The document discusses reversing an encryption algorithm to find a flag. It notes that the encryption starts with "9447" and relates each character's index i to the character at index i-4 with an offset. The offsets provided decode to the flag "9447{9447rollingisfun}". References for more information are also provided.

1. Rolling

2. • Windows 8.1
• IDA 6.6
• Kali Linux adm64
• EDB (動態調適器)

3. Libc 6 required
• To solve it, add the following line to the sources.list:
• deb http://ftp.debian.org/debian sid main
• Then install a new linbc:
• apt-get update
• apt-get -t sid install libc6-dev

4. main

5. 4006c7

6. Call rax?
• 轉動態調適
• 過 4006c7 直接 F7 進 call rax
• 觀察1
• 參數給 test

7. • "57 102 108 97 103 115 115
116 97 114 116 119 105 116
104 57",
• which is "9flagsstartwith9"

8. • 觀察二
• Start with 9: 參數給 “9abc123”
• rax 指向另一檢查 function

11. 結論
• 開頭是 9447
• 接下來 ith char 都 relate 到 (i-4)th char
• 用 (i-4)th char + {offset}
• Offsets: +57 +59 +56 +53 -9 -1 -5 -3 +10 -8 +14 +5
• => flag is: “9447{9447rollingisfun}”

12. Ref.
• http://theevilbit.blogspot.tw/2014/12/9447-ctf-2014-writeup-
reversing-125100.html