Hdhub4ubike -

if __name__ == "__main__": main() Running the script prints the flag instantly:

$ checksec --file=hdhub4ubike ... PIE: No NX: No RELRO: No Canary: No FORTIFY: No The binary – we have all symbol names! 2.2 Strings $ strings -a hdhub4ubike | grep -i flag flagh0p3_y0u_f0und_th3_h1d3_b1k3 Whoa! The flag is already present in the binary! This is a typical “decoy” – the binary will only print the flag after a successful key check. The challenge is to bypass that check. 2.3 Disassembly (Ghidra/IDA) Opening the binary in Ghidra shows the following (pseudo‑C) reconstruction of the relevant functions: hdhub4ubike

puts(flag); return 0;

// compare with a secret stored in the .rodata section if (strcmp(key, secret_key) != 0) return 0; if __name__ == "__main__": main() Running the script

if (check_key(buf) == 0) puts("Invalid key!"); exit(1); The flag is already present in the binary

// vulnerable read – no length limit! read(0, buf, 0x100); // <‑‑ overflow possible