Tags: number 

Rating:

For a better view check our [githubpage](https://bsempir0x65.github.io/CTF_Writeups/AngstromCTF_2022/#number-game) or [github](https://github.com/bsempir0x65/CTF_Writeups/tree/main/AngstromCTF_2022#number-game) out

![https://raw.githubusercontent.com/bsempir0x65/CTF_Writeups/main/AngstromCTF_2022/img/numbergame.png](https://raw.githubusercontent.com/bsempir0x65/CTF_Writeups/main/AngstromCTF_2022/img/numbergame.png)

Again another little tool for us to challenge and once we have it we can check the solution on the server. So [binary ninja](https://cloud.binary.ninja/) as suggested does a great job but [ghidra](https://ghidra-sre.org/) were already booted:

![https://raw.githubusercontent.com/bsempir0x65/CTF_Writeups/main/AngstromCTF_2022/img/numbergame1.png](https://raw.githubusercontent.com/bsempir0x65/CTF_Writeups/main/AngstromCTF_2022/img/numbergame1.png)

The static analysis does a great job and we can see what we need to do in order to get the flag for convenience here is the decompiled code with some comments:

```C
undefined8 main(void)

{
int iVar1;
undefined8 uVar2;
size_t sVar3;
char local_58 [72];
int local_10; <- was unassigned as integer but based on the read_int() function call it was quite clear it had to be an int
int local_c; <- was unassigned as integer but based on the read_int() function call it was quite clear it had to be an int

puts("Welcome to clam\'s number game!");
printf("Step right up and guess your first number: ");
fflush(stdout);
local_c = read_int();
if (local_c == 314159265) { <- we know that local_c is an int so this is an int check and we can convert the hex value in an int
printf("That\'s great, but can you follow it up? ");
fflush(stdout);
local_10 = read_int();
if (local_10 + local_c == 513371337) { <- we know that local_10 + local_c is an int so this is an int check and we can convert the hex value in an int
puts("That was the easy part. Now, what\'s the 42nd number of the Maltese alphabet?");
getchar();
fgets(local_58,0x40,stdin); <- takes our input
sVar3 = strcspn(local_58,"\n"); <- cuts out the \n when we click enter
local_58[sVar3] = '\0';
iVar1 = strcmp(local_58,"the airspeed velocity of an unladen swallow"); <- is the string it compares to as the last solution
if (iVar1 == 0) {
puts("How... how did you get that? That reference doesn\'t even make sense...");
puts("Whatever, you can have your flag I guess.");
print_flag();
uVar2 = 0;
}
else {
puts("Ha! I knew I would get you there!");
uVar2 = 1;
}
}
else {
puts("Sorry but you didn\'t win :(");
uVar2 = 1;
}
}
else {
puts("Sorry but you didn\'t win :(");
uVar2 = 1;
}
return uVar2;
}
```
Based on the comments above we concluded the following entry's in order for the flag:

1. 314159265 first number
2. 314159265 + x = 513371337 -> x = 199212072 second number
3. "the airspeed velocity of an unladen swallow" third number without quotes

Which brings us
```console
└─$ nc challs.actf.co 31334
Welcome to clam's number game!
Step right up and guess your first number: 314159265
That's great, but can you follow it up? 199212072
That was the easy part. Now, what's the 42nd number of the Maltese alphabet?
the airspeed velocity of an unladen swallow
How... how did you get that? That reference doesn't even make sense...
Whatever, you can have your flag I guess.
actf{it_turns_out_you_dont_need_source_huh}
```
You could also create an easy script for that but meh was okay when you copy fast enough the answers o(^▽^)o

Original writeup (https://bsempir0x65.github.io/CTF_Writeups/AngstromCTF_2022/#number-game).