Difficulty
babyCategories
revDescription
This program asks for a password. If you enter the correct password, it grants you access.
Figure out what password the program expects by looking at its code.
Author
xnull
Service
Challenge has a remote instance.
Solution
When using a disassembler (here r2ghidra), we can see the flag:
ulong sym.check_password(char *arg1)
{
int64_t iVar1;
ulong uVar2;
ulong var_8h;
if (iVar1 == 0x20) {
if (*arg1 == 'd') {
if (arg1[1] == 'a') {
if (arg1[2] == 'c') {
if (arg1[3] == 'h') {
if (arg1[4] == '2') {
if (arg1[5] == '0') {
if (arg1[6] == '2') {
if (arg1[7] == '6') {
if (arg1[8] == '{') {
if (arg1[9] == 'p') {
if (arg1[10] == '4') {
if (arg1[0xb] == 's') {
if (arg1[0xc] == 's') {
if (arg1[0xd] == 'w') {
if (arg1[0xe] == '0') {
if (arg1[0xf] == 'r') {
if (arg1[0x10] == 'd') {
if (arg1[0x11] == '_') {
if (arg1[0x12] == 'c') {
if (arg1[0x13] == 'h') {
if (arg1[0x14] == '3') {
if (arg1[0x15] == 'c') {
if (arg1[0x16] == 'k') {
if (arg1[0x17] == '1') {
if (arg1[0x18] == 'n') {
if (arg1[0x19] == 'g') {
if (arg1[0x1a] == '_') {
if (arg1[0x1b] == '7') {
if (arg1[0x1c] == 'f') {
if (arg1[0x1d] == '3') {
if (arg1[0x1e] == 'a') {
if (arg1[0x1f] == '}') {
...
We can prettify this by a bit of bash:
r2 -q -A -c "pdg @ sym.check_password" program | grep -o -E "'.'" | tr -d '\n' | tr -d "'"
Flag:
dach2026{p4ssw0rd_ch3ck1ng_7f3a}