Bruteforcing script for The Legend of Shiitakoin from the NSec 2022 CTF.

legend_of_scoin.c

#include <stdio.h>
#include <stdint.h>
#include <stdbool.h>

int main() {
  uint32_t input_bytes[4];
  uint32_t first_item, second_item, third_item, fourth_item;
  bool values_match_rules = false;

  for (first_item = 0; first_item < 255; first_item++) {
    if ((first_item ^ 0x47) != 0xe4) {
      continue;
    }


    for (second_item = 0; second_item < 255; second_item++) {
      if ((second_item ^ 0xbd) != 0xe3) {
        continue;
      }

      uint32_t xored_one_and_two = first_item ^ second_item;

      if ((xored_one_and_two & 0xf0) != 0xf0) {
        continue;
      }
      if ((xored_one_and_two & 0xf) != 0xd) {
        continue;
      }

      for (third_item = 0; third_item < 255; third_item++) {
        if ((third_item ^ 0x81) != 0xc) {
          continue;
        }
        if ((third_item >> (first_item & 0b11)) != 0x11) {
          continue;
        }
        values_match_rules = true;
        break;
      }

      if (values_match_rules) {
        break;
      }
    }

    if (values_match_rules) {
      input_bytes[0] = first_item;
      input_bytes[1] = second_item;
      input_bytes[2] = third_item;
      break;
    }
  }

  for (fourth_item = 0; fourth_item < 255; fourth_item++) {
    uint32_t bitmasked_fourth_item = fourth_item;

    for (uint32_t loop_counter = 0; loop_counter < 3; loop_counter++) {
      bitmasked_fourth_item = (bitmasked_fourth_item & 0xe5) | (loop_counter + 0x2c);
    }

    if (bitmasked_fourth_item == 0x2f && (fourth_item ^ 0xd3) == 0xec) {
      break;
    }
  }

  printf("%02x %02x %02x %02x\n", first_item, second_item, third_item, fourth_item);
}