Each byte of argv[1] ( flag ) is authenticated in some routine.
Just set two breakpoints and bruteforce it.