# Memory Investigation
{% file src="/files/Yx6h9wxDkxPNXP1QgywC" %}
**Category:** Reverse - **Points:** 100 - **Solves:**\
**Description:**\
It's all about execution.\
The flag is of the form HACKDAY{return}
**Solution:**\
To solve this challenge you need to find the return value.\
So to find the flag, we need to understand how the program work.\
To test him we put the command `./challenge1.elf` then `./challenge1.elf FLAG`. The results are here :\
\
Without *key* we received the "*Segmentation Fault*" message but with a *key* we have a good message.\
So to decompile and see the program code, we need to use **Ghidra** and find the good function who generate the flag (return).\
To find them, we use the "*Search* > *For Strings...* > *Search*" and write "*LUCK*" in the input to find the place :\
\
[](https://user-images.githubusercontent.com/91023285/163861434-f3e79ab9-b2dc-4fe0-bb67-4c5c8510ea35.png)\
With the decompile code (right part), we can see that's the *func2* function who generate the flag.\
So now we want to run the program with **gdb-peda** to break at the func2 and see the return value :\
🚩 FLAG
```
HACKDAY{BBBFFFF22BBBBBBJVZJV}
```
---
# Agent Instructions: Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter:
```
GET https://writeups.ayweth20.com/2022/hackday-qualifications/reverse/memory-investigation.md?ask=
```
The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.