[Reverse] BackdoorCTF 2017 - NO-CALM

Reverse challenge, using IDA to convert the binary into c pseudo code:

We can see that the flag must be in the arguments of the flag, each byte of the flag will be an argv, the flag has 31 bytes as we can see in if check. Looking at the generated code we can see that each byte of the flag is being saved from the variable v6 to v35. After this we can see a bunch of if verifications:

We can see it checks 3 bytes at time, with 3 different operation checks:

(v7+v6-v8 == key[0] && v6-v7+v8 == key[1] && v7-v6+v8 == key[2]) == true

And this repeats for all 3 bytes along the flag… it’s simple to write a python script to brute force the flag:

import string

a =  string.printable
keys = [81,53,87,90,156,66,98,140,92,38,170,60,29,161,69,163,27,69,147,43,59,146,86,44,67,89,75,117,125,125]
flags = []
s = ''
for i in range(0,len(keys),3):
	for b in a:
		for c in a:
			for d in a:
				if ord(c)+ord(b)-ord(d) == keys[i] and ord(b)-ord(c)+ord(d) == keys[i+1] and ord(c)-ord(b)+ord(d) == keys[i+2]:
					s += b+c+d
					print s

Running it:

$ python nocalm.py 
CTF
CTF{No
CTF{Now_t
CTF{Now_th1s
CTF{Now_th1s_1s
CTF{Now_th1s_1s_t0
CTF{Now_th1s_1s_t0_g3
CTF{Now_th1s_1s_t0_g3t_A
CTF{Now_th1s_1s_t0_g3t_ANGR
CTF{Now_th1s_1s_t0_g3t_ANGRyy}