Codsmp.zip

# Extract inner.zip inner_dir = work/'inner' inner_dir.mkdir(exist_ok=True) subprocess.run(['unzip', '-q', str(inner_zip), '-d', str(inner_dir)], check=True)

$ strings -a payload_decrypted.bin | head -20 /lib64/ld-linux-x86-64.so.2 libc.so.6 GLIBC_2.2.5 puts printf ... codsmp.zip

print('\n=== Decrypting payload.bin with various keys ===') for name, key in keys.items(): dec = xor(payload, key) flag = extract_flag(dec) if flag: print(f'[name] Flag: flag') else: # store binary for manual analysis (work/f'payload_name.bin').write_bytes(dec) # Extract inner

0x00001140 <main+40>: 1140: 48 8d 3d 0b 00 00 00 lea rdi,[rip+0xb] # 1152 <main+52> 1147: e8 34 ff ff ff call 1080 <puts@plt> 114c: b8 00 00 00 00 mov eax,0x0 1151: c3 ret 2.2 secret.py #!/usr/bin/env python3 import sys

$ python3 secret.py Decrypted to payload_decrypted.bin Inspect the result:

Good luck! The README tells us that is XOR‑encrypted and that the script secret.py probably contains the key or the routine to decrypt it. 2.2 secret.py #!/usr/bin/env python3 import sys, itertools

FLAGXOR_SINGLE_BYTE Now we have :