHqsopOeZDaIIGHUcx+GDZR+g+7XMAMNt2yrouwdERjXKsMswykwd9j8fpRvCr9EoBGUMowgYVq3nGb3tynYJEDgw6qhyzaqQHX1nC1PKWoDYr0JYbxf8AGL4J8MNUFpiAAAAAElFTkSuQmCC'); background-size: cover; display: block;\"\n  ></span>\n  <picture>\n          <source\n              srcset=\"/static/36c08ecf6b3b53e480c159ecb4b7c6b5/8ac56/image-20231219221826913.webp 240w,\n/static/36c08ecf6b3b53e480c159ecb4b7c6b5/d3be9/image-20231219221826913.webp 480w,\n/static/36c08ecf6b3b53e480c159ecb4b7c6b5/3bfaf/image-20231219221826913.webp 675w\"\n              sizes=\"(max-width: 675px) 100vw, 675px\"\n              type=\"image/webp\"\n            />\n          <source\n            srcset=\"/static/36c08ecf6b3b53e480c159ecb4b7c6b5/8ff5a/image-20231219221826913.png 240w,\n/static/36c08ecf6b3b53e480c159ecb4b7c6b5/e85cb/image-20231219221826913.png 480w,\n/static/36c08ecf6b3b53e480c159ecb4b7c6b5/23296/image-20231219221826913.png 675w\"\n            sizes=\"(max-width: 675px) 100vw, 675px\"\n            type=\"image/png\"\n          />\n          <img\n            class=\"gatsby-resp-image-image\"\n            src=\"/static/36c08ecf6b3b53e480c159ecb4b7c6b5/23296/image-20231219221826913.png\"\n            alt=\"image-20231219221826913\"\n            title=\"image-20231219221826913\"\n            loading=\"lazy\"\n            style=\"width:100%;height:100%;margin:0;vertical-align:middle;position:absolute;top:0;left:0;\"\n          />\n        </picture>\n  </a>\n    </span></p>\n<p>After that, the file was repaired, and I could open the following image.</p>\n<p><span\n      class=\"gatsby-resp-image-wrapper\"\n      style=\"position: relative; display: block; margin-left: auto; margin-right: auto; max-width: 927px; \"\n    >\n      <a\n    class=\"gatsby-resp-image-link\"\n    href=\"/static/91f6096a232ebb427edce0b46bf0b01e/e4374/image-20231219221904662.png\"\n    style=\"display: block\"\n    target=\"_blank\"\n    rel=\"noopener\"\n  >\n    <span\n    class=\"gatsby-resp-image-background-image\"\n    style=\"padding-bottom: 54.58333333333334%; position: relative; bottom: 0; left: 0; background-image: url('data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABQAAAALCAYAAAB/Ca1DAAAACXBIWXMAAAsTAAALEwEAmpwYAAABD0lEQVQoz61S2W7DIBD0//9dH6r2oVEVW3LkxhfF5lyYAglucFqpUrNotQgtw8wslfceOfI+1vIcf4p4p9oDeOeKhnxuF4JlFpZ8yhiMW/STxudit74EaEmCiw4uLFoWrPUBeuyxNu9gL08wbITsNORRYBoknt84ul6BrxbNSWCYNZy7AXSOEuC01JjaV6juBNHWMPMIPZwDOxYekIGhgeQCH4NO7OjKVkgClYCRsoMyHFLNF7n43TipKIHEOs4myTbmYlVVmh9Eh4xY2b99RpBDs+LYCrDgXTeoBBrlbwzvp+rLQd1UpV2SSfTdLzWlwRSAd9Pe/RX/w9/J/Xkgm+T/ZnL8uq/w4KiMMXhkfgGYJGKAFFl0AAAAAABJRU5ErkJggg=='); background-size: cover; display: block;\"\n  ></span>\n  <picture>\n          <source\n              srcset=\"/static/91f6096a232ebb427edce0b46bf0b01e/8ac56/image-20231219221904662.webp 240w,\n/static/91f6096a232ebb427edce0b46bf0b01e/d3be9/image-20231219221904662.webp 480w,\n/static/91f6096a232ebb427edce0b46bf0b01e/4c2b6/image-20231219221904662.webp 927w\"\n              sizes=\"(max-width: 927px) 100vw, 927px\"\n              type=\"image/webp\"\n            />\n          <source\n            srcset=\"/static/91f6096a232ebb427edce0b46bf0b01e/8ff5a/image-20231219221904662.png 240w,\n/static/91f6096a232ebb427edce0b46bf0b01e/e85cb/image-20231219221904662.png 480w,\n/static/91f6096a232ebb427edce0b46bf0b01e/e4374/image-20231219221904662.png 927w\"\n            sizes=\"(max-width: 927px) 100vw, 927px\"\n            type=\"image/png\"\n          />\n          <img\n            class=\"gatsby-resp-image-image\"\n            src=\"/static/91f6096a232ebb427edce0b46bf0b01e/e4374/image-20231219221904662.png\"\n            alt=\"image-20231219221904662\"\n            title=\"image-20231219221904662\"\n            loading=\"lazy\"\n            style=\"width:100%;height:100%;margin:0;vertical-align:middle;position:absolute;top:0;left:0;\"\n          />\n        </picture>\n  </a>\n    </span></p>\n<p>However, even after trying various patterns such as <code class=\"language-text\">flag{8p3ll_15_8g_50_4E_47}</code>, I still could not get it accepted as the correct flag.</p>\n<p>Then, based on a sharp comment from a teammate, I entered <code class=\"language-text\">flag{sp3ll_15_89_50_4E_47}</code>, which turned out to be accepted.</p>\n<p><span\n      class=\"gatsby-resp-image-wrapper\"\n      style=\"position: relative; display: block; margin-left: auto; margin-right: auto; max-width: 289px; \"\n    >\n      <a\n    class=\"gatsby-resp-image-link\"\n    href=\"/static/07db81714b25d1616c8a4d36b95d2da6/c969a/image-20231219222029052.png\"\n    style=\"display: block\"\n    target=\"_blank\"\n    rel=\"noopener\"\n  >\n    <span\n    class=\"gatsby-resp-image-background-image\"\n    style=\"padding-bottom: 16.666666666666664%; position: relative; bottom: 0; left: 0; background-image: url('data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABQAAAADCAYAAACTWi8uAAAACXBIWXMAAAsTAAALEwEAmpwYAAAAaUlEQVQI15WMWw5DQAAAnUjR6rL1WFmxVYq2q0kj7n+MqUj88zGZ+RpHpprXd6azP0zd458jXC/EC8Tam/fiCFlQmpYk0xS6JpJqISe4xIdn6zBVFXacaNo3z2Fc/OH+6IhvOSf/enj4B2soZBH6Ej8yAAAAAElFTkSuQmCC'); background-size: cover; display: block;\"\n  ></span>\n  <picture>\n          <source\n              srcset=\"/static/07db81714b25d1616c8a4d36b95d2da6/8ac56/image-20231219222029052.webp 240w,\n/static/07db81714b25d1616c8a4d36b95d2da6/99c3f/image-20231219222029052.webp 289w\"\n              sizes=\"(max-width: 289px) 100vw, 289px\"\n              type=\"image/webp\"\n            />\n          <source\n            srcset=\"/static/07db81714b25d1616c8a4d36b95d2da6/8ff5a/image-20231219222029052.png 240w,\n/static/07db81714b25d1616c8a4d36b95d2da6/c969a/image-20231219222029052.png 289w\"\n            sizes=\"(max-width: 289px) 100vw, 289px\"\n            type=\"image/png\"\n          />\n          <img\n            class=\"gatsby-resp-image-image\"\n            src=\"/static/07db81714b25d1616c8a4d36b95d2da6/c969a/image-20231219222029052.png\"\n            alt=\"image-20231219222029052\"\n            title=\"image-20231219222029052\"\n            loading=\"lazy\"\n            style=\"width:100%;height:100%;margin:0;vertical-align:middle;position:absolute;top:0;left:0;\"\n          />\n        </picture>\n  </a>\n    </span></p>\n<p>Being forced to replace <code class=\"language-text\">8</code> with <code class=\"language-text\">s</code> felt a bit too guessy, but it solved the challenge, so fine.</p>\n<h2 id=\"indecipherable-image-or-is-itforensic\" style=\"position:relative;\"><a href=\"#indecipherable-image-or-is-itforensic\" aria-label=\"indecipherable image or is itforensic permalink\" class=\"anchor before\"><svg aria-hidden=\"true\" focusable=\"false\" height=\"16\" version=\"1.1\" viewBox=\"0 0 16 16\" width=\"16\"><path fill-rule=\"evenodd\" d=\"M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1.22 2 2.5S13.98 12 13 12H9c-.98 0-2-1.22-2-2.5 0-.83.42-1.64 1-2.09V6.25c-1.09.53-2 1.84-2 3.25C6 11.31 7.55 13 9 13h4c1.45 0 3-1.69 3-3.5S14.5 6 13 6z\"></path></svg></a>Indecipherable-image-or-is-it?(Forensic)</h2>\n<blockquote>\n<p>How ‘bout an easy Steg challenge, Just remember that brute-forcing is not an option!</p>\n</blockquote>\n<p>Running <code class=\"language-text\">zsteg -a</code> against the PNG file given as the challenge binary showed that it contained the data of a zipped JPEG file and a flag-like string, <code class=\"language-text\">keka{1b0asx2w_hbin9K_Ah_6xwm0L}</code>.</p>\n<p><span\n      class=\"gatsby-resp-image-wrapper\"\n      style=\"position: relative; display: block; margin-left: auto; margin-right: auto; max-width: 960px; \"\n    >\n      <a\n    class=\"gatsby-resp-image-link\"\n    href=\"/static/8a40a837839f483f1f39a1886e96e102/18c13/image-20231221194915059.png\"\n    style=\"display: block\"\n    target=\"_blank\"\n    rel=\"noopener\"\n  >\n    <span\n    class=\"gatsby-resp-image-background-image\"\n    style=\"padding-bottom: 52.083333333333336%; position: relative; bottom: 0; left: 0; background-image: url('data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABQAAAAKCAYAAAC0VX7mAAAACXBIWXMAAAsTAAALEwEAmpwYAAAB80lEQVQoz22S3XPSUBDFedG22hb7oY1iHSilQEkggQYCCSlIICQEEiotUGf0wQc7Ptn//+G4u47aOn3Y2Zt7c3577u5N9dNFLPIWvLcGnEMVftZCmLMwVmoIFV3y+J2BgNbDoxpGFN6BiuaLU3ivNTivyrC3C+juFNCmnLIONdyvfmDViZEYPj67V5jXx7huRvJ91QiwduaSP12EiGtDzKoePCoaU+4dm1CfZ6FTgdpWHqnWfgXfJ19IMIZfcLAg0eS8h6jSx6TcQ0hxQ/Cp+hEzbYDRqS3QRB/Jmg1VN08EyCEOf97cYdWekcDD2k5EyCKOiEC3tJfoQ8zJMYO5iKMY8E7asKkV2kbuH1AcRl/pmr78yA7ZHUMn7JLcLswJgpKLsHQJ/6yLKZ1d0x4XbD/l8H55hyU55B/XdizXWZih9IpFS2sqZ7zPRdfUbzYwoAF23lQfA1s0sW+jWyQkDIquANhNpA4I4gmAr8r9DcjhMN+RQXD/7CMd5t45ag+B3eMGhkVHmnuxW8LlB5MqmwgzOuIcCRWNnocKJ11Cb6+M5m4R+suCTLS+w+vf0/0LtDMGLKWKBr1H9VkWzYMK3Pd1xGoPidZHK30GfYscbObFCYv/AP5fC9AlNxxtgvKmSUAnU6epx9LX5r76qEdPxUOHvwAmiD7F29eCowAAAABJRU5ErkJggg=='); background-size: cover; display: block;\"\n  ></span>\n  <picture>\n          <source\n              srcset=\"/static/8a40a837839f483f1f39a1886e96e102/8ac56/image-20231221194915059.webp 240w,\n/static/8a40a837839f483f1f39a1886e96e102/d3be9/image-20231221194915059.webp 480w,\n/static/8a40a837839f483f1f39a1886e96e102/e46b2/image-20231221194915059.webp 960w,\n/static/8a40a837839f483f1f39a1886e96e102/49597/image-20231221194915059.webp 1005w\"\n              sizes=\"(max-width: 960px) 100vw, 960px\"\n              type=\"image/webp\"\n            />\n          <source\n            srcset=\"/static/8a40a837839f483f1f39a1886e96e102/8ff5a/image-20231221194915059.png 240w,\n/static/8a40a837839f483f1f39a1886e96e102/e85cb/image-20231221194915059.png 480w,\n/static/8a40a837839f483f1f39a1886e96e102/d9199/image-20231221194915059.png 960w,\n/static/8a40a837839f483f1f39a1886e96e102/18c13/image-20231221194915059.png 1005w\"\n            sizes=\"(max-width: 960px) 100vw, 960px\"\n            type=\"image/png\"\n          />\n          <img\n            class=\"gatsby-resp-image-image\"\n            src=\"/static/8a40a837839f483f1f39a1886e96e102/d9199/image-20231221194915059.png\"\n            alt=\"image-20231221194915059\"\n            title=\"image-20231221194915059\"\n            loading=\"lazy\"\n            style=\"width:100%;height:100%;margin:0;vertical-align:middle;position:absolute;top:0;left:0;\"\n          />\n        </picture>\n  </a>\n    </span></p>\n<p>After extracting and unpacking this ZIP file, I used <a href=\"https://r4ygm.github.io/stegbrute/\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">stegbrute</a> to brute-force steghide and obtained a file containing the string <code class=\"language-text\">F4K5FL4G</code>.</p>\n<p><span\n      class=\"gatsby-resp-image-wrapper\"\n      style=\"position: relative; display: block; margin-left: auto; margin-right: auto; max-width: 603px; \"\n    >\n      <a\n    class=\"gatsby-resp-image-link\"\n    href=\"/static/218a2f9d59e2acc843e6bbcc48e9f221/9128f/image-20231221195725344.png\"\n    style=\"display: block\"\n    target=\"_blank\"\n    rel=\"noopener\"\n  >\n    <span\n    class=\"gatsby-resp-image-background-image\"\n    style=\"padding-bottom: 23.75%; position: relative; bottom: 0; left: 0; background-image: url('data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABQAAAAFCAYAAABFA8wzAAAACXBIWXMAAAsTAAALEwEAmpwYAAAAqUlEQVQY05WNWQ6DMAxEcwkWKRsocUJSqEoluP/NpjgsKv3rx8tYMxlbTO8VnR9gKUEqg6qq0DQN6rq+9Bf2z6xt2xviOU145LyRME4jQgjw5JE3jzwhxgE5ZaSUNjIi594XYowwxkBKCaVUQTjnkLbysi6Y5xe882CPF7NyMdC+hIiKsn9mfd+j67oLwY+1FqfyRUZrfcy6zBdHfmas3z1hbh/28D/u/Q89+olbBo3R1QAAAABJRU5ErkJggg=='); background-size: cover; display: block;\"\n  ></span>\n  <picture>\n          <source\n              srcset=\"/static/218a2f9d59e2acc843e6bbcc48e9f221/8ac56/image-20231221195725344.webp 240w,\n/static/218a2f9d59e2acc843e6bbcc48e9f221/d3be9/image-20231221195725344.webp 480w,\n/static/218a2f9d59e2acc843e6bbcc48e9f221/e7dd8/image-20231221195725344.webp 603w\"\n              sizes=\"(max-width: 603px) 100vw, 603px\"\n              type=\"image/webp\"\n            />\n          <source\n            srcset=\"/static/218a2f9d59e2acc843e6bbcc48e9f221/8ff5a/image-20231221195725344.png 240w,\n/static/218a2f9d59e2acc843e6bbcc48e9f221/e85cb/image-20231221195725344.png 480w,\n/static/218a2f9d59e2acc843e6bbcc48e9f221/9128f/image-20231221195725344.png 603w\"\n            sizes=\"(max-width: 603px) 100vw, 603px\"\n            type=\"image/png\"\n          />\n          <img\n            class=\"gatsby-resp-image-image\"\n            src=\"/static/218a2f9d59e2acc843e6bbcc48e9f221/9128f/image-20231221195725344.png\"\n            alt=\"image-20231221195725344\"\n            title=\"image-20231221195725344\"\n            loading=\"lazy\"\n            style=\"width:100%;height:100%;margin:0;vertical-align:middle;position:absolute;top:0;left:0;\"\n          />\n        </picture>\n  </a>\n    </span></p>\n<p>I got stuck there during the contest, but apparently if you use <code class=\"language-text\">F4K5FL4G</code> as the key and decrypt the string <code class=\"language-text\">keka{1b0asx2w_hbin9K_Ah_6xwm0L}</code> with a Vigenere cipher, you can obtain the correct flag.