- basic reverse
- static analysis
- XOR encryption
Figure out the address of main function (0x00401000) by looking the xref of some certain strings ("Input Serial", "Input Name"...).
We can find the name is XORed by the key [16, 32, 48]
, and the key is repeatly padding to the length of name.
...
v6 = 16;
v7 = 32;
v8 = 48;
printf(aInputName);
scanf(aS, v9);
v3 = 0;
for ( i = 0; v3 < (int)strlen(v9); ++i )
{
if ( i >= 3 )
i = 0;
sprintf(&Buffer, Format, &Buffer, v9[v3++] ^ *(&v6 + i));
}
...
Therrefore, do XOR operation with each element of [0x5B, 0x13, 0x49, 0x77, 0x13, 0x5E, 0x7D, 0x13]
and [16, 32, 48] * 3
and get the flag K3yg3nm3
.