57 — El Capo 2 Cap

# Write to file with open("key.bin", "wb") as f: f.write(key)

for i in range(SIZE-1): # let transformed byte be zero for simplicity t = 0 key[i] = inv_rotl8(t, i % 8) ^ CONST_XOR checksum = (checksum + t) & 0xffffffff

(The exact constants differ slightly, but the structure is identical.) The flag is embedded as a static string in the binary’s .rodata section:

#!/usr/bin/env python3 from Crypto.Util.number import long_to_bytes import struct el capo 2 cap 57

T[i] = rotl8( key[i] ^ 0x5A , i % 8 ) We want Σ T[i] = 0xdeadbeef (mod 2^32) . Because the checksum is a simple sum, we can freely pick the first 63 bytes and solve for the last byte.

CONST_XOR = 0x5A TARGET = 0xdeadbeef SIZE = 64

# Compute needed final transformed byte need = (TARGET - checksum) & 0xffffffff # Since only one byte contributes, need must fit in a byte need_byte = need & 0xFF i = SIZE-1 key[i] = inv_rotl8(need_byte, i % 8) ^ CONST_XOR # Write to file with open("key

CONST_XOR = 0x5A TARGET = 0xdeadbeef SIZE = 64

for (int i = 0; i < 64; i++) uint8_t v = buf[i]; v ^= 0x5A; // XOR with constant v = rotl8(v, (i % 8)); // Rotate left by i%8 bits tmp[i] = v;

open("key.bin","wb").write(key)

def rotl8(v, r): return ((v << r) | (v >> (8 - r))) & 0xFF def inv_rotl8(v, r): return ((v >> r) | (v << (8 - r))) & 0xFF

# Choose 63 arbitrary bytes (e.g., all zeros) key = bytearray(SIZE) checksum = 0

if (chk == 0xdeadbeef) // Success path – print the flag stored in the binary puts(flag); return 0; return -1; The problem reduces to crafting a 64‑byte key

static const char flag[] = "ECTFel_capo_2_cap_57_success"; Because the binary is stripped, the name isn’t visible in strings , but the decompiler reveals it as a global pointer used only in the success branch. The problem reduces to crafting a 64‑byte key.bin such that the checksum after the transformation equals the required constant ( 0xdeadbeef in the example). 4.1 Deriving the Required Plain‑text Let T[i] be the transformed byte for index i . We know:

key = bytearray(SIZE) csum = 0 for i in range(SIZE-1): key[i] = inv_rotl8(0, i % 8) ^ CONST_XOR # keep transformed byte = 0 # csum unchanged (adds 0)

FHI 360
Powered by  GDPR Cookie Compliance
Privacy overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.