There are several anit-reversing logic, so I just patched with \x90
(nop instruction) to avoid them. After this process, it was able to figure out the logic of the program.
- Use
/bin/cat
to something to get a string - XOR the prologue of a function by the first 5 bytes of the given input.
- XOR the given input and the string from 1., then check the result is right.
The part 2. is easy to patch, because the first 5 bytes of the given input is always n1ctf
.