## Tyrannosaurus Rex

The flag was encoded with the following proecess:
base64encode -> enc function -> hexlify

So we can decode flag with the following process:
unhexlify -> dec function -> base64decode

The dec function can be found by studying the enc function.

enc function:
Lets say we have an array e = [a,b,c,d] , a new array *z* is formed
by xoring two consecutive elements. The last element is xored with
the first. So we get z = [a^b, b^c, c^d, d^a]. Then z is hexlified.

dec function:
Observation 1: The beginning of base64 of a string is
always the same. It is just the end that differs.

Observation 2: a ^ a = 0. Therefore, a ^ a ^ b = b.

With these observations in mind, we can now construct the dec function.
We can base64 encode "flag" and grab the ascii value of the first 6bit value. A simple python code to do that is `base64.b64encode(b'flag')[0]`. We then unhexlify the encoded flag and perform observation 2 on it.
We then finally base64 decode the result.

#### Code Snippet
```
def dec():
cur = 90 #base64.b64encode(b'flag')[0]'
u = binascii.unhexlify(c)
s=""
for i in u:
v = cur ^ i #Perform a ^ a ^ b
s += chr(v)
cur = v
s = s[len(s)-1]+s[0:len(s)-1]
print(base64.b64decode(s))
```

[Original writeup](https://github.com/AmosAidoo/ctf-writeups/tree/master/H%40ctivityCon_CTF)