# Decrypt Message 1 [RE]

Reversing C++ program given source code.

# Challenge Description

Decrypt `188d1f2f13cd5b601bd6047f4496ff74496ff74496ff7`

# Solution

The program is essentially taking the user input (byte-by-byte), then reading every 2 bytes as a short, and performing the following operation.

``````        eax = data[byte_address];
ecx = eax + 0x11;
eax = eax + 0xB;
ecx = eax * ecx;
edx = ecx;
edx = edx >> 8;
eax = edx;
eax = eax ^ ecx;
eax = eax >> 0x10;
eax = eax ^ edx;
eax = eax ^ ecx;
``````

Since each element is a `short` which is only 16 bits = 2 bytes, we can bruteforce it.

Note: the result is printed as a hex string of each elements in `data`, but since it isnâ€™t padded to a fixed length, we have to try out different lengths.

# Final Script

``````def test(x: str) -> (int, bool):
n = int(x, 16)

for a in range(0x101, 0x10000):
if a & 0xff == 0:
continue

eax = (a) & 0xffffffffffffffff
ecx = (eax + 0x11) & 0xffffffffffffffff
eax = (eax + 0xB) & 0xffffffffffffffff
ecx = (eax * ecx) & 0xffffffffffffffff
edx = (ecx) & 0xffffffffffffffff
edx = (edx >> 8) & 0xffffffffffffffff
eax = (edx) & 0xffffffffffffffff
eax = (eax ^ ecx) & 0xffffffffffffffff
eax = (eax >> 0x10) & 0xffffffffffffffff
eax = (eax ^ edx) & 0xffffffffffffffff
eax = (eax ^ ecx) & 0xffffffffffffffff

if eax == n:
return a, True

return 0, False

c = "188d1f2f13cd5b601bd6047f4496ff74496ff74496ff7"

flag = b""

i = 0
while i < len(c):
l = 1
while i + l <= len(c):
chunk = c[i:i+l]
x, ok = test(chunk)

if ok:
part = x.to_bytes(2, 'little')
flag += part
break

assert(i + l < len(c))

l += 1

i += l

print(flag)
``````

Flag: `GODGPT!!!!!!`

Categories:

Updated: