Tags: engineering reverse 


1. Use strings to find the Alien ID
2. Run Ghidra to find the `checkpin` function
3. Find the string it compares the user input to, and realise it needs to be XORed
4. After XORing the seemingly random pin string, we see that it contains the text inside the flag

Original writeup (https://kblagoev.com/blog/authenticator-cyberapocalypse-2021-ctf/).