Challenge author
JP Smith (SIGPwny)
Write-up author
Vanilla (Batman's Kitchen)

every day I do
100 push ups
100 sit ups
100 squats
100 crackmes

We connect to the server provided and it throws us a bunch of Base64. We decode it, and it is an ELF. We reverse it, and discover that it is looking for some particular input. We gather a few more samples, and they all follow the same pattern, sometimes modifying the input before comparing, but all very simple.

My favorite tool for automating reversing, and sometimes for even non-automated reversing, is Radare2. It is very easy to interface to it from Python (or any other language, really) using r2pipe. I wrote a Python script to extract out the correct solutions using r2pipe and threw it at the challenge.

Well, I kept getting errors from the challenge, even when I double-checked and the solutions were correct. In any case, while I was wondering why that was happening, I figured I'd make my code more robust anyways. I broke out the big guns: Angr. Angr solves these types of challenges in a completely agnostic way. I used r2pipe as before to find the goodboy, and then told Angr to find an input to get there. It was slower but it worked too.

In any case I had both of these solutions working but I still was getting errors, so I talked to the challenge creator a bunch and it was clear that it was superbly broken. Eventually they changed it so that even when their script broke, it would still let us continue. Once they fixed that, our code ran fine, and we got flag.