# Simple Encryptor

{% code title="main" %}

```
  local_10 = *(long *)(in_FS_OFFSET + 0x28);
  local_30 = fopen("flag","rb");
  fseek(local_30,0,2);
  local_28 = ftell(local_30);
  fseek(local_30,0,0);
  local_20 = malloc(local_28);
  fread(local_20,local_28,1,local_30);
  fclose(local_30);
  tVar2 = time((time_t *)0x0);
  local_40 = (uint)tVar2;
  srand(local_40);
  for (local_38 = 0; local_38 < (long)local_28; local_38 = local_38 + 1) {
    iVar1 = rand();
    *(byte *)((long)local_20 + local_38) = *(byte *)((long)local_20 + local_38) ^ (byte)iVar1;
    local_3c = rand();
    local_3c = local_3c & 7;
    *(byte *)((long)local_20 + local_38) =
         *(byte *)((long)local_20 + local_38) << (sbyte)local_3c |
         *(byte *)((long)local_20 + local_38) >> 8 - (sbyte)local_3c;
  }
  local_18 = fopen("flag.enc","wb");
```

{% endcode %}

{% code title="Timestamp flag.enc" %}

```
╰─ stat flag.enc                                                                                                                                                                                              ─╯
  File: flag.enc
  Size: 32              Blocks: 0          IO Block: 512    regular file
Device: 0,179   Inode: 12666373952038248  Links: 1
Access: (0777/-rwxrwxrwx)  Uid: ( 1000/    kali)   Gid: ( 1000/    kali)
Access: 2024-10-05 01:14:37.623928000 +0200
Modify: 2022-07-19 13:14:48.000000000 +0200
Change: 2024-10-05 01:14:32.437619400 +0200
 Birth: -
```

{% endcode %}

```
#include <stdio.h>
#include <stdlib.h>
#include <string.h> 

int main(void) {
    typedef unsigned char byte;
    FILE *f;
    size_t flagSize;
    byte *flag;
    unsigned int seed;
    long i;
    int rnd1, rnd2;

    f = fopen("flag.enc", "rb");
    // seek until the end of the file to get the size
    fseek(f, 0, SEEK_END);
    flagSize = ftell(f);
    // seek to the beginning
    fseek(f, 0, SEEK_SET);
    // allocate memory of the flag
    flag = malloc(flagSize);
    fread(flag, 1, flagSize, f);
    fclose(f);

    // take seed from the first 4 bytes
    int flagOffset = 4;
    memcpy(&seed, flag, flagOffset);
    srand(seed);

    for(i = flagOffset; i < (long)flagSize; i++) {
        rnd1 = rand();
        rnd2 = rand();
        rnd2 = rnd2 & 7;
        flag[i]  = 
            flag[i] >> rnd2 |
            flag[i] << 8 - rnd2;
        flag[i] = rnd1 ^ flag[i];
        printf("%c", flag[i]);
    }
}
```

{% code overflow="wrap" %}

```
╰─ gcc exploit.c -o exploit                                                                                                                                                                                   ─╯

╰─ ./exploit                                                                                                                                                                                                  ─╯
HTB{vRy_s1MplE_F1LE3nCryp0r}%
```

{% endcode %}


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://mux1337.gitbook.io/write-up-_/hack-the-box/challenges/reversing/simple-encryptor.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.