</p>\n<p>Because the braces and underscores seemed to be preserved, I had guessed that it was some kind of substitution cipher or ROT-style cipher, but simply throwing it into CyberChef did not decrypt it, and I did not get as far as trying different Vigenere settings.</p>\n<p><span\n      class=\"gatsby-resp-image-wrapper\"\n      style=\"position: relative; display: block; margin-left: auto; margin-right: auto; max-width: 621px; \"\n    >\n      <a\n    class=\"gatsby-resp-image-link\"\n    href=\"/static/3b1fdda92bf892eb1b400e5f4db54d83/3075e/image-20231221200515912.png\"\n    style=\"display: block\"\n    target=\"_blank\"\n    rel=\"noopener\"\n  >\n    <span\n    class=\"gatsby-resp-image-background-image\"\n    style=\"padding-bottom: 37.5%; position: relative; bottom: 0; left: 0; background-image: url('data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABQAAAAICAYAAAD5nd/tAAAACXBIWXMAAAsTAAALEwEAmpwYAAABbUlEQVQoz42QbY+TQBSF+f+/xQ/1D5i4iW5ijEY3tnXbXaEtAuVlhhkozHTaxwv7xW5i4k0O5wL35ZwbpVlKP5wYz47145ov376y/LniWB1plBU2uDOMHpx/4Qmm82R5wSHd8yt+ZrPd8GO1JEq2W7pGMRrL/umJ7XJJ8rhBlyXp7hPx83t084BtH2ib71j9kpfFZ1SzR2tDVVUURUGWZUTlxw8U9/f8vrvDrNe0MrRerTC7HSfzjk69pa0WwgtMvcA2i/mbKt9w9jteR3QSJa5tccbcoJONndganVgc4Sy2w0U4gJf8IrlzAaUagcbaDiN9kT0c6EXqNCQ4RxiGGb0sKo85eZ5JsZGhg+A0Yxh6vHfk0pckCWmaSl1OK8Ii33V4a28h9/R9L3fJieNYlEqNF7Ui1cnSiUMI878J0+2mgbNC/hFBPGmt561aLE3FdV0Lt7PF6V0pJWrH2xter1deQx5cRMGc/0f83fsHwV9hvSNpkKEAAAAASUVORK5CYII='); background-size: cover; display: block;\"\n  ></span>\n  <picture>\n          <source\n              srcset=\"/static/3b1fdda92bf892eb1b400e5f4db54d83/8ac56/image-20231221200515912.webp 240w,\n/static/3b1fdda92bf892eb1b400e5f4db54d83/d3be9/image-20231221200515912.webp 480w,\n/static/3b1fdda92bf892eb1b400e5f4db54d83/b2315/image-20231221200515912.webp 621w\"\n              sizes=\"(max-width: 621px) 100vw, 621px\"\n              type=\"image/webp\"\n            />\n          <source\n            srcset=\"/static/3b1fdda92bf892eb1b400e5f4db54d83/8ff5a/image-20231221200515912.png 240w,\n/static/3b1fdda92bf892eb1b400e5f4db54d83/e85cb/image-20231221200515912.png 480w,\n/static/3b1fdda92bf892eb1b400e5f4db54d83/3075e/image-20231221200515912.png 621w\"\n            sizes=\"(max-width: 621px) 100vw, 621px\"\n            type=\"image/png\"\n          />\n          <img\n            class=\"gatsby-resp-image-image\"\n            src=\"/static/3b1fdda92bf892eb1b400e5f4db54d83/3075e/image-20231221200515912.png\"\n            alt=\"image-20231221200515912\"\n            title=\"image-20231221200515912\"\n            loading=\"lazy\"\n            style=\"width:100%;height:100%;margin:0;vertical-align:middle;position:absolute;top:0;left:0;\"\n          />\n        </picture>\n  </a>\n    </span></p>\n<p>In the end, I found that using <code class=\"language-text\">ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890</code> as the Alphabet and <code class=\"language-text\">F4K5FL4G</code> as the Key on dcode.fr yields the correct flag, <code class=\"language-text\">flag{v1g5n5r3_c1ph4R_1n_1m4g5S}</code>.</p>\n<p><span\n      class=\"gatsby-resp-image-wrapper\"\n      style=\"position: relative; display: block; margin-left: auto; margin-right: auto; max-width: 436px; \"\n    >\n      <a\n    class=\"gatsby-resp-image-link\"\n    href=\"/static/088cb618f38c764bd965ab47b43d3d33/8574c/image-20231221201025917.png\"\n    style=\"display: block\"\n    target=\"_blank\"\n    rel=\"noopener\"\n  >\n    <span\n    class=\"gatsby-resp-image-background-image\"\n    style=\"padding-bottom: 105%; position: relative; bottom: 0; left: 0; background-image: url('data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABQAAAAVCAYAAABG1c6oAAAACXBIWXMAAAsTAAALEwEAmpwYAAADpUlEQVQ4y5VUaW/bRhTUjy76Q4oC/dJPDQqkR+oUTeq4sZ2oqGPZsnWbsi5KvI8ll5Rkm5REaTqk5cBy3QJdcPCWu8vZ2bfzWLJ7+6ifvIBy/hLtyve4+Pgtuhc/ol9/hcbJd2h+eoGzo2/gjI6xmilIZBNp1CLa7Ld2kHKuNB8cI7z4DeLsV0TKEWT3EKL6BvLyLYLLNxD13+Ge7mGmnSJq7CNuH2KqHCNqHmBBkkXc2W7A/rSNknW9j37tZwxqrzCgqlHrNdT2a1xfvMSosYepXUFkfioQan9CGieQ+l/34Jg0Tz4jUA5QiqwKVO48rL6F2nwPtfYOo8t30Gp/wNcvMZd9oofbqE8MdsG5W7mNfJ87LZSkN4SpjWGqQ1j6BK7B/ngI3zYhQx82YygF1tniX5HlcZ1hmQYoLROJ59qGWG824ENs8F/tYT7nImG4HVwXE5styf9q2w9WaUTCu2BnMG/rbFUgK2JWHGcXq11wXS4kufFRSqYqQtFFFHYhxRWhULqPbBFgswyQpT6Wd+5nrBKPSkSxZpkIvvtbCKRznYRSgaefwVEr8LRzeJNT3Po93EUaHIs3HFskjkgcYr2UVOEimZlMmIf1wuM4kXjFxqs7E6VF1EGkNeFenSPSu7BGXYyVOizedr8/gK7p8H2BMAgQhhJCBPA9C8LTC+Sqc7IsV31LwuVMpZoJbsQId7GOKLIRSQuec43A7cE1O7CNDm3EzfQWHL4Le4BY2phy7T2h94jwxuCRJI/DI+V5WwhsUhfCKMOZfKA/D2EzunoZ9vgIzvgYgVnBmmsejrxKHhEmc5W5OoPvXHL3CmMdwq1TFUvNbzFXgnAKrBOHH+Ww73OWI3lCGDc+IhjXEBgN1mMbgdZAqLfhj+uYcex9uYYvv77AF19VUa4OWT0OdIN5dQZU+Byh1kIwahB1xIaCcNxErF8hGDCOG+hUz/HL3gf89MMBmuxrrQoGzTMEvkVrxSR7ksMZL0SoDYhRDSGj1K4Ym8UGkUYHWLmFDIC5zVgESWQijVVehrf14VOFYsjfUhty0sLM6VEdDT7pIDYVKu4wvyos28YqW2K5SLBaEos5MStI/3EpMe0SUJHoVSF53GDISxkyj9zA79cgJgqCCX9fwqATpryIkJD3SJ4hTGcaFnMb6dRgtArk/XRmFf4MTFaPfkr7lDELFVaFW+TtIXf3ZffEh7n/sjxHj5CPrWiT2KdKm7bi33keXG1r2X9EtKvwb/ewHmQXmWZ7AAAAAElFTkSuQmCC'); background-size: cover; display: block;\"\n  ></span>\n  <picture>\n          <source\n              srcset=\"/static/088cb618f38c764bd965ab47b43d3d33/8ac56/image-20231221201025917.webp 240w,\n/static/088cb618f38c764bd965ab47b43d3d33/bfa8c/image-20231221201025917.webp 436w\"\n              sizes=\"(max-width: 436px) 100vw, 436px\"\n              type=\"image/webp\"\n            />\n          <source\n            srcset=\"/static/088cb618f38c764bd965ab47b43d3d33/8ff5a/image-20231221201025917.png 240w,\n/static/088cb618f38c764bd965ab47b43d3d33/8574c/image-20231221201025917.png 436w\"\n            sizes=\"(max-width: 436px) 100vw, 436px\"\n            type=\"image/png\"\n          />\n          <img\n            class=\"gatsby-resp-image-image\"\n            src=\"/static/088cb618f38c764bd965ab47b43d3d33/8574c/image-20231221201025917.png\"\n            alt=\"image-20231221201025917\"\n            title=\"image-20231221201025917\"\n            loading=\"lazy\"\n            style=\"width:100%;height:100%;margin:0;vertical-align:middle;position:absolute;top:0;left:0;\"\n          />\n        </picture>\n  </a>\n    </span></p>\n<p>The alphabet choice feels a little too guess-heavy.</p>\n<h2 id=\"opensesamerev\" style=\"position:relative;\"><a href=\"#opensesamerev\" aria-label=\"opensesamerev permalink\" class=\"anchor before\"><svg aria-hidden=\"true\" focusable=\"false\" height=\"16\" version=\"1.1\" viewBox=\"0 0 16 16\" width=\"16\"><path fill-rule=\"evenodd\" d=\"M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1.22 2 2.5S13.98 12 13 12H9c-.98 0-2-1.22-2-2.5 0-.83.42-1.64 1-2.09V6.25c-1.09.53-2 1.84-2 3.25C6 11.31 7.55 13 9 13h4c1.45 0 3-1.69 3-3.5S14.5 6 13 6z\"></path></svg></a>OpenSesame(Rev)</h2>\n<blockquote>\n<p>Whisper the phrase, unveil with ‘Open Sesame</p>\n</blockquote>\n<p>When I unpacked and analyzed the APK given as the challenge binary, I found that it was an app that validates a username and password, and I confirmed that it does not use any native libraries.</p>\n<p>So, to start with, I looked at <code class=\"language-text\">MainActivity.smali</code>, which roughly decompiles into the following.</p>\n<div class=\"gatsby-highlight\" data-language=\"java\"><pre class=\"language-java\"><code class=\"language-java\"><span class=\"token keyword\">public</span> <span class=\"token keyword\">class</span> <span class=\"token class-name\"><span class=\"token namespace\">com<span class=\"token punctuation\">.</span>example<span class=\"token punctuation\">.</span>open_sesame<span class=\"token punctuation\">.</span></span>MainActivity</span> <span class=\"token keyword\">extends</span> <span class=\"token class-name\"><span class=\"token namespace\">androidx<span class=\"token punctuation\">.</span>appcompat<span class=\"token punctuation\">.</span>app<span class=\"token punctuation\">.</span></span>AppCompatActivity</span> <span class=\"token punctuation\">{</span>\n <span class=\"token comment\">/* .source \"MainActivity.java\" */</span>\n <span class=\"token comment\">/* # static fields */</span>\n <span class=\"token keyword\">private</span> <span class=\"token keyword\">static</span> <span class=\"token keyword\">final</span> valid_password<span class=\"token punctuation\">;</span>\n <span class=\"token keyword\">private</span> <span class=\"token keyword\">static</span> <span class=\"token keyword\">final</span> <span class=\"token class-name\"><span class=\"token namespace\">java<span class=\"token punctuation\">.</span>lang<span class=\"token punctuation\">.</span></span>String</span> valid_user<span class=\"token punctuation\">;</span>\n <span class=\"token comment\">/* # instance fields */</span>\n <span class=\"token keyword\">private</span> <span class=\"token class-name\"><span class=\"token namespace\">android<span class=\"token punctuation\">.</span>widget<span class=\"token punctuation\">.</span></span>Button</span> buttonLogin<span class=\"token punctuation\">;</span>\n <span class=\"token keyword\">private</span> <span class=\"token class-name\"><span class=\"token namespace\">android<span class=\"token punctuation\">.</span>widget<span class=\"token punctuation\">.</span></span>EditText</span> editTextPassword<span class=\"token punctuation\">;</span>\n <span class=\"token keyword\">private</span> <span class=\"token class-name\"><span class=\"token namespace\">android<span class=\"token punctuation\">.</span>widget<span class=\"token punctuation\">.</span></span>EditText</span> editTextUsername<span class=\"token punctuation\">;</span>\n <span class=\"token comment\">/* # direct methods */</span>\n <span class=\"token keyword\">static</span> <span class=\"token class-name\"><span class=\"token namespace\">com<span class=\"token punctuation\">.</span>example<span class=\"token punctuation\">.</span>open_sesame<span class=\"token punctuation\">.</span></span>MainActivity</span> <span class=\"token punctuation\">(</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">{</span>\n <span class=\"token comment\">/* .locals 1 */</span>\n <span class=\"token keyword\">int</span> v0 <span class=\"token operator\">=</span> <span class=\"token number\">7</span><span class=\"token punctuation\">;</span> <span class=\"token comment\">// const/4 v0, 0x7</span>\n <span class=\"token comment\">/* new-array v0, v0, [I */</span>\n <span class=\"token comment\">/* fill-array-data v0, :array_0 */</span>\n <span class=\"token keyword\">return</span><span class=\"token punctuation\">;</span>\n <span class=\"token comment\">/* nop */</span>\n <span class=\"token comment\">/* :array_0 */</span>\n <span class=\"token comment\">/* .array-data 4 */</span>\n <span class=\"token comment\">/* 0x34 */</span>\n <span class=\"token comment\">/* 0x6c */</span>\n <span class=\"token comment\">/* 0x31 */</span>\n <span class=\"token comment\">/* 0x62 */</span>\n <span class=\"token comment\">/* 0x61 */</span>\n <span class=\"token comment\">/* 0x62 */</span>\n <span class=\"token comment\">/* 0x61 */</span>\n <span class=\"token punctuation\">}</span> <span class=\"token comment\">// .end array-data</span>\n<span class=\"token punctuation\">}</span> <span class=\"token comment\">// .end method</span>\n<span class=\"token keyword\">public</span> <span class=\"token class-name\"><span class=\"token namespace\">com<span class=\"token punctuation\">.</span>example<span class=\"token punctuation\">.</span>open_sesame<span class=\"token punctuation\">.</span></span>MainActivity</span> <span class=\"token punctuation\">(</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">{</span>\n <span class=\"token comment\">/* .locals 0 */</span>\n <span class=\"token comment\">/* .line 11 */</span>\n <span class=\"token comment\">/* invoke-direct {p0}, Landroidx/appcompat/app/AppCompatActivity;->&lt;init>()V */</span>\n <span class=\"token keyword\">return</span><span class=\"token punctuation\">;</span>\n<span class=\"token punctuation\">}</span> <span class=\"token comment\">// .end method</span>\n<span class=\"token keyword\">static</span> <span class=\"token keyword\">void</span> access$<span class=\"token number\">000</span> <span class=\"token punctuation\">(</span> <span class=\"token class-name\"><span class=\"token namespace\">com<span class=\"token punctuation\">.