Rating:

# Hmmm

This task was part of the 'Misc' category at the 2020 Hexion CTF (during 11-13 April 2020).
It was solved by [or523](https://github.com/or523), in [The Maccabees](https://ctftime.org/team/60231) team.

# The challenge

Description:

```
?
```

We get a binary named `hmmm`:

```
hmmm: ELF 64-bit LSB pie executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, BuildID[sha1]=56283dee17d5f80f5b16885a898cbe61161b39a8, for GNU/Linux 3.2.0, stripped
```

This binary prints a picture of a girl (in anime style) when we run it, but has nothing to do with the flag.
The flag shows up when running:

```bash
$ cat ./hmmm
```

You can see the flag `hexCTF{1m_s0rry_1f_y0u_r3v3r5ed_7h1s}`

The reason the flag doesn't show up in reversing / running `strings` is because it is hidden inside the binary in a clever way: each character of the flag is separated by some amount of NULL characters from the next. We can see it in `hd` output:

```
$ hd ./hmmm
00000000 7f 45 4c 46 02 01 01 00 00 00 00 00 00 00 00 00 |.ELF............|
00000010 03 00 3e 00 01 00 00 00 80 20 00 00 00 00 00 00 |..>...... ......|
...
00000380 68 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |h...............|
00000390 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
000003a0 00 00 00 00 00 00 00 00 00 00 00 00 65 00 00 00 |............e...|
000003b0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
*
000003f0 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 |............x...|
00000400 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
*
00000460 00 43 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |.C..............|
00000470 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
*
000004c0 00 00 00 00 00 00 54 00 00 00 00 00 00 00 00 00 |......T.........|
000004d0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
*
00000520 00 00 00 00 00 00 00 00 00 00 00 46 00 00 00 00 |...........F....|
00000530 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
*
00000590 7b 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |{...............|
000005a0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
*
000005f0 00 00 00 00 00 31 00 00 00 00 00 00 00 00 00 00 |.....1..........|
00000600 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
*
00000650 00 00 00 00 00 00 00 00 00 00 6d 00 00 00 00 00 |..........m.....|
00000660 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
*
000006b0 00 00 00 00 00 5f 00 00 00 00 00 00 00 00 00 00 |....._..........|
000006c0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
*
00000700 00 00 00 00 00 00 00 73 00 00 00 00 00 00 00 00 |.......s........|
00000710 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
*
00000760 00 00 00 00 00 00 30 00 00 00 00 00 00 00 00 00 |......0.........|
00000770 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
*
000007c0 00 00 00 00 00 00 00 00 00 00 00 72 00 00 00 00 |...........r....|
000007d0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
*
00000820 00 00 00 00 00 00 00 00 00 00 00 72 00 00 00 00 |...........r....|
00000830 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
*
00000890 79 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |y...............|
000008a0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
...
```

Original writeup (https://github.com/TheMaccabees/ctf-writeups/blob/master/HexionCTF2020/Hmmm/README.md).