Thank you for another great challenge for us beginners :)

It took me more than I expected :/ I believe this approach is an original one, for sure it is not perfect — “search and brute” (example script: https://github.com/JanKrasodomski/simple-python-brute-force/blob/283b54f71dcd3dcfa2a52142a75e28f1e7d83f57/simple_brute.py).

wow.. nice puzzle

how to decrypt the source code files with the flag?

Instructions are given in one of the files, it is done with openssl

the instructions are in the 'readme' file

This challenge is definitely worth more than just 10 points :/

I made it 10 points because it is a very simple reversing challenge. I understand that is more complex than RubberDuck which is also only worth 10 points.

Nice challenge. Hint: Probably need to combine static + dynamic RE to solve it quickly.

I really enjoyed solving this one. Thanks!

Sneaky... To anyone who is confused: maybe you should look at how buffer, to which flag is compared, changes. Is it always the same or does it depend on something? Final hint: what is ASCII character for 0x5F?

Anyway, great challenge, definitely worth more than just 10 points. Thanks for your work, will move on to your next CTF!

Should we compare address of 0x5F with address of string buffers?OR should we compare 0x5F with address of string buffers? Any help would be greatly appreciated

If you pay attention, the presence of 0x5f is checked in the flag mutiple times. From which we can infer that at those positions 0x5f should be present in the flag. Now rewrite the input flag and proceed to do dynamic analysis.

Look in the assembly for checks against the location of the '_' character. Then compare that location to the size of the available input strings. Look at how those checks affect local variables.