Tags: rev 

Rating:

The binary accepts a password as input.
The maximum possible length of the password is limited at 20 chars. If we enter more than this it is automatically truncated to 20.

The program simply does the following.
======================================================================
password = map(ord, list('MyPassword'))
total = 0
for ch in password:
    total = ((total * 296) + ch) & 0xFFFFFFFFFFFFFFFF

if total == 0xCEFF5331D4AA:
    print 'Correct Password'
else:
    print 'Try again'
======================================================================

It is calculating the continued sum of the all the characters of the password, and multiplying by 296 in each step.
There are multiple solutions to this. For example, both tpwevlobbmhghhlcgcr and YMYPYSYFLBFLSPJXDOR are valid and accepted by the binary.
The actual password is however d00m3r.
This problem like several others in Xiomara CTF is poorly designed without proper checking.

To find the password I used the following python code.
======================================================================
from __future__ import print_function
from z3 import *

# Number of chars in password
passwlen = 6 

passw = [BitVec('ch'+str(i), 64) for i in xrange(passwlen)]
s = Solver()
tot = 0

for ch in passw:
    s.add(ch > 0x21)
    s.add(ch < 0x7E)
    tot = Extract(63,0, (tot*296)+ ch)

s.add(tot == 0xCEFF5331D4AA)

if s.check() == sat:
    m = s.model()
    for i in passw:
        print(chr(m[i].as_long()), sep = '', end='')
======================================================================

Original writeup (https://0xec.blogspot.com/).