Am in similar situation - have a binary without headers (so it won’t debug). Only a few functions which do pretty trivial XOR’ing. Since I can’t debug, I can’t tell how many bytes long the XOR key is, or whether it is rolling.
I’ve been told the flag is pretty obvious - but at least in my reversing (and manual attempts at decrypting the flag from memory) of this binary in IDA - it isn’t popping out.
Anyone know whether pasting the sha256 hash of the binary recovered from twitter is considered a spoiler? You know, to verify I got all the tweets correct (since it is no longer trivial to get a Twitter developer account).