komen205/gist:8b60daa7a28302743b3a8ba17f363c3e

## gistfile1.txt

By connecting to the server we see that it requires one or more inputs, when the input is something like 1 then 1. We encounter a door which requires a password. Now we can look at the binary file.

I used Ghidra to decompile the file at first, then only later used IDA. First, by looking at the strings we can see some strings that we saw on the server output.	I traced them back and found this method.

https://imgur.com/AijEsVe

It is interesting that the function call has an unusual name “fnv_1a_32”. If we search this on google the first search is a wikipedia page “Fowler–Noll–Vo hash function”.

https://imgur.com/NYkjCRm

I changed the names of the variables for purposes of this writeup but we can see that the code is the same as the pseudocode shown in the wikipedia page.

There is an array with some chars, and those keywords are interesting.

https://imgur.com/3d5Pgv8

Those keywords are “cook”, “flawed”, “gravel”,”king”,”decisive”.

So now we know that there is a hash, we have some keywords and we know that the input is in decimal.  I asked myself if the answer wouldn’t be the hash of those keys.

We might wanna try this. I searched on Google and found this tool https://md5calc.com/hash/fnv1a32 that encodes the string. All we need to do is then convert it to decimal.

Those are the keywords, hash and their decimal value.
fnv1a32    decisive    649df323  1688072995
fnv1a32    king    da13e3d6  3658736598
fnv1a32    flawed    42b03586   1118844294
fnv1a32    cook    ef3e2929  4013828393
fnv1a32    gravel    b2def4fa 3000956154

Those are the doors, the decimal value and the answer.
1-1 4013828393 flag{e@5+er_
2-3-3 1118844294 e995_6ehind_
1-3-1-3 3000956154 p@yw@115_i5_
1-3-1-2-2-1 3658736598 +he_dum6e5+_
1-3-1-2-2-2-2 1688072995 ide@_ever!!}
FLAG: flag{e@5+er_e995_6ehind_p@yw@115_i5_+he_dum6e5+_ide@_ever!!}

	By connecting to the server we see that it requires one or more inputs, when the input is something like 1 then 1. We encounter a door which requires a password. Now we can look at the binary file.

	I used Ghidra to decompile the file at first, then only later used IDA. First, by looking at the strings we can see some strings that we saw on the server output. I traced them back and found this method.

	https://imgur.com/AijEsVe

	It is interesting that the function call has an unusual name “fnv_1a_32”. If we search this on google the first search is a wikipedia page “Fowler–Noll–Vo hash function”.

	https://imgur.com/NYkjCRm

	I changed the names of the variables for purposes of this writeup but we can see that the code is the same as the pseudocode shown in the wikipedia page.

	There is an array with some chars, and those keywords are interesting.

	https://imgur.com/3d5Pgv8

	Those keywords are “cook”, “flawed”, “gravel”,”king”,”decisive”.

	So now we know that there is a hash, we have some keywords and we know that the input is in decimal. I asked myself if the answer wouldn’t be the hash of those keys.

	We might wanna try this. I searched on Google and found this tool https://md5calc.com/hash/fnv1a32 that encodes the string. All we need to do is then convert it to decimal.

	Those are the keywords, hash and their decimal value.
	fnv1a32 decisive 649df323 1688072995
	fnv1a32 king da13e3d6 3658736598
	fnv1a32 flawed 42b03586 1118844294
	fnv1a32 cook ef3e2929 4013828393
	fnv1a32 gravel b2def4fa 3000956154

	Those are the doors, the decimal value and the answer.
	1-1 4013828393 flag{e@5+er_
	2-3-3 1118844294 e995_6ehind_
	1-3-1-3 3000956154 p@yw@115_i5_
	1-3-1-2-2-1 3658736598 +he_dum6e5+_
	1-3-1-2-2-2-2 1688072995 ide@_ever!!}
	FLAG: flag{e@5+er_e995_6ehind_p@yw@115_i5_+he_dum6e5+_ide@_ever!!}