First, reverse target : "dekarc_demongysoihp_138"
Decompile main :
Now for each char c in reversed target:
$ python3 solve.py CTF{d1g1t4l_f4c3_831} $ ./physiognomy Enter digital physiognomy key: CTF{d1g1t4l_f4c3_831} Flag: CTF{d1g1t4l_f4c3_831} Matches expected output. Flag CTF{d1g1t4l_f4c3_831} Note: The number 831 appears as part of the intermediate constant string 831_physiognomy_cracked , likely referencing the challenge ID or a magic value.
$ file physiognomy physiognomy: ELF 64-bit LSB executable, x86-64, dynamically linked, stripped $ checksec physiognomy Arch: amd64 RELRO: Partial RELRO Stack: No canary found NX: NX enabled PIE: No PIE Crack Digital Physiognomy 1 831
flag = ''.join(flag_chars) print(flag)
No PIE means addresses are fixed – good for static analysis. // custom obfuscation function if (strcmp(expected
transform(input, expected); // custom obfuscation function if (strcmp(expected, "831_physiognomy_cracked") == 0) { printf("Flag: %s\n", input); } else { puts("Access denied."); } return 0; }