Golden Requim Challenge - Writeup#

Challenge#

• Name: A Golden Experience Requiem
• Category: Reverse Engineering
• Given file: golden-requim-challenge
• Hint: “You thought you had won but then events started happening for which there is no apparent cause, it seems like the program can see the future”
• Expected flag format: apoorvctf{...}

That hint strongly suggests anti-debugging / anti-analysis checks, and potentially decoy behavior.

1) Initial triage#

Start with standard RE triage:

file golden-requim-challenge
strings -n 6 golden-requim-challenge

Observed:

• 64-bit stripped PIE ELF
• Rust binary indicators (src/main.rs, std/core paths)
• A flag-looking string appears directly in strings:

apoorvctf{wh4t_1f_k1ng_cr1ms0n_requ13m3d??}

At first glance this looks solved, but it is a decoy.

2) Runtime behavior and why the strings-flag is fake#

Run the binary:

./golden-requim-challenge

Output:

loaded flag
printing flag.....

No flag is printed. The process then crashes/hangs (environment dependent). That already tells us:

• the embedded string is not necessarily the runtime truth,
• there is likely logic that computes a separate flag,
• and anti-analysis traps are present.

strace shows important behavior:

• ptrace(PTRACE_TRACEME) = -1 EPERM
• many anti-analysis marker checks around strings that decode to:
  • qemu
  • valgrind
  • PIN_ROOT
  • libasan
  • ltrace
  • librrpreload
  • LD_PRELOAD
  • LD_AUDIT

So this binary does environment detection and can alter behavior.

3) Static reversing focus: where is real decode logic?#

Disassemble:

objdump -d -Mintel golden-requim-challenge > /tmp/golden.objdump

A key function starts near 0xb637. In that region:

• It reads/writes globals around:
  • 0x54988 (index/counter)
  • 0x54990, 0x54991 (state flags)
  • 0x54998 (timestamp)
  • 0x549a0 (output buffer ptr)
  • 0x549a8 (another mmap ptr)
• It generates bytes in a loop for exactly 0x28 bytes (40), which is plausible flag length.

Core instruction pattern (reduced):

b66a: ... choose table base 0x45c1c or 0x45d30 based on i parity
b689: call b583      ; arithmetic/bit function for byte A
b693: call b5e3      ; table extraction function for byte B
b698: xor bpl,[r13+r12] ; xor with constant-table byte C
b69d: xor bpl,al        ; xor with byte B
b6a0: mov [r15+r14],bpl ; out[i]

Then there is timing-based anti-analysis:

b6c0: rdtsc
b6cc: cmp rax,0x1dcd6500
b6d4: mov BYTE PTR [0x54991],1
b6e3: add BYTE PTR [out+i],0x37

This means if anti-analysis condition triggers, output bytes get shifted by +0x37 and become junk.

4) Recover constants from .rodata#

Important static data offsets:

• 0x45c1c : 20-byte table (even indices)
• 0x45d30 : 20-byte table (odd indices)
• 0x46ca4 : 8 packed little-endian u32 values

We extract bytes directly from file in a solver script.

5) Reconstruct helper functions from assembly#

5.1 Function near 0xb583 (byte A)#

The assembly looks intentionally obfuscated (calling tiny arithmetic helpers), but algebraically simplifies to:

A(i) = ((7*i + 0x3f) XOR rol8(i, 3)) & 0xff

If anti-analysis flag is set (0x54991 == 1), function post-adjusts:

A(i) = (A(i) + 0x37) & 0xff

5.2 Function near 0xb5e3 (byte B)#

It uses low 3 bits of i to select one of 8 dwords, and (i >> 3) & 3 to select byte lane:

d = packed[i & 7]
lane = (i >> 3) & 3
B(i) = (d >> (8*lane)) & 0xff

5.3 Main byte composition#

For i = 0..39:

• choose C(i) from table_even[i/2] if i even, else table_odd[i/2]
• output:

out[i] = A(i) XOR C(i) XOR B(i)

This exactly reproduces the runtime generation.

6) Solver script (fully reproducible)#

I added golden-requim-solve.py in this directory.

Run:

python3 golden-requim-solve.py

Expected output:

apoorvctf{1_h0pe_5BR_i5_w33kly_rele4as3}

7) Why the decoy appears believable#

The decoy flag string is intentionally left as plain text in .rodata so a quick strings pass returns a plausible answer. But the actual runtime path constructs a different 40-byte result through:

• arithmetic mixing,
• parity-based table selection,
• packed dword extraction,
• anti-analysis perturbation.

This matches the theme (“future / no apparent cause”): observable clues and real behavior diverge under analysis conditions.

Final Flag#

apoorvctf{1_h0pe_5BR_i5_w33kly_rele4as3}

Files produced#

• golden-requim-solve.py - deterministic flag extractor
• golden-requim-writeup.md - this writeup