It took me more than I expected :/ I believe this approach is an original one, for sure it is not perfect — “search and brute” (example script: https://github.com/JanKrasodomski/simple-python-brute-force/blob/283b54f71dcd3dcfa2a52142a75e28f1e7d83f57/simple_brute.py).

wow.. nice puzzle

how to decrypt the source code files with the flag?

Instructions are given in one of the files, it is done with openssl

the instructions are in the 'readme' file

Really Enjoyed This Challenge :) But Doesn't Seems to require Dynamic Analysis, as specified in some comments

I have used Cutter to solve it though

I really enjoyed solving this one. Thanks!

This challenge is definitely worth more than just 10 points :/

I made it 10 points because it is a very simple reversing challenge. I understand that is more complex than RubberDuck which is also only worth 10 points.

My pleasure, thanks for the feedback.

Can you send me a PM on Discord @kcbowhunter? It is easier to chat there. I can also send you a version of the exe that does not use the XMM registers.

sure see u later

You are on the right track. Determine the number of characters in the flag and determine the location of the '' characters in the flag. Compare the location of the '' characters with the sizes of the available substrings.

Nice challenge. Hint: Probably need to combine static + dynamic RE to solve it quickly.

I really enjoyed solving this one. Thanks!

This challenge is definitely worth more than just 10 points :/

I made it 10 points because it is a very simple reversing challenge. I understand that is more complex than RubberDuck which is also only worth 10 points.

Sneaky... To anyone who is confused: maybe you should look at how buffer, to which flag is compared, changes. Is it always the same or does it depend on something? Final hint: what is ASCII character for 0x5F?

Anyway, great challenge, definitely worth more than just 10 points. Thanks for your work, will move on to your next CTF!

Should we compare address of 0x5F with address of string buffers?OR should we compare 0x5F with address of string buffers? Any help would be greatly appreciated

If you pay attention, the presence of 0x5f is checked in the flag mutiple times. From which we can infer that at those positions 0x5f should be present in the flag. Now rewrite the input flag and proceed to do dynamic analysis.

Look in the assembly for checks against the location of the '_' character. Then compare that location to the size of the available input strings. Look at how those checks affect local variables.