$ unzip codsmp.zip -d workdir Now we have a working directory:
if __name__ == '__main__': main() Running it prints all four flags (the MD5/SHA‑256 ones will appear only if those derived binaries indeed contain a flag string). Adjust the extract_flag regex if the flag format differs. | Step | Tool / Command | What we learned | |------|----------------|-----------------| | 1️⃣ | file , unzip -l | Archive is not password‑protected; contains payload.bin , secret.py , archive.enc . | | 2️⃣ | Read `README
# ----------------------------------------------------------------- # 2. Decode archive.enc (single‑byte XOR 0x20) enc = (work/'archive.enc').read_bytes() dec = xor(enc, b' ') # 0x20 == space == 32 decimal inner_zip = work/'inner.zip' inner_zip.write_bytes(dec) codsmp.zip
Good luck! The README tells us that is XOR‑encrypted and that the script secret.py probably contains the key or the routine to decrypt it. 2.2 secret.py #!/usr/bin/env python3 import sys, itertools
$ strings -a payload_decrypted.bin | head -20 /lib64/ld-linux-x86-64.so.2 libc.so.6 GLIBC_2.2.5 puts printf ... $ unzip codsmp
Inside this zip you will find a binary payload and a python script. The binary is encrypted with a custom XOR scheme. Your job is to recover the original binary and locate the flag.
def xor(data, key): return bytes(a ^ b for a, b in zip(data, itertools.cycle(key))) b in zip(data
# Extract inner.zip inner_dir = work/'inner' inner_dir.mkdir(exist_ok=True) subprocess.run(['unzip', '-q', str(inner_zip), '-d', str(inner_dir)], check=True)