</span>example<span class=\"token punctuation\">.</span>open_sesame<span class=\"token punctuation\">.</span></span>MainActivity</span> p0 <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">{</span> <span class=\"token comment\">//synthethic</span>\n <span class=\"token comment\">/* .locals 0 */</span>\n <span class=\"token comment\">/* .line 11 */</span>\n <span class=\"token comment\">/* invoke-direct {p0}, Lcom/example/open_sesame/MainActivity;->validateCredentials()V */</span>\n <span class=\"token keyword\">return</span><span class=\"token punctuation\">;</span>\n<span class=\"token punctuation\">}</span> <span class=\"token comment\">// .end method</span>\n\n<span class=\"token keyword\">private</span> <span class=\"token class-name\"><span class=\"token namespace\">java<span class=\"token punctuation\">.</span>lang<span class=\"token punctuation\">.</span></span>String</span> flag <span class=\"token punctuation\">(</span> <span class=\"token class-name\"><span class=\"token namespace\">java<span class=\"token punctuation\">.</span>lang<span class=\"token punctuation\">.</span></span>String</span> p0<span class=\"token punctuation\">,</span> <span class=\"token class-name\"><span class=\"token namespace\">java<span class=\"token punctuation\">.</span>lang<span class=\"token punctuation\">.</span></span>String</span> p1 <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">{</span>\n <span class=\"token comment\">/* .locals 4 */</span>\n <span class=\"token comment\">/* .line 91 */</span>\n <span class=\"token comment\">/* new-instance v0, Ljava/lang/StringBuilder; */</span>\n <span class=\"token comment\">/* invoke-direct {v0}, Ljava/lang/StringBuilder;->&lt;init>()V */</span>\n <span class=\"token keyword\">int</span> v1 <span class=\"token operator\">=</span> <span class=\"token number\">0</span><span class=\"token punctuation\">;</span> <span class=\"token comment\">// const/4 v1, 0x0</span>\n <span class=\"token comment\">/* .line 92 */</span>\n<span class=\"token punctuation\">}</span> <span class=\"token comment\">// :goto_0</span>\n\nv2 <span class=\"token operator\">=</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span> <span class=\"token class-name\"><span class=\"token namespace\">java<span class=\"token punctuation\">.</span>lang<span class=\"token punctuation\">.</span></span>String</span> <span class=\"token punctuation\">)</span> p2 <span class=\"token punctuation\">)</span><span class=\"token punctuation\">.</span>length <span class=\"token punctuation\">(</span> <span class=\"token punctuation\">)</span><span class=\"token punctuation\">;</span> <span class=\"token comment\">// invoke-virtual {p2}, Ljava/lang/String;->length()I</span>\n<span class=\"token comment\">/* if-ge v1, v2, :cond_0 */</span>\n<span class=\"token comment\">/* .line 93 */</span>\nv2 <span class=\"token operator\">=</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span> <span class=\"token class-name\"><span class=\"token namespace\">java<span class=\"token punctuation\">.</span>lang<span class=\"token punctuation\">.</span></span>String</span> <span class=\"token punctuation\">)</span> p2 <span class=\"token punctuation\">)</span><span class=\"token punctuation\">.</span>charAt <span class=\"token punctuation\">(</span> v1 <span class=\"token punctuation\">)</span><span class=\"token punctuation\">;</span> <span class=\"token comment\">// invoke-virtual {p2, v1}, Ljava/lang/String;->charAt(I)C</span>\nv3 <span class=\"token operator\">=</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span> <span class=\"token class-name\"><span class=\"token namespace\">java<span class=\"token punctuation\">.</span>lang<span class=\"token punctuation\">.</span></span>String</span> <span class=\"token punctuation\">)</span> p1 <span class=\"token punctuation\">)</span><span class=\"token punctuation\">.</span>length <span class=\"token punctuation\">(</span> <span class=\"token punctuation\">)</span><span class=\"token punctuation\">;</span> <span class=\"token comment\">// invoke-virtual {p1}, Ljava/lang/String;->length()I</span>\n<span class=\"token comment\">/* rem-int v3, v1, v3 */</span>\nv3 <span class=\"token operator\">=</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span> <span class=\"token class-name\"><span class=\"token namespace\">java<span class=\"token punctuation\">.</span>lang<span class=\"token punctuation\">.</span></span>String</span> <span class=\"token punctuation\">)</span> p1 <span class=\"token punctuation\">)</span><span class=\"token punctuation\">.</span>charAt <span class=\"token punctuation\">(</span> v3 <span class=\"token punctuation\">)</span><span class=\"token punctuation\">;</span> <span class=\"token comment\">// invoke-virtual {p1, v3}, Ljava/lang/String;->charAt(I)C</span>\n<span class=\"token comment\">/* xor-int/2addr v2, v3 */</span>\n<span class=\"token comment\">/* int-to-char v2, v2 */</span>\n<span class=\"token comment\">/* .line 94 */</span>\n<span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span> <span class=\"token class-name\"><span class=\"token namespace\">java<span class=\"token punctuation\">.</span>lang<span class=\"token punctuation\">.</span></span>StringBuilder</span> <span class=\"token punctuation\">)</span> v0 <span class=\"token punctuation\">)</span><span class=\"token punctuation\">.</span>append <span class=\"token punctuation\">(</span> v2 <span class=\"token punctuation\">)</span><span class=\"token punctuation\">;</span> <span class=\"token comment\">// invoke-virtual {v0, v2}, Ljava/lang/StringBuilder;->append(C)Ljava/lang/StringBuilder;</span>\n<span class=\"token comment\">/* add-int/lit8 v1, v1, 0x1 */</span>\n<span class=\"token comment\">/* .line 96 */</span>\n<span class=\"token punctuation\">}</span> <span class=\"token comment\">// :cond_0</span>\n<span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span> <span class=\"token class-name\"><span class=\"token namespace\">java<span class=\"token punctuation\">.</span>lang<span class=\"token punctuation\">.</span></span>StringBuilder</span> <span class=\"token punctuation\">)</span> v0 <span class=\"token punctuation\">)</span><span class=\"token punctuation\">.</span>toString <span class=\"token punctuation\">(</span> <span class=\"token punctuation\">)</span><span class=\"token punctuation\">;</span> <span class=\"token comment\">// invoke-virtual {v0}, Ljava/lang/StringBuilder;->toString()Ljava/lang/String;</span>\n<span class=\"token punctuation\">}</span> <span class=\"token comment\">// .end method</span>\n<span class=\"token keyword\">private</span> it4chi <span class=\"token punctuation\">(</span> <span class=\"token class-name\"><span class=\"token namespace\">java<span class=\"token punctuation\">.</span>lang<span class=\"token punctuation\">.</span></span>String</span> p0 <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">{</span>\n<span class=\"token comment\">/* .locals 3 */</span>\n<span class=\"token comment\">/* .line 68 */</span>\nv0 <span class=\"token operator\">=</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span> <span class=\"token class-name\"><span class=\"token namespace\">java<span class=\"token punctuation\">.</span>lang<span class=\"token punctuation\">.</span></span>String</span> <span class=\"token punctuation\">)</span> p1 <span class=\"token punctuation\">)</span><span class=\"token punctuation\">.</span>length <span class=\"token punctuation\">(</span> <span class=\"token punctuation\">)</span><span class=\"token punctuation\">;</span> <span class=\"token comment\">// invoke-virtual {p1}, Ljava/lang/String;->length()I</span>\n<span class=\"token comment\">/* new-array v0, v0, [I */</span>\n<span class=\"token keyword\">int</span> \nv1 <span class=\"token operator\">=</span> <span class=\"token number\">0</span><span class=\"token punctuation\">;</span> <span class=\"token comment\">// const/4 v1, 0x0</span>\n<span class=\"token comment\">/* .line 69 */</span>\n<span class=\"token punctuation\">}</span> <span class=\"token comment\">// :goto_0</span>\nv2 <span class=\"token operator\">=</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span> <span class=\"token class-name\"><span class=\"token namespace\">java<span class=\"token punctuation\">.</span>lang<span class=\"token punctuation\">.</span></span>String</span> <span class=\"token punctuation\">)</span> p1 <span class=\"token punctuation\">)</span><span class=\"token punctuation\">.</span>length <span class=\"token punctuation\">(</span> <span class=\"token punctuation\">)</span><span class=\"token punctuation\">;</span> <span class=\"token comment\">// invoke-virtual {p1}, Ljava/lang/String;->length()I</span>\n<span class=\"token comment\">/* if-ge v1, v2, :cond_0 */</span>\n<span class=\"token comment\">/* .line 70 */</span>\nv2 <span class=\"token operator\">=</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span> <span class=\"token class-name\"><span class=\"token namespace\">java<span class=\"token punctuation\">.</span>lang<span class=\"token punctuation\">.</span></span>String</span> <span class=\"token punctuation\">)</span> p1 <span class=\"token punctuation\">)</span><span class=\"token punctuation\">.</span>charAt <span class=\"token punctuation\">(</span> v1 <span class=\"token punctuation\">)</span><span class=\"token punctuation\">;</span> <span class=\"token comment\">// invoke-virtual {p1, v1}, Ljava/lang/String;->charAt(I)C</span>\n<span class=\"token comment\">/* aput v2, v0, v1 */</span>\n<span class=\"token comment\">/* add-int/lit8 v1, v1, 0x1 */</span>\n<span class=\"token punctuation\">}</span> <span class=\"token comment\">// :cond_0</span>\n<span class=\"token punctuation\">}</span> <span class=\"token comment\">// .end method</span>\n\n<span class=\"token keyword\">private</span> <span class=\"token class-name\">Boolean</span> n4ut1lus <span class=\"token punctuation\">(</span> <span class=\"token class-name\"><span class=\"token namespace\">java<span class=\"token punctuation\">.</span>lang<span class=\"token punctuation\">.</span></span>String</span> p0 <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">{</span>\n<span class=\"token comment\">/* .locals 4 */</span>\n<span class=\"token comment\">/* .line 54 */</span>\n<span class=\"token comment\">/* invoke-direct {p0, p1}, Lcom/example/open_sesame/MainActivity;->it4chi(Ljava/lang/String;)[I */</span>\n<span class=\"token comment\">/* .line 55 */</span>\n<span class=\"token comment\">/* array-length v0, p1 */</span>\nv1 <span class=\"token operator\">=</span> <span class=\"token class-name\"><span class=\"token namespace\">com<span class=\"token punctuation\">.</span>example<span class=\"token punctuation\">.</span>open_sesame<span class=\"token punctuation\">.</span></span>MainActivity</span><span class=\"token punctuation\">.</span>valid_password<span class=\"token punctuation\">;</span>\n<span class=\"token comment\">/* array-length v1, v1 */</span>\n<span class=\"token keyword\">int</span> v2 <span class=\"token operator\">=</span> <span class=\"token number\">0</span><span class=\"token punctuation\">;</span> <span class=\"token comment\">// const/4 v2, 0x0</span>\n<span class=\"token comment\">/* if-eq v0, v1, :cond_0 */</span>\n<span class=\"token punctuation\">}</span> <span class=\"token comment\">// :cond_0</span>\n\n\n<span class=\"token comment\">/* move v0, v2 */</span>\n<span class=\"token comment\">/* .line 59 */</span>\n<span class=\"token punctuation\">}</span> <span class=\"token comment\">// :goto_0</span>\n<span class=\"token comment\">/* array-length v1, p1 */</span>\n<span class=\"token comment\">/* if-ge v0, v1, :cond_2 */</span>\n<span class=\"token comment\">/* .line 60 */</span>\n<span class=\"token comment\">/* aget v1, p1, v0 */</span>\nv3 <span class=\"token operator\">=</span> <span class=\"token class-name\"><span class=\"token namespace\">com<span class=\"token punctuation\">.</span>example<span class=\"token punctuation\">.</span>open_sesame<span class=\"token punctuation\">.</span></span>MainActivity</span><span class=\"token punctuation\">.</span>valid_password<span class=\"token punctuation\">;</span>\n<span class=\"token comment\">/* aget v3, v3, v0 */</span>\n<span class=\"token comment\">/* if-eq v1, v3, :cond_1 */</span>\n<span class=\"token punctuation\">}</span> <span class=\"token comment\">// :cond_1</span>\n<span class=\"token comment\">/* add-int/lit8 v0, v0, 0x1 */</span>\n<span class=\"token punctuation\">}</span> <span class=\"token comment\">// :cond_2</span>\n<span class=\"token keyword\">int</span> p1 <span class=\"token operator\">=</span> <span class=\"token number\">1</span><span class=\"token punctuation\">;</span> <span class=\"token comment\">// const/4 p1, 0x1</span>\n<span class=\"token punctuation\">}</span> <span class=\"token comment\">// .end method</span>\n\n<span class=\"token keyword\">private</span> <span class=\"token class-name\"><span class=\"token namespace\">java<span class=\"token punctuation\">.