def rotl8(v, r): return ((v << r) | (v >> (8 - r))) & 0xFF def inv_rotl8(v, r): return ((v >> r) | (v << (8 - r))) & 0xFF
key = bytearray(SIZE) csum = 0 for i in range(SIZE-1): key[i] = inv_rotl8(0, i % 8) ^ CONST_XOR # keep transformed byte = 0 # csum unchanged (adds 0)
open("key.bin","wb").write(key)
def inv_rotl8(v, r): return ((v >> r) | (v << (8 - r))) & 0xFF
#!/usr/bin/env python3 import subprocess, os, struct el capo 2 cap 57
(The exact constants differ slightly, but the structure is identical.) The flag is embedded as a static string in the binary’s .rodata section:
need = (TARGET - csum) & 0xffffffff need_byte = need & 0xFF i = SIZE-1 key[i] = inv_rotl8(need_byte, i % 8) ^ CONST_XOR def rotl8(v, r): return ((v << r) |
T[i] = rotl8( key[i] ^ 0x5A , i % 8 ) We want Σ T[i] = 0xdeadbeef (mod 2^32) . Because the checksum is a simple sum, we can freely pick the first 63 bytes and solve for the last byte.
# Choose 63 arbitrary bytes (e.g., all zeros) key = bytearray(SIZE) checksum = 0 r): return ((v <