xct/solve.py Secret

## solve.py
#!/usr/bin/env python3
import subprocess

# Author: @xct_de
# Challenge: https://2022.squarectf.com/challenge?yet-another-reversing-activity

flag = ""
flag = "flag{" # checkpoint

baseline = ""
for j in range(32):
    l = len(flag)
    for i in range(0x20,0x7F,1):

        # write flag file, bruting last char
        f = open('./out', 'w')
        f.write(flag + chr(i))
        f.close()

        # count instructions
        p = subprocess.Popen("valgrind --tool=callgrind /usr/bin/yara -C flag.yarc out 2>&1 | grep refs | cut -d ' ' -f11", stdout=subprocess.PIPE, shell=True)
        output = p.communicate()[0].rstrip(b"\n")
        output = int(output.decode().replace(",",""))
        if i == 0x20:
            baseline = output

        # count as hit if more than a few instructions difference (valgrind is not perfect)
        elif abs(baseline-output)>10:
            flag += chr(i)
            print(f"Found: {chr(i)} ({output})")
            print(f"Flag: {flag}")
            break
    if l == len(flag):
        print("Whoops, try again")
        break
	#!/usr/bin/env python3
	import subprocess

	# Author: @xct_de
	# Challenge: https://2022.squarectf.com/challenge?yet-another-reversing-activity

	flag = ""
	flag = "flag{" # checkpoint

	baseline = ""
	for j in range(32):
	l = len(flag)
	for i in range(0x20,0x7F,1):

	# write flag file, bruting last char
	f = open('./out', 'w')
	f.write(flag + chr(i))
	f.close()

	# count instructions
	p = subprocess.Popen("valgrind --tool=callgrind /usr/bin/yara -C flag.yarc out 2>&1 \| grep refs \| cut -d ' ' -f11", stdout=subprocess.PIPE, shell=True)
	output = p.communicate()[0].rstrip(b"\n")
	output = int(output.decode().replace(",",""))
	if i == 0x20:
	baseline = output

	# count as hit if more than a few instructions difference (valgrind is not perfect)
	elif abs(baseline-output)>10:
	flag += chr(i)
	print(f"Found: {chr(i)} ({output})")
	print(f"Flag: {flag}")
	break
	if l == len(flag):
	print("Whoops, try again")
	break