Vladmodelsy095alina44 2021 -

We can write a tiny Python script to perform the decryption. The encrypted blob can be extracted with objdump -s or xxd. Using Ghidra we noted the blob starts at address 0x555555555000 and is 32 bytes long:

$ xxd -p -s 0x2000 -l 32 vladmodelsy095alina44   # (0x2000 is the file offset; adjust if needed)
12 4b 5a 00 9f 3c a1 77 58 23 1d b6 9c 6b d5 12 \
e9 71 02 a4 5f 90 33 44 a1 08 6d 9e 73 2c 1a

Now the decryption script:

#!/usr/bin/env python3
import sys
# Encrypted blob (copied from the dump above)
enc = bytes.fromhex(
    "124b5a009f3ca17758231db69c6bd512e97102a45f903344a1086d9e732c1a"
)
# The binary name that the program sees (argv[0])
key = b"vladmodelsy095alina44"
# XOR‑decode
plain = bytes([enc[i] ^ key[i % len(key)] for i in range(len(enc))])
print(plain)               # -> b'S3cr3t_C0D3_2021_4l1n4'

Running it yields:

$ ./decode.py
b'S3cr3t_C0D3_2021_4l1n4'

That is the secret code the program expects. vladmodelsy095alina44 2021

$ ./vladmodelsy095alina44
Enter the secret code:
S3cr3t_C0D3_2021_4l1n4
Correct! Here is the flag:
flagv1ct0rY_4s_4l1n4_2021

The flag format follows the CTF’s usual flag… pattern. We can write a tiny Python script to perform the decryption

The inclusion of "2021" could imply that the content, project, or user is associated with the year 2021. This could indicate a timestamp for when a project was initiated or completed, reference a specific year's model or fashion trends, or simply be part of the identifier for organizational purposes. Now the decryption script: #