Tags: misc

Rating:

# Flag of Life

Author: [roerohan](https://github.com/roerohan)

## Source


Help our adventurer in attaining the Flag of Life by defeating the Demon Guard Flageon.

nc flagoflife.darkarmy.xyz 7001


## Expliot

Upon connection, you get:

sh
\$ nc flagoflife.darkarmy.xyz 7001

'Demon Guard Flageon: Who dares to disturb my slumber?
...
A human?

You: 1337

Demon Guard Flageon: Listen close, 1337.
To pass through you must give me a key of certain shape and size.
I do not expect mere mortals to pass this test and win the Flag of Life.
So here is a hint: the shape of the key is a square.
But I will not tell you the size.
You have 3 tries!

| How lucky! Look in your backpack. You have a square-key-making device.
| huh... weird thing to carry around if you ask me.
| Anyways.
| The problem is the device needs the edge length as input to make the key...


And it asks you to input edge length.


Input edge length: 5

*mechanical whirring*
...
*pop*

Demon Guard Flageon: The size of your key is off by 25 sq cm.
You have 2 more attempts left


Whatever edge lenght you input, it says that the size is off by the square of your input.

Also, we find that the program stores edge length in a variable of type integer since it overflows on inputs greater than 4 bytes in size.

Now the motive is clear, we have to pass a number as input so that it's square overflows exactly to give 0. We know that the size of int is 2^32 - 1. So, 2^32 is going to overflow to become 0. Therefore, we must pass 2^16 as input, which is 65536.

sh
Input edge length: 65536

*mechanical whirring*
...
*pop*

Demon Guard Flageon: Congratulation! You have completed this task.
The Flag of Life is now your's

===============================================
| darkCTF{-2147483648_c0m3s_aft3r_2147483647} |
===============================================


The flag is:


darkCTF{-2147483648_c0m3s_aft3r_2147483647}


Original writeup (https://github.com/csivitu/CTF-Write-ups/tree/master/DarkCTF%202020/Misc/Flag%20of%20Life).