</span>lang<span class=\"token punctuation\">.</span></span>String</span> sh4dy <span class=\"token punctuation\">(</span> <span class=\"token class-name\"><span class=\"token namespace\">java<span class=\"token punctuation\">.</span>lang<span class=\"token punctuation\">.</span></span>String</span> p0 <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">{</span>\n<span class=\"token comment\">/* .locals 4 */</span>\n<span class=\"token comment\">/* .line 76 */</span>\n<span class=\"token comment\">/* new-instance v0, Ljava/lang/StringBuilder; */</span>\n<span class=\"token comment\">/* invoke-direct {v0}, Ljava/lang/StringBuilder;->&lt;init>()V */</span>\n<span class=\"token keyword\">int</span> v1 <span class=\"token operator\">=</span> <span class=\"token number\">0</span><span class=\"token punctuation\">;</span> <span class=\"token comment\">// const/4 v1, 0x0</span>\n<span class=\"token comment\">/* .line 78 */</span>\n<span class=\"token punctuation\">}</span> <span class=\"token comment\">// :goto_0</span>\n\nv2 <span class=\"token operator\">=</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span> <span class=\"token class-name\"><span class=\"token namespace\">java<span class=\"token punctuation\">.</span>lang<span class=\"token punctuation\">.</span></span>String</span> <span class=\"token punctuation\">)</span> p1 <span class=\"token punctuation\">)</span><span class=\"token punctuation\">.</span>length <span class=\"token punctuation\">(</span> <span class=\"token punctuation\">)</span><span class=\"token punctuation\">;</span> <span class=\"token comment\">// invoke-virtual {p1}, Ljava/lang/String;->length()I</span>\n<span class=\"token comment\">/* if-ge v1, v2, :cond_1 */</span>\n<span class=\"token comment\">/* .line 79 */</span>\nv2 <span class=\"token operator\">=</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span> <span class=\"token class-name\"><span class=\"token namespace\">java<span class=\"token punctuation\">.</span>lang<span class=\"token punctuation\">.</span></span>String</span> <span class=\"token punctuation\">)</span> p1 <span class=\"token punctuation\">)</span><span class=\"token punctuation\">.</span>charAt <span class=\"token punctuation\">(</span> v1 <span class=\"token punctuation\">)</span><span class=\"token punctuation\">;</span> <span class=\"token comment\">// invoke-virtual {p1, v1}, Ljava/lang/String;->charAt(I)C</span>\n<span class=\"token comment\">/* .line 80 */</span>\nv3 <span class=\"token operator\">=</span> <span class=\"token class-name\"><span class=\"token namespace\">java<span class=\"token punctuation\">.</span>lang<span class=\"token punctuation\">.</span></span>Character</span> <span class=\"token punctuation\">.</span>isDigit <span class=\"token punctuation\">(</span> v2 <span class=\"token punctuation\">)</span><span class=\"token punctuation\">;</span>\n<span class=\"token keyword\">if</span> <span class=\"token punctuation\">(</span> v3 <span class=\"token operator\">!=</span> <span class=\"token keyword\">null</span><span class=\"token punctuation\">)</span> <span class=\"token punctuation\">{</span> <span class=\"token comment\">// if-eqz v3, :cond_0</span>\n<span class=\"token comment\">/* .line 81 */</span>\n<span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span> <span class=\"token class-name\"><span class=\"token namespace\">java<span class=\"token punctuation\">.</span>lang<span class=\"token punctuation\">.</span></span>StringBuilder</span> <span class=\"token punctuation\">)</span> v0 <span class=\"token punctuation\">)</span><span class=\"token punctuation\">.</span>append <span class=\"token punctuation\">(</span> v2 <span class=\"token punctuation\">)</span><span class=\"token punctuation\">;</span> <span class=\"token comment\">// invoke-virtual {v0, v2}, Ljava/lang/StringBuilder;->append(C)Ljava/lang/StringBuilder;</span>\n<span class=\"token punctuation\">}</span> <span class=\"token comment\">// :cond_0</span>\n<span class=\"token comment\">/* add-int/lit8 v1, v1, 0x1 */</span>\n<span class=\"token comment\">/* .line 84 */</span>\n<span class=\"token punctuation\">}</span> <span class=\"token comment\">// :cond_1</span>\n<span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span> <span class=\"token class-name\"><span class=\"token namespace\">java<span class=\"token punctuation\">.</span>lang<span class=\"token punctuation\">.</span></span>StringBuilder</span> <span class=\"token punctuation\">)</span> v0 <span class=\"token punctuation\">)</span><span class=\"token punctuation\">.</span>toString <span class=\"token punctuation\">(</span> <span class=\"token punctuation\">)</span><span class=\"token punctuation\">;</span> <span class=\"token comment\">// invoke-virtual {v0}, Ljava/lang/StringBuilder;->toString()Ljava/lang/String;</span>\n<span class=\"token punctuation\">}</span> <span class=\"token comment\">// .end method</span>\n<span class=\"token keyword\">private</span> <span class=\"token keyword\">void</span> showToast <span class=\"token punctuation\">(</span> <span class=\"token class-name\"><span class=\"token namespace\">java<span class=\"token punctuation\">.</span>lang<span class=\"token punctuation\">.</span></span>String</span> p0 <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">{</span>\n<span class=\"token comment\">/* .locals 1 */</span>\n<span class=\"token keyword\">int</span> v0 <span class=\"token operator\">=</span> <span class=\"token number\">0</span><span class=\"token punctuation\">;</span> <span class=\"token comment\">// const/4 v0, 0x0</span>\n<span class=\"token comment\">/* .line 100 */</span>\n<span class=\"token class-name\"><span class=\"token namespace\">android<span class=\"token punctuation\">.</span>widget<span class=\"token punctuation\">.</span></span>Toast</span> <span class=\"token punctuation\">.</span>makeText <span class=\"token punctuation\">(</span> p0<span class=\"token punctuation\">,</span>p1<span class=\"token punctuation\">,</span>v0 <span class=\"token punctuation\">)</span><span class=\"token punctuation\">;</span>\n<span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span> <span class=\"token class-name\"><span class=\"token namespace\">android<span class=\"token punctuation\">.</span>widget<span class=\"token punctuation\">.</span></span>Toast</span> <span class=\"token punctuation\">)</span> p1 <span class=\"token punctuation\">)</span><span class=\"token punctuation\">.</span>show <span class=\"token punctuation\">(</span> <span class=\"token punctuation\">)</span><span class=\"token punctuation\">;</span> <span class=\"token comment\">// invoke-virtual {p1}, Landroid/widget/Toast;->show()V</span>\n<span class=\"token keyword\">return</span><span class=\"token punctuation\">;</span>\n<span class=\"token punctuation\">}</span> <span class=\"token comment\">// .end method</span>\n<span class=\"token keyword\">private</span> <span class=\"token class-name\">Integer</span> sl4y3r <span class=\"token punctuation\">(</span> <span class=\"token class-name\"><span class=\"token namespace\">java<span class=\"token punctuation\">.</span>lang<span class=\"token punctuation\">.</span></span>String</span> p0 <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">{</span>\n<span class=\"token comment\">/* .locals 0 */</span>\n<span class=\"token comment\">/* .line 87 */</span>\np1 <span class=\"token operator\">=</span> <span class=\"token class-name\"><span class=\"token namespace\">java<span class=\"token punctuation\">.</span>lang<span class=\"token punctuation\">.</span></span>Integer</span> <span class=\"token punctuation\">.</span>parseInt <span class=\"token punctuation\">(</span> p1 <span class=\"token punctuation\">)</span><span class=\"token punctuation\">;</span>\n<span class=\"token comment\">/* add-int/lit8 p1, p1, -0x1 */</span>\n<span class=\"token punctuation\">}</span> <span class=\"token comment\">// .end method</span>\n\n\n<span class=\"token keyword\">private</span> <span class=\"token keyword\">void</span> validateCredentials <span class=\"token punctuation\">(</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">{</span>\n<span class=\"token comment\">/* .locals 3 */</span>\nv0 <span class=\"token operator\">=</span> <span class=\"token keyword\">this</span><span class=\"token punctuation\">.</span>editTextUsername<span class=\"token punctuation\">;</span>\n<span class=\"token comment\">/* .line 38 */</span>\n<span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span> <span class=\"token class-name\"><span class=\"token namespace\">android<span class=\"token punctuation\">.</span>widget<span class=\"token punctuation\">.</span></span>EditText</span> <span class=\"token punctuation\">)</span> v0 <span class=\"token punctuation\">)</span><span class=\"token punctuation\">.</span>getText <span class=\"token punctuation\">(</span> <span class=\"token punctuation\">)</span><span class=\"token punctuation\">;</span> <span class=\"token comment\">// invoke-virtual {v0}, Landroid/widget/EditText;->getText()Landroid/text/Editable;</span>\n<span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span> <span class=\"token class-name\"><span class=\"token namespace\">java<span class=\"token punctuation\">.</span>lang<span class=\"token punctuation\">.</span></span>Object</span> <span class=\"token punctuation\">)</span> v0 <span class=\"token punctuation\">)</span><span class=\"token punctuation\">.</span>toString <span class=\"token punctuation\">(</span> <span class=\"token punctuation\">)</span><span class=\"token punctuation\">;</span> <span class=\"token comment\">// invoke-virtual {v0}, Ljava/lang/Object;->toString()Ljava/lang/String;</span>\n<span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span> <span class=\"token class-name\"><span class=\"token namespace\">java<span class=\"token punctuation\">.</span>lang<span class=\"token punctuation\">.</span></span>String</span> <span class=\"token punctuation\">)</span> v0 <span class=\"token punctuation\">)</span><span class=\"token punctuation\">.</span>trim <span class=\"token punctuation\">(</span> <span class=\"token punctuation\">)</span><span class=\"token punctuation\">;</span> <span class=\"token comment\">// invoke-virtual {v0}, Ljava/lang/String;->trim()Ljava/lang/String;</span>\n\nv1 <span class=\"token operator\">=</span> <span class=\"token keyword\">this</span><span class=\"token punctuation\">.</span>editTextPassword<span class=\"token punctuation\">;</span>\n<span class=\"token comment\">/* .line 39 */</span>\n<span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span> <span class=\"token class-name\"><span class=\"token namespace\">android<span class=\"token punctuation\">.</span>widget<span class=\"token punctuation\">.</span></span>EditText</span> <span class=\"token punctuation\">)</span> v1 <span class=\"token punctuation\">)</span><span class=\"token punctuation\">.</span>getText <span class=\"token punctuation\">(</span> <span class=\"token punctuation\">)</span><span class=\"token punctuation\">;</span> <span class=\"token comment\">// invoke-virtual {v1}, Landroid/widget/EditText;->getText()Landroid/text/Editable;</span>\n<span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span> <span class=\"token class-name\"><span class=\"token namespace\">java<span class=\"token punctuation\">.</span>lang<span class=\"token punctuation\">.</span></span>Object</span> <span class=\"token punctuation\">)</span> v1 <span class=\"token punctuation\">)</span><span class=\"token punctuation\">.</span>toString <span class=\"token punctuation\">(</span> <span class=\"token punctuation\">)</span><span class=\"token punctuation\">;</span> <span class=\"token comment\">// invoke-virtual {v1}, Ljava/lang/Object;->toString()Ljava/lang/String;</span>\n<span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span> <span class=\"token class-name\"><span class=\"token namespace\">java<span class=\"token punctuation\">.</span>lang<span class=\"token punctuation\">.</span></span>String</span> <span class=\"token punctuation\">)</span> v1 <span class=\"token punctuation\">)</span><span class=\"token punctuation\">.