Files
ctf/2026/srdnlen_quals/forensic/chapter2/extract_relic.py

20 lines
831 B
Python

# Open the original binary .dmp file
with open("chall.dmp", "rb") as f:
# 1. Seek to the RVA identified in the memory list (e.g., 0x38e3df8b)
f.seek(0x38e3df8b)
data = f.read(0x1000) # Read the memory block
# 2. Define your XOR relics (found in handle descriptors)
# Using the 8-byte relics: 0x0100000000000000 and 0x00000000ffffff7f
relic1 = bytes.fromhex("0100000000000000")
relic2 = bytes.fromhex("00000000ffffff7f")
# 3. Perform XOR to claim the knowledge
# Often, the two relics are XORed together first to create the key
key = bytes([a ^ b for a, b in zip(relic1, relic2)])
# 4. Decrypt the memory data using the resulting key
result = bytes([data[i] ^ key[i % len(key)] for i in range(len(data))])
with open("relic.bin", "wb") as r:
r.write(result)