Gorbino's quest of life — pingCTF 2026

Description

Gorbino's quest of life

Files provided:

• ELF 64-bit LSB PIE executable, x86-64, not stripped

The binary reads a string with scanf and validates it through a complex multi-threaded cellular automaton simulation. The challenge name hints at Conway's Game of Life, but the actual implementation is a second-order reversible variant.

Analysis

Binary overview

$ file chall
chall: ELF 64-bit LSB pie executable, x86-64, not stripped

$ nm chall | grep -E "thrd_|mtx_|cnd_"
                 U cnd_broadcast
                 U cnd_wait
                 U mtx_lock
                 U mtx_unlock
                 U thrd_create
                 U thrd_join

The binary uses C11 thread primitives for parallel simulation. Main reads input with scanf and calls TheStrongDecideTheNatureOfSin to validate.

Input encoding (AGoodPartyRequiresABloodSacrifice)

The function AGoodPartyRequiresABloodSacrifice allocates a 48x64 byte grid and encodes the input:

• First up-to-64 input characters become columns (column index = character position)
• Rows 0..7 store bits 0..7 of each byte (LSB at row 0)
• Rows 8..47 are initialized to zero
• Task statement hints input is <64 characters including the ping_ prefix

This creates a bit-plane representation where each character occupies one column, with its 8 bits spread vertically across rows 0-7.

Rule extraction (GAME table at 0x3100)

The GAME table contains ASCII '0' and '1' values encoding a totalistic Life-like rule:

Index:  0  1  2  3  4  5  6  7  8
Birth:  0  0  0  1  0  0  0  0  0   (birth on exactly 3 neighbors)
Survive: 0  0  0  1  1  0  0  0  0  (survive on 3 or 4 neighbors)

This gives the first-order rule B3/S34 — similar to standard Life (B3/S23) but with survival extended to 4 neighbors.

Critical insight: second-order reversible automaton

...