This was a reversing warmup challenge for TWCTF 2016. I’ve read many write ups on this, but most of them did it differently from how I solved it, and many of their solutions seems to be more efficient than mine.
Given a 32-bit ELF binary and an output derived from the binary with the flag as input, the objective would be to determine the flag using the output values.
The main function does nothing much other than to call a function that generates the S-box for the cipher.
The generate_S_Box function starts by picking a random integer in the range of 0-255, and the rest of the function executes based on this random value. It didn’t occur to me that I could simply generate all possible 256 values at this point using gdb/unicorn engine (like what other solutions are doing), so I reversed the entire function into Python.
Since we knew that the flag starts with TWCTF, we could make use of this information to determine the correct s-box to use in order to obtain the rest of the flag.
Running this script gives us the flag:
→ python samples-1/test.py
Found sbox at random value 214