There are several anit-reversing logic, so I just patched with
\x90 (nop instruction) to avoid them. After this process, it was able to figure out the logic of the program.
/bin/catto something to get a string
- XOR the prologue of a function by the first 5 bytes of the given input.
- XOR the given input and the string from 1., then check the result is right.
The part 2. is easy to patch, because the first 5 bytes of the given input is always