# Fast Calculator - rev
One binary file is given. 64bit ELF file, compiled with golang.
```c=
while ( 1 )
{
do
{
while ( 1 )
{
printf("Enter your operation: ", v8, v28, v29, v30, v31, v63, v64, v65, v66);
while ( 1 )
{
v8 = &v74;
if ( _isoc99_scanf(" %lf %c %lf", &v74, &v67, v75, v32, v33, v63) == 3 )
break;
while ( getchar() != 10 )
;
printf("Enter your operation: ", &v74, v34, v35, v36, v37);
}
if ( v67 == '+' || v67 == '-' || v67 == '*' || v67 == '/' || v67 == '%' || v67 == '^' )
break;
puts("Invalid operation!", &v74, v38, v39);
}
LODWORD(v79) = v67;
v80 = v74;
v81 = v75[0];
v76 = calculate(" %lf %c %lf", &v74, v38, v39, v40, v41, *v75, v3, v4, v5, v42, v43, v6, v7, v67, v74, *v75);
printf("Result: %lf\n", &v74, v44, v45, v46, v47, v76);
v48 = v76;
}
while ( v76 != 8573.8567 );
```
Throwing binary into ida and checking the pseudo code, you can see that the calculation formula is input first, calculated with the `calculate` function, and then repeated until the result is `8573.8567`.
```c=
enc_data = &v63;
j_memcpy(&v63, v83, v70);
flip_count = 0;
for ( i = 0; i < operations_length; ++i )
{
v48 = calculate(...v82[3 * i],*&v82[3 * i + 1],*&v82[3 * i + 2]);
if ( gauntlet(v48) )
{
i_div = i / 8;
v52 = (1 << (7 - i % 8)) ^ enc_data[i / 8];
enc_data[i_div] ^= 1 << (7 - i % 8);
++flip_count;
}
}
v8 = operations_length;
printf("I calculated %d operations, tested each result in the gauntlet, and flipped %d bits in the encrypted flag!\n",operations_length,flip_count);
puts("Here is your decrypted flag:\n", v8, v57, v58);
printf("%s\n\n", enc_data, v59, v60, v61, v62);
```
enc_data -> `encrypted flag`
v82 -> `0x00000000004B8240`
If the result is 8573.8567, the loop is end, and an operator symbol and two double-type numbers are taken from v82 and called as arguments of the `calculate` function. `gauntlet` function just checks if the number is negative.
so, each bit of encrypted flag is xored with 1 when the return value of calculate is negative.
That's all. But the final decrypted data is `uiuctf{This is a fake flag. You are too fast!}`. User input has no effect on the decryption.
With some guessing, I checked somethings
+ init_array -> just call `set_fast_math`
+ another array -> nop
+ swap the positions of each numbers -> nop
So I started debugging and I have encountered some peculiar operations in the calculate function.
In one specific calculation, when `-218.05xx` is divided by `218.05xx` using ``%``, the result is -0.0 (`0x8000000000000000`). However, the gauntlet function does not interpret this value as negative.
Similarly, in certain square operations, the result is -nan (`0xfff8000000000000`), but the gauntlet function does not consider it negative.
As far as I know, the result of the modulo operation is always negative if the dividend is negative. The same is true for squares.
I implemented the operation back in Python to handle these exceptions.
`solve script`
```python=
import struct
ops = open("./ops", "rb").read()
enc = open("./calc_out", "rb").read()
enc = list(enc)
c = 0
for i in range(0, len(ops), 24):
op = chr(ops[i])
n1, n2 = struct.unpack("<dd", ops[i + 8:i + 24])
if op in ["+", "-", "*", "/"]:
res = eval(f"n1 {op} n2")
elif op == "%":
res = -1 if n1 < 0.0 else 1
elif op == "^":
res = -1 if n1 < 0.0 else 1
if res < 0.0:
enc[c // 8] ^= 1 << (7 - c % 8)
c += 1
print(bytes(enc))
```
ops -> dumped 0x00000000004B8240 ~ 0x00000000004B8240+0x170 * 0x24
enc -> dumped v83 ~ v83+0x40
> uiuctf{n0t_So_f45t_w1th_0bscur3_b1ts_of_MaThs}
second blood ðŸ©¸ðŸ©¸