the file text.txt contains a string of 21 unicode characters:

幾湂潌蕔䩘桢豝詧䭡䝵敯䡨剱挧䍩硷穏罣㈡䨥贇

a decompiled function from ghidra, FUN_00101070, performs an encoding routine that recursively processes pairs of ascii characters into these wide unicode code points. our goal is to reverse this process and extract the original flag, which we know follows the format BtSCTF{...}.

### **function behavior**

the function reads two bytes at a time from input

it calculates a sum (uVar3) that includes the high nibbles (upper 4 bits) of the two bytes and a recursive sum of future bytes

it builds a 16-bit unicode character using >

```
hi = ((uVar3 >> 4) + s[i]) & 0xf | (s[i] & 0xf0);
lo = (uVar3 + s[i+1]) & 0xf | (s[i+1] & 0xf0);
W = ((hi << 8) | lo) + 0x1000;
```

the result is printed via putwc, and the function calls itself recursively with a 2-byte step

### **reversing the encoding**

what the encoding does ->

it adds 0x1000 to the result, so we start by subtracting it >

`X = W - 0x1000`

extract the upper and lower bytes >

```
A = (X >> 8) & 0xff
B = X & 0xff
```

from there >

```
hi_i, loA = A >> 4, A & 0xf
hi_j, loB = B >> 4, B & 0xf
```

derive original low nibbles >

```
lo_i = (loA - ((uVar3 >> 4) & 0xf)) & 0xf
lo_j = (loB - (uVar3 & 0xf)) & 0xf
```

recover original ascii bytes >

```
b_i = (hi_i << 4) | lo_i
b_j = (hi_j << 4) | lo_j
```

### **final result**

conjoining all of the individual steps, the flag is retrieved

**BtSCTF{W0W_it_re4l1y_m3aNs_$0methIng!!:)}**

solved by tlsbollei |\---/|
| o_o |
\_^_/