[ISITDTU 2018] cool Write-up

Keyword

reversing md5 xor

Analysis

The length of the string to be entered must be 28.

and then, there is a function that compares the partial parts of the input value …
I named it md5cmp_400CE5

This function does not directly compare the input value with a specific string. Generates an md5 hash for the input value and compares it to a specific string.

To find the first 12 bytes, we need to decrypt the three MD5 hashes shown above.

I used hashkiller.

Compares 12 bytes to each hash value, and then compares 1 byte to 33. it is ‘!’.
It is not finished yet.

Last 15 bytes.
From the 14th character, the result of xor from the first character to the nth character must be the same as the specific value(byte_6020A8).

Solve

flag = "fl4g_i5_h3r3!"
data = "7D4D2344360276036F5B2F46761839".decode('hex')

m = 0

for c in flag:
	m = m ^ ord(c)

for c in data:
	flag += chr( m ^ ord(c) )
	m = m ^ ( m ^ ord(c) )

print flag

ISITDTU{fl4g_i5_h3r3!C0ngr4tul4ti0n!}