Tags: md5 pwn 


I did not solve this challenge during the CTF.

`strncmp()` compares the md5 values in raw bytes instead of hex strings.
The third byte of the md5 value being compared with is a NULL byte, and `strncmp()` stops at NULL bytes, which means we can make an easy md5 collision.

Original writeup (https://ypl.coffee/wpictf-2020-dont-at-me/).