https://app.hackthebox.com/challenges/692

Description

The team stumbles into a long-abandoned casino. As you enter, the lights and music whir to life, and a staff of robots begin moving around and offering games, while skeletons of prewar patrons are slumped at slot machines. A robotic dealer waves you over and promises great wealth if you can win - can you beat the house and gather funds for the mission?

Exploitation

#!/usr/bin/python3
import ctypes
from pwn import *

libc = ctypes.CDLL('libc.so.6')
casino = ELF("./casino", checksec=False)
mapping = {libc.rand(): chr(i) for i in range(255) for _ in [libc.srand(i)]}
flag = "".join([mapping[casino.u32(casino.sym["check"] + b * 4)] for b in range(30)])
print(flag)

Summary

FlagCasino: trace the binary, isolate the validation routine, and invert it to recover the flag.