Skip to main content

Say_My_Name

Challenge

Imported from local notes.md.

Solution

Original Notes

Say_My_Name

Challenge Summary

  • Given: a local reverse-engineering ELF binary named saymyname.
  • Goal: recover the correct input and resulting flag.
  • Constraints: no network service; solve locally from the binary.

Initial Recon / Triage

  • Observations:
    • The binary is a 64-bit static ELF and is not stripped.
    • main prints Say My Name. and Name: then reads a line from stdin.
    • The input is compared directly against a long hardcoded string in .rodata.
    • The same .rodata region also contains the success message with the flag.
  • File identification:
    • starting_files/saymyname is the only provided asset.
  • Entry points:
    • main at 0x407e0e.
    • A comparison against the hardcoded required name at .rodata address 0x576d00.

Hypotheses & Approach

  • Hypothesis 1: the binary might decode or transform the flag in a helper function after validating a specific input string.
  • Hypothesis 2: because the ELF is not stripped and strings are present in .rodata, the required name and flag may both be directly recoverable without deeper deobfuscation.

Execution Steps (Reproducible)

Stage 1

Commands:

cd /root/cit2026CTF/Say_My_Name
file starting_files/saymyname
readelf -h starting_files/saymyname
objdump -d starting_files/saymyname | grep -n '<main>:' -A80
objdump -s --start-address=0x576d00 --stop-address=0x576dd0 starting_files/saymyname

Results:

  • main showed a direct string comparison before calling validate.
  • The relevant .rodata dump revealed both the required name and the success message:
    • required input: Bartholomew Demetrius Jamarion Kensington Blackwood Montague Devereaux Jackson-Fitzwilliam the XXVII
    • success string: yeah that me. heres your flag CIT{Zn583Umnwd4S}

Stage 2

Commands:

cd /root/cit2026CTF/Say_My_Name
chmod +x starting_files/saymyname
printf '%s\n' 'Bartholomew Demetrius Jamarion Kensington Blackwood Montague Devereaux Jackson-Fitzwilliam the XXVII' | ./starting_files/saymyname

Results:

  • The binary printed: yeah that me. heres your flag CIT{Zn583Umnwd4S}.

Stage 3

Commands:

curl -sS -X POST \
	-H 'Authorization: Token ctfd_abf40df278189b08d8eb5d8a9a089891b6c358e927025c14f3a3ba723ef578f4' \
	-H 'Content-Type: application/json' \
	-d '{"challenge_id":54,"submission":"CIT{Zn583Umnwd4S}"}' \
	https://ctf.cyber-cit.club/api/v1/challenges/attempt

Results:

  • The platform returned status: correct.

Artifacts Produced

  • No extra helper artifacts were needed for the final solve.

Flag

CIT{Zn583Umnwd4S}