Rating: 5.0
## bin01 (500 pts) (Crypto)
```
We intercepted this file in Wireshark. Can you decrypt it?
Given: a data file named bin01
```
Examining the file, we see quite a lot of 0x90 bytes.
`hexdump -C bin01`:
```
00000000 ef d5 dc d6 92 91 91 90 90 90 90 90 90 90 90 90 |................|
00000010 93 90 ae 90 91 90 90 90 d0 95 90 90 90 90 90 90 |................|
00000020 d0 90 90 90 90 90 90 90 a0 89 90 90 90 90 90 90 |................|
00000030 90 90 90 90 d0 90 a8 90 99 90 d0 90 8d 90 8c 90 |................|
00000040 96 90 90 90 94 90 90 90 d0 90 90 90 90 90 90 90 |................|
00000050 d0 90 90 90 90 90 90 90 d0 90 90 90 90 90 90 90 |................|
00000060 68 91 90 90 90 90 90 90 68 91 90 90 90 90 90 90 |h.......h.......|
```
This made us suspect that the file had been XOR:ed with 0x90. XOR:ing the file with 0x90 gave us an ELF executable. For some reason it segfaulted when we ran it, but looking at the content with `string` revealed a suspicious-looking string (`QlRIX0NURnsweFhPUi0weEVuY29kZWQtMHhiaW5hcnl9`) which turned out to be the flag encoded in base64.
`BTH_CTF{0xXOR-0xEncoded-0xbinary}`