</span>trim <span class=\"token punctuation\">(</span> <span class=\"token punctuation\">)</span><span class=\"token punctuation\">;</span> <span class=\"token comment\">// invoke-virtual {v1}, Ljava/lang/String;->trim()Ljava/lang/String;</span>\n<span class=\"token keyword\">final</span> <span class=\"token class-name\">String</span> v2 <span class=\"token operator\">=</span> <span class=\"token string\">\"Jack Ma\"</span><span class=\"token punctuation\">;</span> <span class=\"token comment\">// const-string v2, \"Jack Ma\"</span>\n\n<span class=\"token comment\">/* .line 41 */</span>\nv0 <span class=\"token operator\">=</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span> <span class=\"token class-name\"><span class=\"token namespace\">java<span class=\"token punctuation\">.</span>lang<span class=\"token punctuation\">.</span></span>String</span> <span class=\"token punctuation\">)</span> v0 <span class=\"token punctuation\">)</span><span class=\"token punctuation\">.</span>equals <span class=\"token punctuation\">(</span> v2 <span class=\"token punctuation\">)</span><span class=\"token punctuation\">;</span> <span class=\"token comment\">// invoke-virtual {v0, v2}, Ljava/lang/String;->equals(Ljava/lang/Object;)Z</span>\n\n<span class=\"token keyword\">if</span> <span class=\"token punctuation\">(</span> v0 <span class=\"token operator\">!=</span> <span class=\"token keyword\">null</span><span class=\"token punctuation\">)</span> <span class=\"token punctuation\">{</span> <span class=\"token comment\">// if-eqz v0, :cond_0</span>\nv0 <span class=\"token operator\">=</span> <span class=\"token comment\">/* invoke-direct {p0, v1}, Lcom/example/open_sesame/MainActivity;->n4ut1lus(Ljava/lang/String;)Z */</span>\n<span class=\"token punctuation\">}</span>\n\n<span class=\"token keyword\">if</span> <span class=\"token punctuation\">(</span> v0 <span class=\"token operator\">!=</span> <span class=\"token keyword\">null</span><span class=\"token punctuation\">)</span> <span class=\"token punctuation\">{</span> <span class=\"token comment\">// if-eqz v0, :cond_0</span>\n<span class=\"token comment\">/* .line 42 */</span>\n<span class=\"token comment\">// Extract digits from 4l1baba?</span>\n<span class=\"token comment\">/* invoke-direct {p0, v1}, Lcom/example/open_sesame/MainActivity;->sh4dy(Ljava/lang/String;)Ljava/lang/String; */</span>\n<span class=\"token comment\">/* .line 43 */</span>\n\n\nv0 <span class=\"token operator\">=</span> <span class=\"token comment\">/* invoke-direct {p0, v0}, Lcom/example/open_sesame/MainActivity;->sl4y3r(Ljava/lang/String;)I */</span>\n<span class=\"token comment\">/* .line 45 */</span>\n\n<span class=\"token comment\">/* new-instance v1, Ljava/lang/StringBuilder; */</span>\n<span class=\"token keyword\">final</span> <span class=\"token class-name\">String</span> v2 <span class=\"token operator\">=</span> <span class=\"token string\">\"flag{\"</span><span class=\"token punctuation\">;</span> <span class=\"token comment\">// const-string v2, \"flag{\"</span>\n<span class=\"token comment\">/* invoke-direct {v1, v2}, Ljava/lang/StringBuilder;->&lt;init>(Ljava/lang/String;)V */</span>\n\n<span class=\"token class-name\"><span class=\"token namespace\">java<span class=\"token punctuation\">.</span>lang<span class=\"token punctuation\">.</span></span>Integer</span> <span class=\"token punctuation\">.</span>toString <span class=\"token punctuation\">(</span> v0 <span class=\"token punctuation\">)</span><span class=\"token punctuation\">;</span>\n<span class=\"token keyword\">final</span> <span class=\"token class-name\">String</span> v2 <span class=\"token operator\">=</span> <span class=\"token string\">\"U|]rURuoU^PoR_FDMo@X]uBUg\"</span><span class=\"token punctuation\">;</span> <span class=\"token comment\">// const-string v2, \"U|]rURuoU^PoR_FDMo@X]uBUg\"</span>\n\n\n<span class=\"token comment\">/* invoke-direct {p0, v0, v2}, Lcom/example/open_sesame/MainActivity;->flag(Ljava/lang/String;Ljava/lang/String;)Ljava/lang/String; */</span>\n<span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span> <span class=\"token class-name\"><span class=\"token namespace\">java<span class=\"token punctuation\">.</span>lang<span class=\"token punctuation\">.</span></span>StringBuilder</span> <span class=\"token punctuation\">)</span> v1 <span class=\"token punctuation\">)</span><span class=\"token punctuation\">.</span>append <span class=\"token punctuation\">(</span> v0 <span class=\"token punctuation\">)</span><span class=\"token punctuation\">;</span> <span class=\"token comment\">// invoke-virtual {v1, v0}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;</span>\n<span class=\"token keyword\">final</span> <span class=\"token class-name\">String</span> v1 <span class=\"token operator\">=</span> <span class=\"token string\">\"}\"</span><span class=\"token punctuation\">;</span> <span class=\"token comment\">// const-string v1, \"}\"</span>\n<span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span> <span class=\"token class-name\"><span class=\"token namespace\">java<span class=\"token punctuation\">.</span>lang<span class=\"token punctuation\">.</span></span>StringBuilder</span> <span class=\"token punctuation\">)</span> v0 <span class=\"token punctuation\">)</span><span class=\"token punctuation\">.</span>append <span class=\"token punctuation\">(</span> v1 <span class=\"token punctuation\">)</span><span class=\"token punctuation\">;</span> <span class=\"token comment\">// invoke-virtual {v0, v1}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;</span>\n<span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span> <span class=\"token class-name\"><span class=\"token namespace\">java<span class=\"token punctuation\">.</span>lang<span class=\"token punctuation\">.</span></span>StringBuilder</span> <span class=\"token punctuation\">)</span> v0 <span class=\"token punctuation\">)</span><span class=\"token punctuation\">.</span>toString <span class=\"token punctuation\">(</span> <span class=\"token punctuation\">)</span><span class=\"token punctuation\">;</span> <span class=\"token comment\">// invoke-virtual {v0}, Ljava/lang/StringBuilder;->toString()Ljava/lang/String;</span>\n<span class=\"token punctuation\">}</span> <span class=\"token comment\">// :cond_0</span>\n\n<span class=\"token keyword\">final</span> <span class=\"token class-name\">String</span> v0 <span class=\"token operator\">=</span> <span class=\"token string\">\"Invalid credentials.Please try again.\"</span><span class=\"token punctuation\">;</span> <span class=\"token comment\">// const-string v0, \"Invalid credentials.Please try again.\"</span>\n<span class=\"token comment\">/* .line 49 */</span>\n<span class=\"token comment\">/* invoke-direct {p0, v0}, Lcom/example/open_sesame/MainActivity;->showToast(Ljava/lang/String;)V */</span>\n<span class=\"token punctuation\">}</span> <span class=\"token comment\">// :goto_0</span>\n<span class=\"token keyword\">return</span><span class=\"token punctuation\">;</span>\n<span class=\"token punctuation\">}</span> <span class=\"token comment\">// .end method</span>\n<span class=\"token comment\">/* # virtual methods */</span>\n<span class=\"token keyword\">protected</span> <span class=\"token keyword\">void</span> onCreate <span class=\"token punctuation\">(</span> <span class=\"token class-name\"><span class=\"token namespace\">android<span class=\"token punctuation\">.</span>os<span class=\"token punctuation\">.</span></span>Bundle</span> p0 <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">{</span>\n<span class=\"token comment\">/* .locals 1 */</span>\n<span class=\"token comment\">/* .line 22 */</span>\n<span class=\"token comment\">/* invoke-super {p0, p1}, Landroidx/appcompat/app/AppCompatActivity;->&lt;init>(Landroid/os/Bundle;)V */</span>\n<span class=\"token comment\">/* .line 23 */</span>\n<span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span> <span class=\"token class-name\"><span class=\"token namespace\">com<span class=\"token punctuation\">.</span>example<span class=\"token punctuation\">.</span>open_sesame<span class=\"token punctuation\">.</span></span>MainActivity</span> <span class=\"token punctuation\">)</span> p0 <span class=\"token punctuation\">)</span><span class=\"token punctuation\">.</span>setContentView <span class=\"token punctuation\">(</span> p1 <span class=\"token punctuation\">)</span><span class=\"token punctuation\">;</span> <span class=\"token comment\">// invoke-virtual {p0, p1}, Lcom/example/open_sesame/MainActivity;->setContentView(I)V</span>\n<span class=\"token comment\">/* .line 25 */</span>\n<span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span> <span class=\"token class-name\"><span class=\"token namespace\">com<span class=\"token punctuation\">.</span>example<span class=\"token punctuation\">.</span>open_sesame<span class=\"token punctuation\">.</span></span>MainActivity</span> <span class=\"token punctuation\">)</span> p0 <span class=\"token punctuation\">)</span><span class=\"token punctuation\">.</span>findViewById <span class=\"token punctuation\">(</span> p1 <span class=\"token punctuation\">)</span><span class=\"token punctuation\">;</span> <span class=\"token comment\">// invoke-virtual {p0, p1}, Lcom/example/open_sesame/MainActivity;->findViewById(I)Landroid/view/View;</span>\n<span class=\"token comment\">/* check-cast p1, Landroid/widget/EditText; */</span>\n<span class=\"token keyword\">this</span><span class=\"token punctuation\">.</span>editTextUsername <span class=\"token operator\">=</span> p1<span class=\"token punctuation\">;</span>\n<span class=\"token comment\">/* .line 26 */</span>\n<span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span> <span class=\"token class-name\"><span class=\"token namespace\">com<span class=\"token punctuation\">.</span>example<span class=\"token punctuation\">.</span>open_sesame<span class=\"token punctuation\">.</span></span>MainActivity</span> <span class=\"token punctuation\">)</span> p0 <span class=\"token punctuation\">)</span><span class=\"token punctuation\">.</span>findViewById <span class=\"token punctuation\">(</span> p1 <span class=\"token punctuation\">)</span><span class=\"token punctuation\">;</span> <span class=\"token comment\">// invoke-virtual {p0, p1}, Lcom/example/open_sesame/MainActivity;->findViewById(I)Landroid/view/View;</span>\n<span class=\"token comment\">/* check-cast p1, Landroid/widget/EditText; */</span>\n<span class=\"token keyword\">this</span><span class=\"token punctuation\">.</span>editTextPassword <span class=\"token operator\">=</span> p1<span class=\"token punctuation\">;</span>\n<span class=\"token comment\">/* .line 27 */</span>\n<span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span> <span class=\"token class-name\"><span class=\"token namespace\">com<span class=\"token punctuation\">.</span>example<span class=\"token punctuation\">.</span>open_sesame<span class=\"token punctuation\">.</span></span>MainActivity</span> <span class=\"token punctuation\">)</span> p0 <span class=\"token punctuation\">)</span><span class=\"token punctuation\">.</span>findViewById <span class=\"token punctuation\">(</span> p1 <span class=\"token punctuation\">)</span><span class=\"token punctuation\">;</span> <span class=\"token comment\">// invoke-virtual {p0, p1}, Lcom/example/open_sesame/MainActivity;->findViewById(I)Landroid/view/View;</span>\n<span class=\"token comment\">/* check-cast p1, Landroid/widget/Button; */</span>\n<span class=\"token keyword\">this</span><span class=\"token punctuation\">.</span>buttonLogin <span class=\"token operator\">=</span> p1<span class=\"token punctuation\">;</span>\n<span class=\"token comment\">/* .line 29 */</span>\n<span class=\"token comment\">/* new-instance v0, Lcom/example/open_sesame/MainActivity$1; */</span>\n<span class=\"token comment\">/* invoke-direct {v0, p0}, Lcom/example/open_sesame/MainActivity$1;->&lt;init>(Lcom/example/open_sesame/MainActivity;)V */</span>\n<span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span> <span class=\"token class-name\"><span class=\"token namespace\">android<span class=\"token punctuation\">.</span>widget<span class=\"token punctuation\">.</span></span>Button</span> <span class=\"token punctuation\">)</span> p1 <span class=\"token punctuation\">)</span><span class=\"token punctuation\">.