El Capo 2 - Cap 57

#!/usr/bin/env python3 import subprocess, os, struct

open("key.bin","wb").write(key)

#!/usr/bin/env python3 from Crypto.Util.number import long_to_bytes import struct el capo 2 cap 57

T[i] = rotl8( key[i] ^ 0x5A , i % 8 ) We want Σ T[i] = 0xdeadbeef (mod 2^32) . Because the checksum is a simple sum, we can freely pick the first 63 bytes and solve for the last byte.

static const char flag[] = "ECTFel_capo_2_cap_57_success"; Because the binary is stripped, the name isn’t visible in strings , but the decompiler reveals it as a global pointer used only in the success branch. The problem reduces to crafting a 64‑byte key.bin such that the checksum after the transformation equals the required constant ( 0xdeadbeef in the example). 4.1 Deriving the Required Plain‑text Let T[i] be the transformed byte for index i . We know: The problem reduces to crafting a 64‑byte key

# Compute needed final transformed byte need = (TARGET - checksum) & 0xffffffff # Since only one byte contributes, need must fit in a byte need_byte = need & 0xFF i = SIZE-1 key[i] = inv_rotl8(need_byte, i % 8) ^ CONST_XOR

def inv_rotl8(v, r): return ((v >> r) | (v << (8 - r))) & 0xFF r): return ((v &gt

need = (TARGET - csum) & 0xffffffff need_byte = need & 0xFF i = SIZE-1 key[i] = inv_rotl8(need_byte, i % 8) ^ CONST_XOR