 What's up everybody? This is a video write up for the challenge validator for 30 points in the reverse engineering category from TJCTF, the recent capture to flag competition. Challenge prompt is, I found a flag validation program. Do what you want with it. So we have a link here, we can download it. I'll hop over to the terminal and we can play with it. It is just simply noted as flag check. So I will save it as that market as executable because it sounds like this is a binary. In fact, it is so we can go ahead and run it. It says usage flag check flag. Okay, it needs an argument. We can say please sub. It says invalid flag. So I wanted to check out, okay, what is this doing? I'll check L trace with it. It says it's trying to work with strlen and that's not moving on anything following that. So I actually tried to do some spray and pray like actually brute force what a possible length could be. So what I did in that case was I did for I in range like one to 50. And then I would supply that in as some Python print like a multiplied by that I value so we could get a ton of input for it, etc, etc, etc. And we got one results over here that looks like length, I guess I don't know, we can actually echo the length that we're working with if we wanted to check it out, blah, blah, blah, blah, blah. One result here where it is testing what seems to be the flag here. TJCTF just call me as a sir God for something. And that, okay, it looks like to be length 43. So if you want to do more with this, and this is what I actually moved on to from this because I didn't get the full string in that output with string compare and L trace, I actually did try to run strings on it. But it is noting some of the strings in very cut up fashion. And it didn't seem to have the very end of the string like a curly brace. So I opened it up in Hopper as a disassembler. And I checked that out in YouTube CTF, validator, flag check, cool. You can actually go check out the main function, or string compare, whatever these things are, main, great, alt enter to reverse engineer it. And you can see a lot of the hex bytes in there. If you wanted to carve these out, you certainly could. In fact, I'll do that just to showcase it. Let's try and do some sublime text magic to just cut up the very end of these lines here. Cool. Control X to remove 0x. Don't want to remove those get all these new lines here. And then we can idle, go ahead and remove these to decode blah, blah, blah, hex. And that looks like our flag jumbled up. So that was very strange. And I wasn't sure why probably some endian thing that I we could go through and run p 32 on all these, if we particularly wanted to do some poem tools magic. And I tried that. And this will get us a bit of the flag, but note that there'd be something different that tripped up some people, I think when they were playing, and it certainly tripped me up. I'm sorry for this agony. I did not mean to have this suck so bad. Okay, we can run p 32 on 0x of these. And the end there note this. So we can just make this a little script. Get our shebang line going. And once we have the flag all set, we can just print that out. We can run it. And it says, Okay, to do CTF, just call me reverse God from now on, you could supply that and try and enter that as a flag, but it will be wrong. In fact, the program will even tell you that that is the wrong flag if we try to give that to flag check. And you can see that that is because when we ran L trace on it, it had a peculiar thing. It would actually just go ahead and tell us that the string that you're comparing this with has an interesting notion where that word reverse and lead speak is actually reversed. So that is the flag that you want to use. An interesting thing that I found when I tried to research some of this, if you wanted to give L trace a certain amount of string characters that it's willing to print out, you can supply an argument tack might like under like lowercase s. And you can display the amount of string size or the maximum string size that you want L trace to print out for you. So if we ran L trace with again, when we were brute forcing it and we didn't have any idea what it might have been, we know it's 43 now. But if we wanted to say, Okay, use like 1000 characters for a full on string notation, you can get the entire flag just by using that syntax. That's pretty handy. So that assembly disassembly code stuff that we saw on Hopper must be doing something to obviously go through some reversal with that portion of the flag. And we found that we tracked it down and we were able to handle it again with P 32 just looking at and string compare L trace. And that's an interesting thing. So there's that we can mark that challenge as complete. I want to give a special shout out to the people that support me on Patreon. You guys are phenomenal. Thank you so much for everything that you do. $1 a month on Patreon will give you a special shout out just like this at the end of every video. $5 a month on more on Patreon will give you early access to every video that I release on YouTube before it goes live. If you did like this video, you want to see more other CTF video write ups programming tutorials, other stuff that I do, please do like comment and subscribe. Join our Discord server link is in the description. It's a cool community of CTF players, programmers, hackers. So if you want to want to play a game with me or some other cool people, please do check that out. Hey, I'd love to see you on Patreon and I hope to see you in the next video. Thanks.