just dropping my solve script. for context we are given a golang compiled binary that we have to reverse to find the correct checksum :)
running the solve script satisfies all the constraints then drops the flag image in os.UserCacheDir
the programs asks users to solve some simple equations then asks for the calculated checksum. for better golang symbol resolution and decompilation we use the following Ghidra extension: https://github.com/mooncat-greenpy/Ghidra_GolangAnalyzerExtension/releases
here are relevant screenshots, read the code
solve.py
#!/usr/bin/env python3
from pwn import *
from hashlib import sha256
from base64 import b64decode, b64encode
win = "cQoFRQErX1YAVw1zVQdFUSxfAQNRBXUNAxBSe15QCVRVJ1pQEwd/WFBUAlElCFBFUnlaB1ULByRdBEFdfVtWVA=="
t = b64decode(win)
xorv = "FlareOn2024"
csb = bytearray()
p = process("checksum.exe")
context.log_level = "critical"
i = 0
while True:
try:
p.recvuntil(b"Check sum: ",timeout=0.5)
v = p.recvuntil(b"=",timeout=0.3)[:-2].split(b" + ")
p.sendline(str(int(v[0])+int(v[1])).encode("utf-8"))
if v != []:
i += 1
print(f"Solved {i}")
else:
break
except:
break
print(p.recvuntil(b"Checksum:"))
for i in range(len(t)):
csb.append(t[i] ^ ord(xorv[i % 11]))
x = b""
for i in range(len(csb)):
x += int(csb[i] ^ ord(xorv[i % 11])).to_bytes(1, byteorder="little")
x = b64encode(x).decode()
if win == x:
print("match")
m = sha256()
m.update(csb)
w = m.hexdigest()
print(csb)
print(csb.hex())
p.sendline(csb)
p.interactive()