</span>setOnClickListener <span class=\"token punctuation\">(</span> v0 <span class=\"token punctuation\">)</span><span class=\"token punctuation\">;</span> <span class=\"token comment\">// invoke-virtual {p1, v0}, Landroid/widget/Button;->setOnClickListener(Landroid/view/View$OnClickListener;)V</span>\n<span class=\"token keyword\">return</span><span class=\"token punctuation\">;</span>\n<span class=\"token punctuation\">}</span> <span class=\"token comment\">// .end method</span></code></pre></div>\n<h2 id=\"secret-doorrev\" style=\"position:relative;\"><a href=\"#secret-doorrev\" aria-label=\"secret doorrev permalink\" class=\"anchor before\"><svg aria-hidden=\"true\" focusable=\"false\" height=\"16\" version=\"1.1\" viewBox=\"0 0 16 16\" width=\"16\"><path fill-rule=\"evenodd\" d=\"M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1.22 2 2.5S13.98 12 13 12H9c-.98 0-2-1.22-2-2.5 0-.83.42-1.64 1-2.09V6.25c-1.09.53-2 1.84-2 3.25C6 11.31 7.55 13 9 13h4c1.45 0 3-1.69 3-3.5S14.5 6 13 6z\"></path></svg></a>Secret Door(Rev)</h2>\n<blockquote>\n<p>Sorry to have lost the key of the secret Gate like this… But believe me there is a way if you follow the Right Path..</p>\n</blockquote>\n<p>When I analyzed the ELF file given as the challenge binary with Ghidra, I found that it checks whether it has received a 0x11-character string as a command-line argument.</p>\n<div class=\"gatsby-highlight\" data-language=\"c\"><pre class=\"language-c\"><code class=\"language-c\">local_20 <span class=\"token operator\">=</span> <span class=\"token operator\">*</span><span class=\"token punctuation\">(</span><span class=\"token keyword\">long</span> <span class=\"token operator\">*</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">(</span>in_FS_OFFSET <span class=\"token operator\">+</span> <span class=\"token number\">0x28</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">;</span>\n<span class=\"token keyword\">if</span> <span class=\"token punctuation\">(</span>param_1 <span class=\"token operator\">!=</span> <span class=\"token number\">2</span><span class=\"token punctuation\">)</span> <span class=\"token punctuation\">{</span>\nstd<span class=\"token operator\">::</span>operator<span class=\"token operator\">&lt;&lt;</span><span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span>basic_ostream <span class=\"token operator\">*</span><span class=\"token punctuation\">)</span>std<span class=\"token operator\">::</span>cout<span class=\"token punctuation\">,</span><span class=\"token string\">\"Just try to get the door\"</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">;</span>\n<span class=\"token comment\">/* WARNING: Subroutine does not return */</span>\n<span class=\"token function\">exit</span><span class=\"token punctuation\">(</span><span class=\"token number\">0</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">;</span>\n<span class=\"token punctuation\">}</span>\n\nsVar2 <span class=\"token operator\">=</span> <span class=\"token function\">strlen</span><span class=\"token punctuation\">(</span><span class=\"token operator\">*</span><span class=\"token punctuation\">(</span><span class=\"token keyword\">char</span> <span class=\"token operator\">*</span><span class=\"token operator\">*</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">(</span>param_2 <span class=\"token operator\">+</span> <span class=\"token number\">8</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">;</span>\n<span class=\"token keyword\">if</span> <span class=\"token punctuation\">(</span>sVar2 <span class=\"token operator\">!=</span> <span class=\"token number\">0x11</span><span class=\"token punctuation\">)</span> <span class=\"token punctuation\">{</span>\nstd<span class=\"token operator\">::</span>operator<span class=\"token operator\">&lt;&lt;</span><span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span>basic_ostream <span class=\"token operator\">*</span><span class=\"token punctuation\">)</span>std<span class=\"token operator\">::</span>cout<span class=\"token punctuation\">,</span><span class=\"token string\">\"that\\'s not even a door :p\"</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">;</span>\n<span class=\"token comment\">/* WARNING: Subroutine does not return */</span>\n<span class=\"token function\">exit</span><span class=\"token punctuation\">(</span><span class=\"token number\">0</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">;</span>\n<span class=\"token punctuation\">}</span></code></pre></div>\n<p>After passing that check, it then compares against a hardcoded string (<code class=\"language-text\">SeventeenChars!!!</code>) on the stack, and if it matches, reaches code like the following.</p>\n<div class=\"gatsby-highlight\" data-language=\"c\"><pre class=\"language-c\"><code class=\"language-c\">local_f4 <span class=\"token operator\">=</span> <span class=\"token number\">0</span><span class=\"token punctuation\">;</span>\nstd<span class=\"token operator\">::</span>__cxx11<span class=\"token operator\">::</span>basic_string<span class=\"token operator\">&lt;</span><span class=\"token keyword\">char</span><span class=\"token punctuation\">,</span>std<span class=\"token operator\">::</span>char_traits<span class=\"token operator\">&lt;</span><span class=\"token keyword\">char</span><span class=\"token operator\">></span><span class=\"token punctuation\">,</span>std<span class=\"token operator\">::</span>allocator<span class=\"token operator\">&lt;</span><span class=\"token keyword\">char</span><span class=\"token operator\">>></span><span class=\"token operator\">::</span><span class=\"token function\">basic_string</span><span class=\"token punctuation\">(</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">;</span>\nlocal_68 <span class=\"token operator\">=</span> <span class=\"token number\">0x42</span><span class=\"token punctuation\">;</span>\nlocal_64 <span class=\"token operator\">=</span> <span class=\"token number\">0x77</span><span class=\"token punctuation\">;</span>\nlocal_60 <span class=\"token operator\">=</span> <span class=\"token number\">0x65</span><span class=\"token punctuation\">;</span>\nlocal_5c <span class=\"token operator\">=</span> <span class=\"token number\">0x71</span><span class=\"token punctuation\">;</span>\nlocal_58 <span class=\"token operator\">=</span> <span class=\"token number\">0x7b</span><span class=\"token punctuation\">;</span>\nlocal_54 <span class=\"token operator\">=</span> <span class=\"token number\">0x62</span><span class=\"token punctuation\">;</span>\nlocal_50 <span class=\"token operator\">=</span> <span class=\"token number\">0x72</span><span class=\"token punctuation\">;</span>\nlocal_4c <span class=\"token operator\">=</span> <span class=\"token number\">0x7d</span><span class=\"token punctuation\">;</span>\nlocal_48 <span class=\"token operator\">=</span> <span class=\"token number\">0x77</span><span class=\"token punctuation\">;</span>\nlocal_44 <span class=\"token operator\">=</span> <span class=\"token number\">0x59</span><span class=\"token punctuation\">;</span>\nlocal_40 <span class=\"token operator\">=</span> <span class=\"token number\">0x73</span><span class=\"token punctuation\">;</span>\nlocal_3c <span class=\"token operator\">=</span> <span class=\"token number\">0x7d</span><span class=\"token punctuation\">;</span>\nlocal_38 <span class=\"token operator\">=</span> <span class=\"token number\">0x6f</span><span class=\"token punctuation\">;</span>\nlocal_34 <span class=\"token operator\">=</span> <span class=\"token number\">0x6d</span><span class=\"token punctuation\">;</span>\nlocal_30 <span class=\"token operator\">=</span> <span class=\"token number\">0x3e</span><span class=\"token punctuation\">;</span>\nlocal_2c <span class=\"token operator\">=</span> <span class=\"token number\">1</span><span class=\"token punctuation\">;</span>\nlocal_28 <span class=\"token operator\">=</span> <span class=\"token number\">0</span><span class=\"token punctuation\">;</span>\n<span class=\"token keyword\">for</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">;</span> local_f4 <span class=\"token operator\">&lt;</span> <span class=\"token number\">0x11</span><span class=\"token punctuation\">;</span> local_f4 <span class=\"token operator\">=</span> local_f4 <span class=\"token operator\">+</span> <span class=\"token number\">1</span><span class=\"token punctuation\">)</span> <span class=\"token punctuation\">{</span>\n                <span class=\"token comment\">/* try { // try from 00102fa1 to 00102fa5 has its CatchHandler @ 00103183 */</span>\n                <span class=\"token comment\">/* } // end try from 00102fa1 to 00102fa5 */</span>\nstd<span class=\"token operator\">::</span>__cxx11<span class=\"token operator\">::</span>basic_string<span class=\"token operator\">&lt;</span><span class=\"token keyword\">char</span><span class=\"token punctuation\">,</span>std<span class=\"token operator\">::</span>char_traits<span class=\"token operator\">&lt;</span><span class=\"token keyword\">char</span><span class=\"token operator\">></span><span class=\"token punctuation\">,</span>std<span class=\"token operator\">::</span>allocator<span class=\"token operator\">&lt;</span><span class=\"token keyword\">char</span><span class=\"token operator\">>></span><span class=\"token operator\">::</span><span class=\"token function\">push_back</span>\n          <span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span><span class=\"token keyword\">char</span><span class=\"token punctuation\">)</span>local_e8<span class=\"token punctuation\">)</span><span class=\"token punctuation\">;</span>\n<span class=\"token punctuation\">}</span>\nstd<span class=\"token operator\">::</span>allocator<span class=\"token operator\">&lt;</span><span class=\"token keyword\">char</span><span class=\"token operator\">></span><span class=\"token operator\">::</span><span class=\"token function\">allocator</span><span class=\"token punctuation\">(</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">;</span>\n                <span class=\"token comment\">/* try { // try from 00102fe0 to 00102fe4 has its CatchHandler @ 00103126 */</span>\n                <span class=\"token comment\">/* } // end try from 00102fe0 to 00102fe4 */</span>\nstd<span class=\"token operator\">::</span>__cxx11<span class=\"token operator\">::</span>basic_string<span class=\"token operator\">&lt;</span><span class=\"token keyword\">char</span><span class=\"token punctuation\">,</span>std<span class=\"token operator\">::</span>char_traits<span class=\"token operator\">&lt;</span><span class=\"token keyword\">char</span><span class=\"token operator\">></span><span class=\"token punctuation\">,</span>std<span class=\"token operator\">::</span>allocator<span class=\"token operator\">&lt;</span><span class=\"token keyword\">char</span><span class=\"token operator\">>></span><span class=\"token operator\">::</span>\nbasic_string<span class=\"token operator\">&lt;</span>std<span class=\"token operator\">::</span>allocator<span class=\"token operator\">&lt;</span><span class=\"token keyword\">char</span><span class=\"token operator\">>></span><span class=\"token punctuation\">(</span>local_c8<span class=\"token punctuation\">,</span><span class=\"token string\">\"ThatsHardcoded!!!