We can start off by running ltrace, which runs a command and intercepts dynamic library & sys calls.
ltrace -i -C ./baby
We’re prompted and can start off by inserting random value, e.g.
A call to
strcmp is intercepted by
Let’s start by trying to pass
In this case it was just that simple, and we receive the flag.
There were probably a lot of additional ways this one could have been solved, and I think I got lucky by starting in this direction.