# CrossCTF 2018 Qual RE GOGOGO

## Introduction

It is not me that solve the challenge during the competition. Just take it as a warm-up for coming CTF.

## Analysis

For those who are not familiar with GO binary, please read this post  first.
The binary will take a buffer as its input. It only accepts 0-9a-fA-F in buffer. Then the 32-byte buffer will be translated into str through combining every two bytes into one hexadecimal value.
For example, buffer = “31” will be translated into str = “\x31”.
Then we come to the verification process in the binary as below: After some effort, we can get the verification logic as below:

```str ^ 3 = 0xae;
str & 0xfe = 0x10;
str | 3 = 0x1b;
str ^ 0xde = 0xae;
str ^ 0xaf = 0xfe;
str ^ 0x92 = 0xbe;
str | 0x3a = 0xfa;
str & 0x19 = 0x10;
(str | 0x3) ^ 0xde = 0x21;
(str ^ 0x32) | 0x8a = 0xdb;
str ^ str ^ 0x13 = 0xba;
str ^ 0x30 = 0xdf;
str ^ 0x3a = 0xef;
str ^ str = 0x32;
str ^ str ^ str = 0x25;
```

## Exploit

```from pwn import *

DEBUG = int(sys.argv);

if(DEBUG == 0):
r = remote("1.2.3.4", 2333);
elif(DEBUG == 1):
r = process("./crackme.go");
elif(DEBUG == 2):
r = process("./crackme.go");
gdb.attach(r, '''source script''');

def halt():
while(True):
log.info(r.recvline());

def exploit():
r.recvuntil(":");