Rating: 0

I disassembled the binary and saw that someplace its cheking the input character by character, and always the valus is in rcx and once in rax. So I wrote the following code to parse the assembly and get the result.

```
import telnetlib
import subprocess
tn = telnetlib.Telnet("cm2k-alchemy_c745e862098878b8052e1e9588c59bff.quals.shallweplayaga.me", port = 12004)
tn.read_until('\n')
while 1:
a = tn.read_until('\n')[:-1]
print a
if 'flag' in a:
break
cmd = "objdump " + a + " -d -M intel"
process = subprocess.Popen(cmd.split(), stdout=subprocess.PIPE)
output, error = process.communicate()
o = ''
for i in output.split('\n'):
if 'cmp rcx' in i or 'cmp rax' in i:
i = " ".join(i.split()).split()
i[0] = int(i[0][:-1],16)
if (i[0]>0x40f000 and i[0]<0x40f700) or (i[0]>0x42d700 and i[0]<0x42deee) :
o+=i[-1][-2:].decode('hex')
print 'o is ', o
tn.write(o.encode('base64'))
```