> 4TRUN
>
> We found this archaic thing in our lab. Could you please investigate its purpose?
>
> Download:
>
> [4trun.zip](https://0xd13a.github.io/ctfs/hxp2017/4trun/4trun.zip)
>
> 100 Basepoints + 100 Bonuspoints * min(1, 3/21 Solves) = 114 Points

When run, the executable asks for the flag, and checks it:

```
$ ./4TRUN
Give flag: test
:(
```

We can open the application in HexRays or Snowman and study the flag checking logic. It consists of the following steps:

- Load the encoded flag data in a 6x6 _encoded flag matrix_
- Read the flag from the input and store it into a 6x6 _flag matrix_
- Update the _flag matrix_ by successively adding values in columns
- Fill _encoding factor matrix_ with constant values ```0``` through ```35```, and then update them with values from vector ```[1,3,3,3,3,7]```
- Multiply _flag matrix_ and _encoding factor matrix_
- Compare _encoded flag matrix_ and _flag matrix_, returning an indicator of whether the flag is valid or not

These steps can be reversed and the flag can be generated from _encoded flag matrix_ and _encoding factor matrix_. Let's put the reverse steps into a script:

```python
import struct, numpy

# extract encoded flag from executable
enc_flag_data = bytearray(open("4TRUN","rb").read())[0x1180:0x1180+0xc0]

factor = [1,3,3,3,3,7]

enc_flag = numpy.tile(0,(6,6))
enc_factors = numpy.tile(0,(6,6))

# fill the flag matrix and the encoding factors
for i in range(6):
for j in range(6):
enc_flag[j,i] = struct.unpack("