# IJCTF 2021
## Sanity \[100 pts] - Reverse Engineering
> Description
>
> Just testing your sanity
**Solution**
This problem actually drove me insane at first. Like anyone else I submitted the flag. Then again, and again, and again, and again, and again, and again, and again, and again, and again, and again, and again, and again, and again, and again, and again, and again, and again, and again, and again, and again, and again, and again, and again, and again, and again, and again, and again, and again, and again, and again. Then bam my dumb ass realized the variable key exists and that can't be nothing right.
Key = 00 00 00 00 00 00 0a 06 18 2f 08 0c 3b 2c 0f 01 1d 2b 1f 3e 0f 004 3a 05 04 2d 39 06 06 00 10 08 05 01 11 4c 00 00 00 00\
Flag = IJCTF{simple\_sanity\_check\_for\_babies}
Code (Pay attention to line 26)
```c
undefined8 main(void) {
undefined *__s2;
int iVar1;
ulong uVar2;
size_t sVar3;
ulong uVar4;
size_t asStack192 [3];
undefined local_a8 [103];
byte local_41;
undefined *local_40;
long local_38;
asStack192[0] = 0x10118c;
asStack192[1] = strlen(flag);
local_38 = asStack192[1] - 1;
asStack192[2] = 0;
uVar2 = (asStack192[1] + 0xf) / 0x10;
local_40 = (undefined *)(asStack192[1] + uVar2 * 0x1ffffffffffffffe);
int local_2c = 0;
while( true ) {
uVar4 = SEXT48(local_2c);
asStack192[uVar2 * 0x1ffffffffffffffe] = 0x101238;
sVar3 = strlen(flag,*(undefined *)(asStack192 + uVar2 * 0x1ffffffffffffffe));
if (sVar3 <= uVar4) break;
local_41 = key[local_2c] ^ flag[local_2c];
local_40[local_2c] = key[local_2c] ^ flag[local_2c];
local_2c = local_2c + 1;
}
asStack192[uVar2 * 0x1ffffffffffffffe] = 0x101249;
puts("Whats the flag?",*(undefined *)(asStack192 + uVar2 * 0x1ffffffffffffffe));
asStack192[uVar2 * 0x1ffffffffffffffe] = 0x101264;
__isoc99_scanf(&DAT_00102066,local_a8);
__s2 = local_40;
asStack192[uVar2 * 0x1ffffffffffffffe] = 0x10127a;
iVar1 = strcmp(local_a8,__s2,*(undefined *)(asStack192 + uVar2 * 0x1ffffffffffffffe));
if (iVar1 == 0) {
asStack192[uVar2 * 0x1ffffffffffffffe] = 0x10128a;
puts("Correct!",*(undefined *)(asStack192 + uVar2 * 0x1ffffffffffffffe));
}
else {
asStack192[uVar2 * 0x1ffffffffffffffe] = 0x101298;
puts("Wrong!",*(undefined *)(asStack192 + uVar2 * 0x1ffffffffffffffe));
}
return 0;
}
```
Line 26 was my key that we would xor the two and my code to do this was quite simple
```python
key = "00 00 00 00 00 00 0a 06 18 2f 08 0c 3b 2c 0f 01 1d 2b 1f 3e 0f 004 3a 05 04 2d 39 06 06 00 10 08 05 01 11 4c 00 00 00 00".split(" ")
flag = "IJCTF{simple_sanity_check_for_babies}"
new_flag = ""
for i in range(0, len(flag)):
tmp = ord(flag[i]) ^ int(key[i],16)
new_flag += chr(tmp)
print(new_flag)
```
**Flag: IJCTF{you\_did\_not\_fall\_for\_it\_right?}**
## Link to Solutions
I did not write them but most are not posted on CTF time so decided to add the links for future reference.
{% embed url="" %}
{% embed url="" %}
{% embed url="" %}
{% embed url="" %}
---
# Agent Instructions: Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter:
```
GET https://codingmace.gitbook.io/masterward/ctf/2021/ijctf-2021.md?ask=
```
The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.