\"</span><span class=\"token punctuation\">,</span><span class=\"token operator\">&amp;</span>local_f5<span class=\"token punctuation\">)</span><span class=\"token punctuation\">;</span>\nstd<span class=\"token operator\">::</span>allocator<span class=\"token operator\">&lt;</span><span class=\"token keyword\">char</span><span class=\"token operator\">></span><span class=\"token operator\">::</span><span class=\"token operator\">~</span><span class=\"token function\">allocator</span><span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span>allocator<span class=\"token operator\">&lt;</span><span class=\"token keyword\">char</span><span class=\"token operator\">></span> <span class=\"token operator\">*</span><span class=\"token punctuation\">)</span>local_f5<span class=\"token punctuation\">)</span><span class=\"token punctuation\">;</span>\n                <span class=\"token comment\">/* try { // try from 00103005 to 00103009 has its CatchHandler @ 0010316b */</span>\n                <span class=\"token comment\">/* } // end try from 00103005 to 00103009 */</span>\nstd<span class=\"token operator\">::</span>__cxx11<span class=\"token operator\">::</span>basic_string<span class=\"token operator\">&lt;</span><span class=\"token keyword\">char</span><span class=\"token punctuation\">,</span>std<span class=\"token operator\">::</span>char_traits<span class=\"token operator\">&lt;</span><span class=\"token keyword\">char</span><span class=\"token operator\">></span><span class=\"token punctuation\">,</span>std<span class=\"token operator\">::</span>allocator<span class=\"token operator\">&lt;</span><span class=\"token keyword\">char</span><span class=\"token operator\">>></span><span class=\"token operator\">::</span><span class=\"token function\">basic_string</span>\n        <span class=\"token punctuation\">(</span>local_88<span class=\"token punctuation\">)</span><span class=\"token punctuation\">;</span>\n                <span class=\"token comment\">/* try { // try from 0010301e to 00103022 has its CatchHandler @ 00103156 */</span>\n                <span class=\"token comment\">/* } // end try from 0010301e to 00103022 */</span>\nstd<span class=\"token operator\">::</span>__cxx11<span class=\"token operator\">::</span>basic_string<span class=\"token operator\">&lt;</span><span class=\"token keyword\">char</span><span class=\"token punctuation\">,</span>std<span class=\"token operator\">::</span>char_traits<span class=\"token operator\">&lt;</span><span class=\"token keyword\">char</span><span class=\"token operator\">></span><span class=\"token punctuation\">,</span>std<span class=\"token operator\">::</span>allocator<span class=\"token operator\">&lt;</span><span class=\"token keyword\">char</span><span class=\"token operator\">>></span><span class=\"token operator\">::</span><span class=\"token function\">basic_string</span>\n        <span class=\"token punctuation\">(</span>local_a8<span class=\"token punctuation\">)</span><span class=\"token punctuation\">;</span>\n                <span class=\"token comment\">/* try { // try from 00103034 to 00103038 has its CatchHandler @ 0010313e */</span>\n                <span class=\"token comment\">/* } // end try from 00103034 to 00103038 */</span>\n<span class=\"token function\">func_5</span><span class=\"token punctuation\">(</span><span class=\"token function\">SUB81</span><span class=\"token punctuation\">(</span>local_a8<span class=\"token punctuation\">,</span><span class=\"token number\">0</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">,</span><span class=\"token function\">SUB81</span><span class=\"token punctuation\">(</span>local_88<span class=\"token punctuation\">,</span><span class=\"token number\">0</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">;</span>\nstd<span class=\"token operator\">::</span>__cxx11<span class=\"token operator\">::</span>basic_string<span class=\"token operator\">&lt;</span><span class=\"token keyword\">char</span><span class=\"token punctuation\">,</span>std<span class=\"token operator\">::</span>char_traits<span class=\"token operator\">&lt;</span><span class=\"token keyword\">char</span><span class=\"token operator\">></span><span class=\"token punctuation\">,</span>std<span class=\"token operator\">::</span>allocator<span class=\"token operator\">&lt;</span><span class=\"token keyword\">char</span><span class=\"token operator\">>></span><span class=\"token operator\">::</span><span class=\"token operator\">~</span><span class=\"token function\">basic_string</span>\n        <span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span>basic_string<span class=\"token operator\">&lt;</span><span class=\"token keyword\">char</span><span class=\"token punctuation\">,</span>std<span class=\"token operator\">::</span>char_traits<span class=\"token operator\">&lt;</span><span class=\"token keyword\">char</span><span class=\"token operator\">></span><span class=\"token punctuation\">,</span>std<span class=\"token operator\">::</span>allocator<span class=\"token operator\">&lt;</span><span class=\"token keyword\">char</span><span class=\"token operator\">>></span> <span class=\"token operator\">*</span><span class=\"token punctuation\">)</span>local_a8<span class=\"token punctuation\">)</span><span class=\"token punctuation\">;</span>\nstd<span class=\"token operator\">::</span>__cxx11<span class=\"token operator\">::</span>basic_string<span class=\"token operator\">&lt;</span><span class=\"token keyword\">char</span><span class=\"token punctuation\">,</span>std<span class=\"token operator\">::</span>char_traits<span class=\"token operator\">&lt;</span><span class=\"token keyword\">char</span><span class=\"token operator\">></span><span class=\"token punctuation\">,</span>std<span class=\"token operator\">::</span>allocator<span class=\"token operator\">&lt;</span><span class=\"token keyword\">char</span><span class=\"token operator\">>></span><span class=\"token operator\">::</span><span class=\"token operator\">~</span><span class=\"token function\">basic_string</span>\n        <span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span>basic_string<span class=\"token operator\">&lt;</span><span class=\"token keyword\">char</span><span class=\"token punctuation\">,</span>std<span class=\"token operator\">::</span>char_traits<span class=\"token operator\">&lt;</span><span class=\"token keyword\">char</span><span class=\"token operator\">></span><span class=\"token punctuation\">,</span>std<span class=\"token operator\">::</span>allocator<span class=\"token operator\">&lt;</span><span class=\"token keyword\">char</span><span class=\"token operator\">>></span> <span class=\"token operator\">*</span><span class=\"token punctuation\">)</span>local_88<span class=\"token punctuation\">)</span><span class=\"token punctuation\">;</span>\n                <span class=\"token comment\">/* try { // try from 00103059 to 001030ed has its CatchHandler @ 0010316b */</span>\nlocal_f0 <span class=\"token operator\">=</span> <span class=\"token punctuation\">(</span><span class=\"token keyword\">int</span> <span class=\"token operator\">*</span><span class=\"token punctuation\">)</span>operator<span class=\"token punctuation\">.</span>new<span class=\"token punctuation\">[</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">(</span><span class=\"token number\">0x44</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">;</span>\npiVar3 <span class=\"token operator\">=</span> <span class=\"token punctuation\">(</span><span class=\"token keyword\">int</span> <span class=\"token operator\">*</span><span class=\"token punctuation\">)</span><span class=\"token function\">func_4</span><span class=\"token punctuation\">(</span>local_e8<span class=\"token punctuation\">,</span><span class=\"token operator\">*</span><span class=\"token punctuation\">(</span><span class=\"token keyword\">char</span> <span class=\"token operator\">*</span><span class=\"token operator\">*</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">(</span>param_2 <span class=\"token operator\">+</span> <span class=\"token number\">8</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">;</span>\nlocal_f0 <span class=\"token operator\">=</span> <span class=\"token punctuation\">(</span><span class=\"token keyword\">int</span> <span class=\"token operator\">*</span><span class=\"token punctuation\">)</span><span class=\"token function\">func_3</span><span class=\"token punctuation\">(</span>piVar3<span class=\"token punctuation\">,</span><span class=\"token punctuation\">(</span>basic_string <span class=\"token operator\">*</span><span class=\"token punctuation\">)</span>local_c8<span class=\"token punctuation\">)</span><span class=\"token punctuation\">;</span>\ncVar1 <span class=\"token operator\">=</span> <span class=\"token function\">func_2</span><span class=\"token punctuation\">(</span>local_f0<span class=\"token punctuation\">)</span><span class=\"token punctuation\">;</span>\n<span class=\"token keyword\">if</span> <span class=\"token punctuation\">(</span>cVar1 <span class=\"token operator\">==</span> <span class=\"token char\">'\\0'</span><span class=\"token punctuation\">)</span> <span class=\"token punctuation\">{</span>\n    <span class=\"token function\">func_1</span><span class=\"token punctuation\">(</span><span class=\"token operator\">*</span>local_f0<span class=\"token punctuation\">,</span>local_f0<span class=\"token punctuation\">[</span><span class=\"token number\">0x10</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">;</span>\n<span class=\"token punctuation\">}</span>\n<span class=\"token keyword\">else</span> <span class=\"token punctuation\">{</span>\n    <span class=\"token comment\">/* } // end try from 00103059 to 001030ed */</span>\n    std<span class=\"token operator\">::</span>operator<span class=\"token operator\">&lt;&lt;</span><span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span>basic_ostream <span class=\"token operator\">*</span><span class=\"token punctuation\">)</span>std<span class=\"token operator\">::</span>cout<span class=\"token punctuation\">,</span><span class=\"token string\">\"Wrong door\"</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">;</span>\n<span class=\"token punctuation\">}</span></code></pre></div>\n<p>In <code class=\"language-text\">func_1</code>, you can see that it reads <code class=\"language-text\">encoded.bin</code>, which was provided with the challenge, XOR-decrypts it with some key, and then saves it using the hardcoded filename <code class=\"language-text\">the_door.jpg</code>.</p>\n<div class=\"gatsby-highlight\" data-language=\"c\"><pre class=\"language-c\"><code class=\"language-c\">basic_string<span class=\"token operator\">&lt;</span>std<span class=\"token operator\">::</span>allocator<span class=\"token operator\">&lt;</span><span class=\"token keyword\">char</span><span class=\"token operator\">>></span><span class=\"token punctuation\">(</span>local_448<span class=\"token punctuation\">,</span><span class=\"token string\">\"encoded.bin\"</span><span class=\"token punctuation\">,</span>local_468<span class=\"token punctuation\">)</span><span class=\"token punctuation\">;</span>\nstd<span class=\"token operator\">::</span>allocator<span class=\"token operator\">&lt;</span><span class=\"token keyword\">char</span><span class=\"token operator\">></span><span class=\"token operator\">::</span><span class=\"token operator\">~</span><span class=\"token function\">allocator</span><span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span>allocator<span class=\"token operator\">&lt;</span><span class=\"token keyword\">char</span><span class=\"token operator\">></span> <span class=\"token operator\">*</span><span class=\"token punctuation\">)</span>local_468<span class=\"token punctuation\">)</span><span class=\"token punctuation\">;</span>\n            <span class=\"token comment\">/* try { // try from 0010276b to 0010276f has its CatchHandler @ 001029a5 */</span>\n            <span class=\"token comment\">/* } // end try from 0010276b to 0010276f */</span>\nstd<span class=\"token operator\">::</span>basic_ifstream<span class=\"token operator\">&lt;</span><span class=\"token keyword\">char</span><span class=\"token punctuation\">,</span>std<span class=\"token operator\">::</span>char_traits<span class=\"token operator\">&lt;</span><span class=\"token keyword\">char</span><span class=\"token operator\">>></span><span class=\"token operator\">::</span>basic_ifstream\n\n<span class=\"token operator\">*</span><span class=\"token operator\">*</span><span class=\"token operator\">*</span>\n\n<span class=\"token keyword\">for</span> <span class=\"token punctuation\">(</span>local_48c <span class=\"token operator\">=</span> <span class=\"token number\">0</span><span class=\"token punctuation\">;</span> <span class=\"token punctuation\">(</span><span class=\"token keyword\">int</span><span class=\"token punctuation\">)</span>local_48c <span class=\"token operator\">&lt;</span> <span class=\"token number\">0x16086</span><span class=\"token punctuation\">;</span> local_48c <span class=\"token operator\">=</span> local_48c <span class=\"token operator\">+</span> <span class=\"token number\">1</span><span class=\"token punctuation\">)</span> <span class=\"token punctuation\">{</span>\n<span class=\"token keyword\">if</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span>local_48c <span class=\"token operator\">&amp;</span> <span class=\"token number\">1</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">==</span> <span class=\"token number\">0</span><span class=\"token punctuation\">)</span> <span class=\"token punctuation\">{</span>\n  pbVar1 <span class=\"token operator\">=</span> <span class=\"token punctuation\">(</span>byte <span class=\"token operator\">*</span><span class=\"token punctuation\">)</span>std<span class=\"token operator\">::</span>vector<span class=\"token operator\">&lt;</span><span class=\"token keyword\">char</span><span class=\"token punctuation\">,</span>std<span class=\"token operator\">::</span>allocator<span class=\"token operator\">&lt;</span><span class=\"token keyword\">char</span><span class=\"token operator\">>></span><span class=\"token operator\">::</span>operator<span class=\"token