grocid/gist:30cc924e465f262263406d731706bdb0

## gistfile1.txt
def xor(a,b):
    return "".join(chr(ord(x) ^ ord(y)) for x,y in zip(a,b))

enc = "2146e5732091ee13f25966a751b85730938017cd1388cdbf66258299d000afce"
dec = b'\xea%]\xd2m\x89\x14\x8dVr\x01\x9as\xe4\xbd/\x91u\xe1W\x96\xea\x935\x99\xd5\xa8|\xf1\x90\xda'
fb = dec[:16]
lb = dec[16:] + "\x00"
assert(len(fb) == 16)
assert(len(lb) == 16)
desired_command = " & cat flag.txt"
desired_command += " " * (15 - len(desired_command)) + "\x00"
assert(len(desired_command) == 16)

encb = enc.decode("hex")

print "/cmd " + (xor(xor(encb[:16], lb), desired_command) + encb[16:]).encode("hex")


>/cmd 90152447d70f5d4007eda9f5d450f930938017cd1388cdbf66258299d000afce
Running b'\xe2$\xe5\xa7\xec!NJ\\j\xe9z\xdc#\xe1X\x10& cat flag.txt'
sh: 1: �$��!NJj�z�#�X: not found
INSA{or4cle_P4dd1ng}
	def xor(a,b):
	return "".join(chr(ord(x) ^ ord(y)) for x,y in zip(a,b))

	enc = "2146e5732091ee13f25966a751b85730938017cd1388cdbf66258299d000afce"
	dec = b'\xea%]\xd2m\x89\x14\x8dVr\x01\x9as\xe4\xbd/\x91u\xe1W\x96\xea\x935\x99\xd5\xa8\|\xf1\x90\xda'
	fb = dec[:16]
	lb = dec[16:] + "\x00"
	assert(len(fb) == 16)
	assert(len(lb) == 16)
	desired_command = " & cat flag.txt"
	desired_command += " " * (15 - len(desired_command)) + "\x00"
	assert(len(desired_command) == 16)

	encb = enc.decode("hex")

	print "/cmd " + (xor(xor(encb[:16], lb), desired_command) + encb[16:]).encode("hex")


	>/cmd 90152447d70f5d4007eda9f5d450f930938017cd1388cdbf66258299d000afce
	Running b'\xe2$\xe5\xa7\xec!NJ\\j\xe9z\xdc#\xe1X\x10& cat flag.txt'
	sh: 1: �$��!NJj�z�#�X: not found
	INSA{or4cle_P4dd1ng}