Angstrom CTF 2021: Free Flags

TL;DR

The binary asks a sequence of questions with fixed expected answers.
There is no cryptography or real reversing required.
Inputs are checked directly against hardcoded constants.
Supplying the correct values passes all checks.
The program prints the flag immediately after the final prompt.

Video Walkthrough

Challenge Description

Clam was browsing armstrongctf.com when suddenly a popup appeared saying "GET YOUR FREE FLAGS HERE!!!" along with a download. Can you fill out the survey for free flags?

Solution

from pwn import *

def start(argv=[], *a, **kw):
    if args.GDB:  # Set GDBscript below
        return gdb.debug([exe] + argv, gdbscript=gdbscript, *a, **kw)
    elif args.REMOTE:  # ('server', 'port')
        return remote(sys.argv[1], sys.argv[2], *a, **kw)
    else:  # Run locally
        return process([exe] + argv, *a, **kw)

# Specify your GDB script here for debugging
gdbscript = '''
init-pwndbg
continue
'''.format(**locals())

# Set up pwntools for the correct architecture
exe = './free_flags_bin'
# This will automatically get context arch, bits, os etc
elf = context.binary = ELF(exe, checksec=False)
# Enable verbose logging so we can see exactly what is being sent (info/debug)
context.log_level = 'debug'

# ===========================================================
#                    EXPLOIT GOES HERE
# ===========================================================

# Start program
io = start()

io.sendlineafter('What number am I thinking of???', '31337')
io.sendlineafter('What two numbers am I thinking of???', '419\n723')
io.sendlineafter('What animal am I thinking of???', 'banana')
io.recvuntil("here's the FREE FLAG:\n")

# Get our flag!
flag = io.recv()
success(flag)

Flag: actf{what_do_you_mean_bananas_arent_animals}