punctuation\">[</span><span class=\"token punctuation\">]</span>\n                             <span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span>vector<span class=\"token operator\">&lt;</span><span class=\"token keyword\">char</span><span class=\"token punctuation\">,</span>std<span class=\"token operator\">::</span>allocator<span class=\"token operator\">&lt;</span><span class=\"token keyword\">char</span><span class=\"token operator\">>></span> <span class=\"token operator\">*</span><span class=\"token punctuation\">)</span>local_468<span class=\"token punctuation\">,</span>\n                              <span class=\"token punctuation\">(</span><span class=\"token keyword\">long</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">(</span><span class=\"token keyword\">int</span><span class=\"token punctuation\">)</span>local_48c<span class=\"token punctuation\">)</span><span class=\"token punctuation\">;</span>\n  <span class=\"token operator\">*</span>pbVar1 <span class=\"token operator\">=</span> <span class=\"token operator\">*</span>pbVar1 <span class=\"token operator\">^</span> <span class=\"token punctuation\">(</span>byte<span class=\"token punctuation\">)</span>param_1<span class=\"token punctuation\">;</span>\n<span class=\"token punctuation\">}</span>\n<span class=\"token keyword\">else</span> <span class=\"token punctuation\">{</span>\n  pbVar1 <span class=\"token operator\">=</span> <span class=\"token punctuation\">(</span>byte <span class=\"token operator\">*</span><span class=\"token punctuation\">)</span>std<span class=\"token operator\">::</span>vector<span class=\"token operator\">&lt;</span><span class=\"token keyword\">char</span><span class=\"token punctuation\">,</span>std<span class=\"token operator\">::</span>allocator<span class=\"token operator\">&lt;</span><span class=\"token keyword\">char</span><span class=\"token operator\">>></span><span class=\"token operator\">::</span>operator<span class=\"token punctuation\">[</span><span class=\"token punctuation\">]</span>\n                             <span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span>vector<span class=\"token operator\">&lt;</span><span class=\"token keyword\">char</span><span class=\"token punctuation\">,</span>std<span class=\"token operator\">::</span>allocator<span class=\"token operator\">&lt;</span><span class=\"token keyword\">char</span><span class=\"token operator\">>></span> <span class=\"token operator\">*</span><span class=\"token punctuation\">)</span>local_468<span class=\"token punctuation\">,</span>\n                              <span class=\"token punctuation\">(</span><span class=\"token keyword\">long</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">(</span><span class=\"token keyword\">int</span><span class=\"token punctuation\">)</span>local_48c<span class=\"token punctuation\">)</span><span class=\"token punctuation\">;</span>\n  <span class=\"token operator\">*</span>pbVar1 <span class=\"token operator\">=</span> <span class=\"token operator\">*</span>pbVar1 <span class=\"token operator\">^</span> <span class=\"token punctuation\">(</span>byte<span class=\"token punctuation\">)</span>param_2<span class=\"token punctuation\">;</span>\n<span class=\"token punctuation\">}</span>\n<span class=\"token punctuation\">}</span></code></pre></div>\n<p><span\n      class=\"gatsby-resp-image-wrapper\"\n      style=\"position: relative; display: block; margin-left: auto; margin-right: auto; max-width: 960px; \"\n    >\n      <a\n    class=\"gatsby-resp-image-link\"\n    href=\"/static/6e727837f684f6a503617ef6ce74f199/9040f/image-20231221222922130.png\"\n    style=\"display: block\"\n    target=\"_blank\"\n    rel=\"noopener\"\n  >\n    <span\n    class=\"gatsby-resp-image-background-image\"\n    style=\"padding-bottom: 34.166666666666664%; position: relative; bottom: 0; left: 0; background-image: url('data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABQAAAAHCAYAAAAIy204AAAACXBIWXMAAAsTAAALEwEAmpwYAAABf0lEQVQozyWS2W7bMBBF9f8/U7SF0SR1ADfJY/rapkAd1Imt1bJNiTspnY6cGVxwABJnFk7hvcdoh3cZayPaOKxzMM+kKRFzZLG6rnl5faXRll2jqfoLl0GhtMFlT1x8jhQhePpecTolRh2w4yjSBB/IKZNz/gBWNb/+/aaJJbtx0Z6d2fNuKkpb008dJ/EixkBbn+iPCWelysuIPiomiQlCSlceVVnxtnuTyiHGLMkzxgZ8mEhLE9LRYoX1jtEZjFQ0aC+xRvsRL4lscldNQtmXB94X4JIjCGxMGBPxXoBeYHm+Jite/B8+X1as1Iavas1quONm/M6tk9jfchMknu95aB7Z7re0c8/BdhyGI6XqqdSF2pxpbUvjW4pt/sun5gur7om1+8Fa3fGtE6i6ZxM3PPHIg+ineqbtWk7RCGhk34saQ3vUKJn5aAw2WIqUEiF8lK7HgB7kc4YsZ+Z8lnHIGPIkM5PPKrsjvfM0g6ORu6YNdPXyXrZENmTOE/8BJigSRgQxTrIAAAAASUVORK5CYII='); background-size: cover; display: block;\"\n  ></span>\n  <picture>\n          <source\n              srcset=\"/static/6e727837f684f6a503617ef6ce74f199/8ac56/image-20231221222922130.webp 240w,\n/static/6e727837f684f6a503617ef6ce74f199/d3be9/image-20231221222922130.webp 480w,\n/static/6e727837f684f6a503617ef6ce74f199/e46b2/image-20231221222922130.webp 960w,\n/static/6e727837f684f6a503617ef6ce74f199/f992d/image-20231221222922130.webp 1440w,\n/static/6e727837f684f6a503617ef6ce74f199/64e79/image-20231221222922130.webp 1613w\"\n              sizes=\"(max-width: 960px) 100vw, 960px\"\n              type=\"image/webp\"\n            />\n          <source\n            srcset=\"/static/6e727837f684f6a503617ef6ce74f199/8ff5a/image-20231221222922130.png 240w,\n/static/6e727837f684f6a503617ef6ce74f199/e85cb/image-20231221222922130.png 480w,\n/static/6e727837f684f6a503617ef6ce74f199/d9199/image-20231221222922130.png 960w,\n/static/6e727837f684f6a503617ef6ce74f199/07a9c/image-20231221222922130.png 1440w,\n/static/6e727837f684f6a503617ef6ce74f199/9040f/image-20231221222922130.png 1613w\"\n            sizes=\"(max-width: 960px) 100vw, 960px\"\n            type=\"image/png\"\n          />\n          <img\n            class=\"gatsby-resp-image-image\"\n            src=\"/static/6e727837f684f6a503617ef6ce74f199/d9199/image-20231221222922130.png\"\n            alt=\"image-20231221222922130\"\n            title=\"image-20231221222922130\"\n            loading=\"lazy\"\n            style=\"width:100%;height:100%;margin:0;vertical-align:middle;position:absolute;top:0;left:0;\"\n          />\n        </picture>\n  </a>\n    </span></p>\n<p>I could have identified the key through dynamic analysis, but since I knew the target file was a JPG, I decided to recover the key by XORing against the JPG magic number.</p>\n<p>This showed that <code class=\"language-text\">N!</code> was the correct key.</p>\n<p><span\n      class=\"gatsby-resp-image-wrapper\"\n      style=\"position: relative; display: block; margin-left: auto; margin-right: auto; max-width: 960px; \"\n    >\n      <a\n    class=\"gatsby-resp-image-link\"\n    href=\"/static/c681aec30eb62034ddfd2c79c7f94e04/26c3a/image-20231221223040271.png\"\n    style=\"display: block\"\n    target=\"_blank\"\n    rel=\"noopener\"\n  >\n    <span\n    class=\"gatsby-resp-image-background-image\"\n    style=\"padding-bottom: 46.666666666666664%; position: relative; bottom: 0; left: 0; background-image: url('data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABQAAAAJCAYAAAAywQxIAAAACXBIWXMAAAsTAAALEwEAmpwYAAABI0lEQVQoz4WS7W6DIBSGvf972l1sP5ZsyapVEb+qKAio715Ym7RJZ0mecAL4nCOcJO9OaLVEMwmIMY9zOWb4FO84C+7JGl3b4NK2aJsGXV1jICEOqHGEcw4N18KZRC0DjJ+h3YTRXOLc6Rq1LtH0FYrsjDLLUBcFBJFlGWNJKsa9lLCTwsfPCW/fKZJ9x7/DqAkzKzDThGWesSwLvPdY1xXbtv0RYpLmOb6KEsl2Ne6c74lCirxf8WoEsWWyjcmS/UColYr382z//lwUWht5EN7GY4X+tnhYYUgcOBTOFCoS7sxR/Ax/ZeTf9P3lRYXDAM3XtHxJTRzbwhPDdrEkxDbQdTBCYOaZQ+FKoU9TWLaNI4bygObHIYmvKqxkJ2Af7uyIX8kzu5uX8+lNAAAAAElFTkSuQmCC'); background-size: cover; display: block;\"\n  ></span>\n  <picture>\n          <source\n              srcset=\"/static/c681aec30eb62034ddfd2c79c7f94e04/8ac56/image-20231221223040271.webp 240w,\n/static/c681aec30eb62034ddfd2c79c7f94e04/d3be9/image-20231221223040271.webp 480w,\n/static/c681aec30eb62034ddfd2c79c7f94e04/e46b2/image-20231221223040271.webp 960w,\n/static/c681aec30eb62034ddfd2c79c7f94e04/f992d/image-20231221223040271.webp 1440w,\n/static/c681aec30eb62034ddfd2c79c7f94e04/854a9/image-20231221223040271.webp 1907w\"\n              sizes=\"(max-width: 960px) 100vw, 960px\"\n              type=\"image/webp\"\n            />\n          <source\n            srcset=\"/static/c681aec30eb62034ddfd2c79c7f94e04/8ff5a/image-20231221223040271.png 240w,\n/static/c681aec30eb62034ddfd2c79c7f94e04/e85cb/image-20231221223040271.png 480w,\n/static/c681aec30eb62034ddfd2c79c7f94e04/d9199/image-20231221223040271.png 960w,\n/static/c681aec30eb62034ddfd2c79c7f94e04/07a9c/image-20231221223040271.png 1440w,\n/static/c681aec30eb62034ddfd2c79c7f94e04/26c3a/image-20231221223040271.png 1907w\"\n            sizes=\"(max-width: 960px) 100vw, 960px\"\n            type=\"image/png\"\n          />\n          <img\n            class=\"gatsby-resp-image-image\"\n            src=\"/static/c681aec30eb62034ddfd2c79c7f94e04/d9199/image-20231221223040271.png\"\n            alt=\"image-20231221223040271\"\n            title=\"image-20231221223040271\"\n            loading=\"lazy\"\n            style=\"width:100%;height:100%;margin:0;vertical-align:middle;position:absolute;top:0;left:0;\"\n          />\n        </picture>\n  </a>\n    </span></p>\n<p>Decrypting the file with this key yielded the following image and the flag.</p>\n<p><span\n      class=\"gatsby-resp-image-wrapper\"\n      style=\"position: relative; display: block; margin-left: auto; margin-right: auto; max-width: 601px; \"\n    >\n      <a\n    class=\"gatsby-resp-image-link\"\n    href=\"/static/6113857d9666467acad40d9274e43ef2/d8f62/image-20231221223124119.png\"\n    style=\"display: block\"\n    target=\"_blank\"\n    rel=\"noopener\"\n  >\n    <span\n    class=\"gatsby-resp-image-background-image\"\n    style=\"padding-bottom: 100%; position: relative; bottom: 0; left: 0; background-image: url('data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABQAAAAUCAYAAACNiR0NAAAACXBIWXMAAAsTAAALEwEAmpwYAAACkElEQVQ4y5WUS08TURiGp7RQwOjSvYbfwI6w4hL+gCZQrtElQUIo/wEWJiYuMO5cGOPdGNSVCaTQgqWdmXbodHqhF6BYEjfSILSv7znTaokKzknfvmfOnO+Zb8755iiVSgWi1Wo1Kbv/+/rvEpPET/6da0ozsNkva7/m4wJg7exM9r8vL6PQ3Y3dwUHk+vqQ7+9HYWAAhaEhHPT0oLK4aIOq1T8SOA/8cSr73+7N4rGi4D61TD2q6yH1gDoaHrZjmMDFwFMbeLSwgE8MDHZegeb1Qm9vh97RgfC1q3jL8cPJSTvm0gzrwLJ/XgIjbV5kWlzIuilPiwS/43hpbMwZ8Ot8A9iGtMuFNIFpgjVvm8xwf9Qh8JDAjwzcJjBFt1yKdLW1Fa/pe75RZ2t46PdjhYFhtxuW4kJSQKmopxWv6EWfzxmwNDuLD9yQzevXYRIgJKARAl/QCyMN4H++cml6Gis3biLQ1QWDgB2lhXIh7PHYQJ9D4MHcHN4zcLOzE3G6QVic2ibwJa/zTl95n2soymOdAJW7rNUV5Cs/53jON+IMuMddFuWxwV21M7QV4gOe0XedZtgArhOo02OU8CCBT+lZx0D/At4IIL8Mze1BjOUjtOFtt4GNwm7alMbRphwfH8M+OKqonpzIfm5mRq7VmqhFUeB1BagnVOrWbTuGCQiIjK1/NcppPavmdrC0hLXeXqhTU0hOTMAcH8cOszLu3sFnHmU5btq/mmJZFoRM04RhGEgkEjC3w1ADARStJLZWV2F82UImpiMS3EBUjHNeMZeDmUyiXC5DVVXouo5SqQSlWCxC0zSEQiHEYjEJTqdTSBBQSOwgS09Fo1JWNII0YVneL+Tz8uGZTAbxeFxKwH8CKtERIdUec7AAAAAASUVORK5CYII='); background-size: cover; display: block;\"\n  ></span>\n  <picture>\n          <source\n              srcset=\"/static/6113857d9666467acad40d9274e43ef2/8ac56/image-20231221223124119.webp 240w,\n/static/6113857d9666467acad40d9274e43ef2/d3be9/image-20231221223124119.webp 480w,\n/static/6113857d9666467acad40d9274e43ef2/84ad9/image-20231221223124119.webp 601w\"\n              sizes=\"(max-width: 601px) 100vw, 601px\"\n              type=\"image/webp\"\n            />\n          <source\n            srcset=\"/static/6113857d9666467acad40d9274e43ef2/8ff5a/image-20231221223124119.png 240w,\n/static/6113857d9666467acad40d9274e43ef2/e85cb/image-20231221223124119.png 480w,\n/static/6113857d9666467acad40d9274e43ef2/d8f62/image-20231221223124119.png 601w\"\n            sizes=\"(max-width: 601px) 100vw, 601px\"\n            type=\"image/png\"\n          />\n          <img\n            class=\"gatsby-resp-image-image\"\n            src=\"/static/6113857d9666467acad40d9274e43ef2/d8f62/image-20231221223124119.png\"\n            alt=\"image-20231221223124119\"\n            title=\"image-20231221223124119\"\n            loading=\"lazy\"\n            style=\"width:100%;height:100%;margin:0;vertical-align:middle;position:absolute;top:0;left:0;\"\n          />\n        </picture>\n  </a>\n    </span></p>","fields":{"slug":"/ctf-backdoorctf-2023-en","tagSlugs":["/tag/ctf-en/","/tag/rev-en/","/tag/forensic-en/","/tag/english/"]},"frontmatter":{"date":"2023-12-21","description":"This is a writeup for Backdoor CTF 2023.","tags":["CTF (en)","Rev (en)","Forensic (en)","English"],"title":"Backdoor CTF 2023 Writeup","socialImage":{"publicURL":"/static/021d62f97c421012349a3a137805535e/ctf-backdoorctf-2023.png"}}}},"pageContext":{"slug":"/ctf-backdoorctf-2023-en"}},"staticQueryHashes":["251939775","401334301","825871152"]}