Challenge: To get around the globe in one night, you need to go fast. That is why Santa installed a turbo mode for his sleigh. To activate it, all you need is passcode. Not using the sled for a long time, he - unfortunately - forgot it. Help him unlock his sled’s turbo mode.

The attached file was osx.app.zip.

I don’t do an OSX work so I did not have much to start on. First looked into the zip file to get a feel of what is inside. There was no “xmas{” hit in any of the text file, and more or less everything was compiled down to a binary format. I decided to just take my chances with dissembling the Mach-O file. I extracted the “App” file and fed it into https://onlinedisassembler.com/.

I looked around functions a bit and if this was a similar challenge than the last two, I’d have issues… Reading up a bit on disassembling OSX executables I learned that the strings can be hidden, but that popular tools can reveal them. In the end I just got luck and found the answer in the strings section.

Flag: xmas{and_away_w3_goo0o!}

What did I learn: Online tools! CTFs will usually not complicate with walled garden systems (Apple). It’s usually simpler than you expect.