# Open the original binary .dmp file with open("chall.dmp", "rb") as f: # 1. Seek to the RVA identified in the memory list (e.g., 0x38e3df8b) f.seek(0x38e3df8b) data = f.read(0x1000) # Read the memory block # 2. Define your XOR relics (found in handle descriptors) # Using the 8-byte relics: 0x0100000000000000 and 0x00000000ffffff7f relic1 = bytes.fromhex("0100000000000000") relic2 = bytes.fromhex("00000000ffffff7f") # 3. Perform XOR to claim the knowledge # Often, the two relics are XORed together first to create the key key = bytes([a ^ b for a, b in zip(relic1, relic2)]) # 4. Decrypt the memory data using the resulting key result = bytes([data[i] ^ key[i % len(key)] for i in range(len(data))]) with open("relic.bin", "wb") as r: r.write(result)