Reversing : Ghost Wrangler

Task

We get an executable for which we have to find out the contents of a string that is "censored".

Process

We put it into ghidra and find this in the get_flag function :

  for (local_c = 0; local_c < 40; local_c = local_c + 1) {
    *(byte *)((long)__s + (long)(int)local_c) = _[(int)local_c] ^ 0x13;
  }

Then we find out that _ variable points to string data which corresponds to :

[GQh{'f}g wLqjLg{ Lt{#`g&L#uLpgu&Lc'&g2n%s

So now that we know that it is a xor cipher, the key is 0x13 and what the ciphertext is. We can do this to retrieve the flag :

print("".join([chr(ord(i)^0x13) for i in "[GQh{'f}g wLqjLg{ Lt{#`g&L#uLpgu&Lc'&g2n%s"]))`

output : HTB{h4unt3d_by_th3_gh0st5_0f_ctf5_p45t!}6`