Challenge Description

Danish (original)

Julen nærmer sig med stormskridt, og Thor har igen formået at skabe problemer. Denne gang har han mistet den hemmelige kode, der skulle aktiveres for at starte festen i Asgård! Odin var overbevist om, at en digital løsning var fremtiden og havde fået Loke til at udvikle et system, hvor kun den rette kode kunne låse op for Valhallas julefest.

Men selvfølgelig havde Loke en skjult dagsorden, og nu vil han ikke give koden tilbage og skrev bare, “Alt hvad der skal bruges, er i systemet. God jul… eller måske ikke…”

English (from chatgpt)

Christmas is approaching rapidly, and Thor has once again managed to cause trouble. This time, he has lost the secret code that was supposed to be activated to start the party in Asgard! Odin was convinced that a digital solution was the future and had asked Loki to develop a system where only the correct code could unlock the Christmas party in Valhalla.

But of course, Loki had a hidden agenda, and now he refuses to give the code back, simply writing, “Everything you need is in the system. Merry Christmas… or maybe not…”

File

We are also given the following file:

Solution

Using the file command we can see that it is a .NET assembly:

$ file jul.dll
jul.dll: PE32+ executable for MS Windows 4.00 (console), x86-64 Mono/.Net assembly, 2 sections

This means that we can likely recover some or all of the source code using something like dnSpy, ILSpy, or in my case AvaloniaILSpy.

Opening the code in AvaloniaILSpy and navigating to the main function we get the following:

// FlagSpiseren
using System;

public static void Main()
{
	Console.WriteLine("HA! Jeg har gemt flaget i min mave og du finder det ALDRIG!");
	byte[] array = new byte[22]
	{
		12, 33, 36, 9, 26, 22, 41, 22, 29, 13,
		107, 9, 19, 74, 8, 29, 44, 76, 17, 61,
		1, 15
	};
	string text = "JegHarGemtFlagetBagXor";
	byte[] array2 = new byte[text.Length];
	for (int i = 0; i < text.Length; i++)
	{
		array2[i] = (byte)(text[i] ^ array[i]);
	}
}

We can quickly do the same operations in python:

first = [12, 33, 36, 9, 26, 22, 41, 22, 29, 13,
         107, 9, 19, 74, 8, 29, 44, 76, 17, 61,
         1, 15]

second = b'JegHarGemtFlagetBagXor'

flag = bytes([
  x ^ y for x, y in zip(first, second)
])

print(flag.decode())

And we get the flag: FDCA{dnspy-er-min-ven}