We are given a small python code, here’s the relevant part
d = 0xf00d
The flag is then splitted into blocks of 2 bytes and encrypted using the encrypt function. We can recognize the encrypt as the Tiny Encryption Algorithm, a very simple ARX block cipher.
We can also see that the key generation is done using 32 bit of randoms, so without trying to break the algorithm itself we wrote a bruteforce in C++ using the C code of TEA available on wikipedia. The only things to notice are that the round constant (
d in the code) is not the standard one and that all the computations are done on 16-bit integers instead of the standard 32-bit integers used in TEA. The following non-optimized C++ code retrieves the flag in 2 minutes on a 32 core machine, with almost zero memory usage.