Tags: reverse engineering
Rating:
### I just relized when i run this program using ltrace, program is do memcpy.
![](https://miro.medium.com/max/700/1*lt18d9CEzdungXTKIol49g.png)
### so i think the flag maybe saved on memory, so i open it with gdb and add breakpoints after program doing memcpy.
![](https://miro.medium.com/max/529/1*7SYj2PCOaJvBG4WCcBn-iA.png)
### and i do dump memory.
![](https://cdn-images-1.medium.com/max/800/1*erXCwTfijUdCcM0iuAo5NQ.png)
### and i open file that contain memory dump from the program using hexeditor and search for flag format.
![](https://cdn-images-1.medium.com/max/800/1*iNL29E56VL-RlgErf4vRAg.png)
> DUCTF{adv4ncedEncrypt3dShellCode}
[my blog](http://medium.com/@InersIn)