Here’s the meat of the crackme. Inside the “xxx” function the password is generated:
If we step through this function in gdb we can see the generated string is “isAAthisFunBBCCD”
Another good way to solve this is by tracking the library calls using ltrace
You can see here that the string “isAAthisFun” appears as the return value for the last strcat() being called right before the password check.
And that’s the password! That’s it!