Debrideur Fileice.net Apr 2026

#!/usr/bin/env bash FILE=mystery.dat FIXED=$FILE.fixed

if __name__ == "__main__": if len(sys.argv) != 2: print(f"Usage: sys.argv[0] <debrideur_file>") sys.exit(1) fix(sys.argv[1]) #!/usr/bin/env bash # run_and_get_flag.sh – Build the bride, run debrideur, extract the flag.

static const uint8_t key[16] = 0x13, 0x57, 0x9B, 0xDF, 0x02, 0x46, 0x8A, 0xCE, 0x31, 0x75, 0xB9, 0xFD, 0x40, 0x84, 0xC8, 0x0C ; Each 16‑byte chunk of the payload is XOR‑ed with this key, effectively decrypting the hidden text.

$ ltrace -e crc32 ./debrideur mystery.dat ... crc32(0x0, "abcdefghij...", 0x1c0) = 0x4a1f0c2b The binary uses (the standard polynomial 0xEDB88320). The function is called on the data after the checksum field. Debrideur fileice.net

The file format is:

FILE="$1:-mystery.dat" FIXED="$FILE.fixed"

def rebuild(fname): data = open(fname, "rb").read() payload = data[0x10:] # skip header + checksum field crc = binascii.crc32(payload) & 0xffffffff # rebuild the file new = data[:0x08] + crc.to_bytes(4, "little") + data[0x0c:] open(fname + ".fixed", "wb").write(new) print(f"Fixed file written: fname.fixed CRC=0xcrc:08x") crc32(0x0, "abcdefghij

# 1️⃣ Fix the CRC python3 rebuild.py "$FILE"

| Offset | Size | Meaning | |--------|------|----------| | 0x00 | 8 | ASCII magic "DEBRIDER" | | 0x08 | 4 | (little‑endian) – the “bride” | | 0x0C | 4 | Reserved / version (currently zero) | | 0x10 | … | Payload data (to be “de‑brided”) |

./run_and_get_flag.sh mystery.dat FLAGBr1d3_1s_Just_A_CRC Congratulations! You have successfully de‑brided the file, rebuilt the missing “bride”, and uncovered the hidden flag. You have successfully de‑brided the file, rebuilt the

if __name__ == "__main__": rebuild(sys.argv[1]) Running it:

The checksum is calculated over the , i.e. bytes starting at 0x10 . 4. Re‑building the Bride (Checksum) 4.1 Compute the correct CRC‑32 Python makes this trivial:

$ python3 rebuild.py mystery.dat Fixed file written: mystery.dat.fixed CRC=0x4a1f0c2b $ ./debrideur mystery.dat.fixed Processing block 0... Processing block 1... ... Flag: FLAGBr1d3_1s_Just_A_CRC Success! The flag appears after the binary finishes its “de‑briding” routine. 5. What the Binary Actually Does After the Check Once the checksum passes, the program iterates over the payload in 16‑byte blocks , XOR‑ing each block with a constant key derived from a hidden table (found at offset 0x2000 in the binary). The transformed bytes are written to a temporary file, then the program prints the first line of that file – which is the flag.

import sys, binascii

[*] Fixed CRC = 0x4a1f0c2b FLAGBr1d3_1s_Just_A_CRC | Topic | What the challenge taught | |-------|---------------------------| | File‑format reverse engineering | Even stripped binaries often expose the checksum routine via library calls ( crc32 ). | | Dynamic analysis | ltrace / strace are great for spotting which functions the binary uses (e.g., crc32 ). | | Checksum reconstruction | Many CTF “repair” challenges involve simply recomputing a checksum after editing a file. | | Simple XOR decryption | A static key table hidden in the binary can be discovered with a quick strings or objdump -s . | | Naming clues | French/English wordplay often hints at the solution (here, “bride” = checksum). | 8. Full Source Code of the Helper Scripts Below are the two scripts you may keep for future reference. 8.1 rebuild.py #!/usr/bin/env python3 """ rebuild.py – Fix the CRC32 “bride” in the DEBRIDER file. """