Darkcrackme
1. Main function- Being not waste of time, i saw pseudocode.
- Simple, we can see that username is "1_4m_th3_wh1t3r0s3". And "sub_4013F9" will do something with our username and password to check.
- Password is our flag.
2. Sub_4013F9
- According to the last function, i will rename the variable, 'a1' => 'username' and 'a2' => 'pass'; 'v5' => 'Ulen' and 'v4' => 'Plen'.
- We can see thar function have 3 condition.
- First, length of 'username' and 'pass' are less or equal 40.
- Second, ' Plen = (Ulen << 1) || (Ulen << 1) + 1' (it's mean: Plen = 36 or 37, because we already have Ulen).
- Last, ' Ulen + Plen = (Ulen + 8) ^ 0x2C ' => ' 18 + x = (18 + 8) ^ 0x2C = 54 ' => Plen = 36
- Depend on strcmp(s1, username), we know that 'sub_401291' (check_1) will changed our password to username.
3. Sub_401291 (Check_1)
- I had rename some variable depend in thier function.
- For each pair of char, we go through 'sub_4011A7' ('check_2') and receive 'pos_1', 'pos_2'
Sub_4011A7 (check_2)
- The function of 'check_2' is return a position of char ( 'pass[i]', 'pass[i + 1]' ) (pass_element) in 'Default_String'.
- Next, darkcrackme use 'sub_401201' (make_arr) to do something with 'pos_1', 'pos_2' and return 'arr_1', 'arr_2'.
Sub_401201 (make_arr)
- It's a simple math.
- And the last one on 'sub_401291', darkcrackme made an array 'nptr', collected from 'arr_1' and 'arr_2' and convert to long number 'v1'.
- Finally, ANS will be collected all 'v1' and became 's1' (aka '1_4m_th3_wh1t3r0s3')
4. In short
5. Solution
- For the solution, i just convert all character into binary, rebuild 'arr_1', 'arr_2' and 'find_pos' 'pos_1', 'pos_2' and make a 'pass'.
5. Flag is: infernoCTF{CvBsCxOwBsCfOiZvBsZsOiCvCfZvZkCnZhZv}
Where did he GO?
It's a simple reverse code, you just swap whole the string.
Flag is: infernoCTF{g0_Pr0gRaMM1ng_1s_Gr3At!!}
