Challenge Description

We were given a binary file named the-gates-are-closed. The task was to inspect and analyze this file to find the hidden flag.

---

Step-by-Step Solution

Step 1: Identify the File Type

$ file the-gates-are-closed

the-gates-are-closed: ELF 64-bit LSB pie executable, x86-64, version 1 (SYSV),
dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2,
BuildID[sha1]=..., for GNU/Linux 3.2.0, not stripped

• 64-bit ELF executable, dynamically linked — loads shared libraries at runtime.
• Not stripped, so symbol names are available, making reverse engineering easier.

---

Step 2: Check File Permissions

$ ls -l the-gates-are-closed
$ chmod +x the-gates-are-closed
$ ./the-gates-are-closed

zsh: exec format error: ./the-gates-are-closed

The file wasn't executable initially. After chmod +x, running it directly threw an exec format error (wrong architecture).

---

Step 3: Load in radare2

$ r2 the-gates-are-closed
> aaa

aaa performs full analysis — identifying functions, symbols, and references.

---

Step 4: List Available Functions

> afl

0x00001060    1     33 entry0
0x00001149    1     22 sym.secretfunction
0x0000115f    1     31 main

Found the usual main and an interesting secretfunction.

---

Step 5: Analyse main

> pdf @ sym.main

lea rax, str.Nothing_is_going_on_here..._:D
call sym.imp.printf

main just prints "Nothing is going on here... :D" — a decoy.

---

Step 6: Analyse secretfunction

> pdf @ sym.secretfunction

lea rax, str.TklDQ3s0X1IzNGxfRmw0Z30=
call sym.imp.puts

secretfunction prints: TklDQ3s0X1IzNGxfRmw0Z30=

---

Step 7: Decode the String

The string looks like Base64.

$ echo "TklDQ3s0X1IzNGxfRmw0Z30=" | base64 -d

NICC{4_R34l_Fl4g}

---

Flag

NICC{4_R34l_Fl4g}

---

Conclusion

main printed a misleading message, but deeper analysis of secretfunction revealed a Base64-encoded string containing the flag.