https://app.hackthebox.com/challenges/434

Description

A dark wizard placed a curse on you - if you open your mouth to say anything, it’ll strike! Only by perfectly reciting the counter-spell can you escape…

Exploitation

The values are found in the seccomp policy

gem install seccomp-tools
gem install racc

echo | seccomp-tools dump ./breaker | grep -oP '(?<=if \(A == )-?[0-9]+' | awk '{n=$1+0; if (n > 2147483647) n = n - 4294967296; print n}' | paste -sd ', '

#!/usr/bin/env python3
def decode_flag(encoded_values):
    flag = ''
    last = 0
    for i, value in enumerate(encoded_values):
        if i % 5 == 0:
            last = 0
        flag += chr(last + value)
        last = value
    return flag

encoded_values = [
    72, 12, 54, 69, 46, 
    101, -2, 101, -53, 
    162, 112, -67, 
    164, -64, 
    116, 98, 16, 36, -3, 128
]
flag = decode_flag(encoded_values)
print(flag)

Summary

Curse Breaker: reverse the validation logic, model the transform, and recover the accepted input.