# Formatting

If you have not already, follow us on Twitter for updates and content! [@RagnarSecurity](https://twitter.com/ragnarsecurity)

This is a beginner challenge in the Reverse Engineering category. This is great for people new to the tools that reversers use.

First, lets run the binary
$ ./formatting
haha its not that easy}

Okay, nothing useful. Lets open it up in Ghidra. Here is the main function:


undefined8 main(void)

int iVar1;
char acStack146 [17];
undefined local_81;
undefined local_80;
long local_28;
undefined4 local_20;
undefined4 local_1c;

local_1c = 0x66;
local_20 = 0x6c;
local_80 = 0;
local_81 = (undefined)brac1;
iVar1 = sprintf(acStack146,fmt,"d1d_You_Just_ltrace_",(ulong)this,(ulong)crap,(ulong)is,(ulong)too
local_28 = (long)iVar1;
acStack146[local_28] = (char)brac1;
puts(flag + 6);
return 0;

Huh, it says `d1d_You_Just_ltrace_`. Looks like it is part of a flag. Lets ltrace the binary and see if we get more.

$ ltrace ./formatting
sprintf("d1d_You_Just_ltrace_296faa2990ac"..., "%s%02x%02x%02x%02x%02x%02x%02x%0"..., "d1d_You_Just_ltrace_", 0x29, 0x6f, 0xaa, 0x29, 0x90, 0xac, 0xbc, 0x36) = 37
puts("haha its not that easy}"haha its not that easy}
) = 24
+++ exited (status 0) +++

Looks like there is more to the flag. Looks like it requires some hex at the end of it too. If we take all of the hex values alone with `d1d_You_Just_ltrace`, you get the flag.

`DUCTF{d1d_You_Just_ltrace_96faa2990acbc36}` - Note, ltrace didn't totally dump the flag, it missed bc and 36.

Original writeup (https://github.com/Ragnar-Security/ctf-writeups/tree/master/downunder-ctf/rev/formatting).