Tags: executables packed reversing 

Rating:

- decompile the packed exe in IDA
- see suspicious function that reads command line args
- reverse command line check to get arg or patch check to get flag
```
#!/usr/bin/env python3

# for cmd arg

key = [0x42, 0x63, 0xB4, 0xE1, 0x4C, 0xBA, 0x1B, 0x83, 0xD7, 0xFD, 0x77, 0xE3, 0x33]

c = 0x42
ans = ""

for i in range(len(key) - 1):
a = key[i + 1] - key[i]
if a < 0:
a = (0x100 + key[i + 1]) - key[i]
ans = chr(a) + ans

print(ans)
```

Original writeup (https://www.danbrodsky.me/writeups/insomnihack2020-kaboom/).