EPFL's CTF team

TUCTF 2018: Shoop


Difficulty: easy

Black Hole Sun, won’t you come

and put sunshine in my bag

I’m useless, but not for long

so whatcha whatcha whatcha want?

nc 12345


The challenge binary asks for some input, then prints a message.

$ ./shoop
Gimme that good stuff: asdfasdf
Survey Says! ��a_n\a_n\����������
Close... probably

With some static analysis we can see that the program first mangles the input in a way that we’d like not to reverse and then checks it against a fixed string. If we can find the correct input we will get the flag.


This seems a good use case for angr. We can search for a state were stdout contains That's right!, then print the contents of stdin.

$ python solve.py

Great! Now let’s get ourselves a flag!

$ echo everybodyrockyourbody | nc 12345
Gimme that good stuff: Survey Says! jmt_j]tm`q`t_j]mpjtf^
That's right!