Category: Reversing.
Points: 450.

We need an 8 digits code to disable the bomb. That code is used to operate with two arrays of bytes. Any mistake will make the bomb to explode.

My solution is below:

The code is 8 digits long, every digit goes from `0` to `9`, that code is used to operate with the first array of bytes, iterating byte to byte, as the length of the array of bytes is greater than the code,

There is a circular iteration, this is: everytime the last code digit is reached the loop start over again. You can see a C like code below to understand how the array of bytes and the user code input interact.

The same operations are carried out with the second array of bytes, the previous result is used to operate with the second array.

In both operations is indifferent which is x and y, and this is the used algorithm:

After operations the result is compared two times, the first time the resulting code calculation and the first resulting array of bytes are compared, the second time the previous result and the second array are compared.

After the operation between code and first array of bytes, any resulting bytes are compared with the correct result. Now. How can we get the correct result and which one doesn’t explote the bomb? Easy, using the comparer value and the array of bytes applying the same algorithm.

Another question: If in the algorithm use the index 10 from second array of bytes, what is  the index that corresponds to the code? I used Excel for answering that dilemma.

Column A: second array of bytes, length: 33.
Column B: first array of bytes, length: 18.
Column C: the code for disabling the bomb, length: 18. When it compares the index 30 from the second array of bytes, following the previous image, it corresponds to the index 12 from the first array of bytes, and it corresponds to the index 5 from the code.

The code is: `16274248`.

Later, I programmed a script using angr, it’s necessary to hook and emulate VC++ functions. The script is very understandable,  and it can be found here.

The flag is: `fwhibbit{d34c71v473d_r4bb17_b0mb}`.