Vladmodelsy095alina44 2021 ✪

$ file vladmodelsy095alina44
vladmodelsy095alina44: ELF 64-bit LSB executable, x86‑64, dynamically linked, stripped

The binary is a stripped 64‑bit ELF. No obvious strings like a flag are present at first glance, but there are a handful of printable strings:

$ strings vladmodelsy095alina44 | head -20
/lib64/ld-linux-x86-64.so.2
GLIBC_2.2.5
...
vladmodelsy095alina44

The binary name itself appears as a string inside the binary. That’s a hint that the name is used somewhere in the program logic. vladmodelsy095alina44 2021

Creating a Unique and Helpful Username:

| What we learned | Why it matters | |-----------------|----------------| | Binary name as a secret – The program deliberately uses argv[0] as the XOR key. This is a classic “security through obscurity” trick that forces the attacker to keep the original file name intact. | When reversing, always check whether the binary name (or other external metadata) is used in crypto or checksums. | | Stripped binaries still contain data sections – Even though the binary had no symbols, the encrypted blob was visible in the .rodata section. | Dumping sections (objdump -s, readelf -S, xxd) is a quick way to locate hidden data. | | Dynamic tracing to locate the comparison – Breaking on strcmp gave us the exact address of the expected value. | In a stripped binary, static analysis alone can be tedious; a short dynamic trace often points you to the right function. | | Simple XOR – The encryption is just a byte‑wise XOR with a repeating key. Once you recognise the pattern, the problem collapses to a few lines of Python. | Many “crypto” challenges are just XOR or Caesar ciphers masquerading as “hard”. Recognise the patterns early. | The binary is a stripped 64‑bit ELF