picoGym Exclusive Reverse Engineering: ASCII FTW

Here is another challenge. This one involves disassembling an executable and finding our string within.

In this challenge(this post has a different feel because I am writing the blog as I am doing the challenge...It's a CTF-a-long lol).  Anyway, per the information given, we will need to find our flag in the program in hex then convert it to ascii to reveal our readable flag.  First thoughts...quick Notepad dump

On first glance it looks like a bunch of garbage, but upon closer inspection, I notice 2 interesting lines:

and

The first appears to be a hint, but we will need to disassemble to see if there is an actual hex value there.  The second looks like it is a string in the same format as our flag.  Could be nothing, but lets dump the file into Ghidra.

After opening the ELF and analyzing we begin our casual stroll for anything familiar, particularly "The flag starts with".  After some scrolling, we find our string:

Clicking on that seems to jump to the function section

Here is what the decompiler shows for that function:

Lets run with the fact that our flag may start with 0x70.  Seeing that made another part of asciiftw in Ghidra stand out:

This line of HEX starts with 0x70...lets convert it.

BOOM!  There is our flag.  Learning by doing is the way.