As task hints the challenge it is composed of three parts:

1)  restore the origianl ELF header that has been corrupted by placing some ‘CC’ in it comparing it with another ELF header that is known to be correct. (Corrupted part are for example SO/ABI part, version, class,…)

  1. after restoring the program and running it will ask us for a passphrase used to decrypt some data in it. After it decrypts the block it will show up that is is another ELF header with something hidden in it.

  2. like in the previous version of elf quest we have to find a way to extract some information from it. Now counting the number of times that each byte occurs like: 0x00 100 times or 0xff 5 times etc… we’ll get another corrupted ELF header but this time it contains a small decryption routine that will prints out the flag: CTF{bf7475cb1733885d35b60e13bc2d7b8f}

Razor4x