DownUnderCTF 2025 - Rev - Godot

In this challenge we're given file godot.tar.gz, after extracting we end up with two files "ductf_2025_godot_encrypted.exe" and "ductf_2025_godot_encrypted.pck". After executing exe file we have some game.

We had some parkour to do, there were some jumps that I couldn't pull off, so I decided to extract the project. There is handy tool for Godot games, called GDRETools, which we're going to use.

There is one major problem, as the name suggests, It's encrypted, so we can't simply recover it. We also need to set the encryption key, to decrypt it. I used the trick from this video to achieve it. https://www.youtube.com/watch?v=fWjuFmYGoSY So i imported the game to ghidra and searched for string "fae.is_null()\" is true. Returning: false". Then moved to the XRef function in that string. After that I searched for array being used in a for-loop and found the key 52d066de1115fc479e53fcf821715ad7db73e12df7e557833712136b4ff7529e.

Now let's go back to GDRETool, set encryption key and recover the project.

After extracting, we can now import project to Godot Engine and edit it. I analyzed everything in that project, looking for hidden string with flag, or some function, but couldn't find anything. There were also dialogue's that had problem importing, but also nothing was there to be found. Then I resized my project and found DUCTF, which is part of the flag.

But where is the rest? Clicking in the area we find TileMapLayer object with it's script

It has a lot of coordinates that is used to place a tile for that coordinate. Script is executed on start of the game, so let's see how it looks like. I moved our Character where the DUCTF is, also edited the zoom on our Camera so we would see more and ran the game.