"It's a keygen problem."

The challenge binary asked the user for a number and a sequence of numbers. The single number created a matrix the size of `2*n-1`

and the sequence of numbers filled this matrix in a unique order. If the sum of the column equaled the sum of each row, column, and diagonal, you knew your input was correct. The program *hashed* your input with a static array of values and printed this as the flag.

```
- key validating binary
```

I spent more time then necessary reversing the input hashing algorithm and the operations that were done on the input matrix generated. Especially because it turns out the solution to this challenege was pretty simple, a.k.a. C brute force works well. :]

(*C program for solution linked at the bottom.*)

```
1) Reverse out the algorithm used to hash the *correct* matrix solution with the flag array
2) Realize the hash function only iterated through the first 4 bytes of the flattened matrix
3) Rewrite the algorithm in C
4) Brute force the 4 byte input with the hash function and static array
5) flag :]
```

- reverse the matrix algorithm from the program
reverse the operations and results checked against the input matrix generated

- sum of first column must equal sum of all columns, rows, and diagonals
- the
`(0,0)`

and`(0,1)`

cells must be`9`

and`11`

respectively - the total sum of all sequence numbers must not be greater than the sum from
`[1,|s|]`

`Matrix Created: user input = {n, ...sequence (s)...} matrix size = 2*n-1 matrix filled with numbers (s) in the pattern shown below`

`for n = 3 and number sequence = s x x x x x x s1 s2 s3 x s4 s5 s16 s17 x s18 s19 s20 s21 x s22 s23 s24 s25 x s26 s27 s28`

reverse the flag hash function

`numArray = [...obfuscated flag bytes...] bruteArr[0] = X; bruteArr[1] = Y; bruteArr[2] = Z; bruteArr[3] = A;`

`void func(uint32_t * numArray, uint32_t * bruteArr){ uint32_t one = numArray[0]; uint32_t two = numArray[1]; uint32_t hex_13c6ef3720 = 0x9E3779B9 * 0x20; for ( int i = 0; i < 0x20; ++i ) // 32 iterations { two -= (one + (16 * one ^ (one >> 5))) ^ (hex_13c6ef3720 + bruteArr[(hex_13c6ef3720 >> 11) & 3]); hex_13c6ef3720 += 0x61C88647; one -= (two + (16 * two ^ (two >> 5))) ^ (hex_13c6ef3720 + bruteArr[hex_13c6ef3720 & 3]);// 3, 2, 1, 0, 3, 2, 1, 0 } numArray[0] = one; numArray[1] = two; }`

brute force

`2^32`

bytes checking for ascii`for (int i = 6; i < 26; i++){ if (flagbuf[i] < 0x21 || flagbuf[i] > 0x7e){ print = 0; break; } } if (print) printf("%s: %d,%d,%d,%d\n", flagbuf, one, two, three, four);`

```
sophias-MacBook-Air:clifford sophia$ gcc plaid2015_clifford_solver.c
sophias-MacBook-Air:clifford sophia$ ./a.out
FLAG: u8*HNemGS,E;LoEAy|N���G�I�B�PGVQ�� g< YP�e�
: 28,78,151,105
....
FLAG: too_bad_this_took_20_years_to_find!!
: 197,234,234,21
```