OK so the binary got patched 4 times lol, I'll just pretend I solved it from the first one
The header reads: mCTZ, indicated the rest of the binary is compressed with 'zstandard'. We can use zstd to uncompress and read the image. It has 2 sections: scode and sin. SIN is ROM (i thought it was input, causing me to delay my solve by at least 3 hours lmao) and SCODE is the code of the program. Extracting the data from these blocks, we can use the specification at https://github.com/Kantaja/MedeaCTF to break down the logic of the program.
Accept input
Call function at 0x3E
The functions reads input into SMAIN (general memory) one char at a time until it reaches a newline, and then returns the length of the string by counting the iterations.
If length of the input != 0x0C, print "Incorrect length!" and die
Else, loop through each char of the input with the corresponding char in SIN.
Take the 2s complement of the SIN char.
XOR ~SIN with the input char
Output the result & 0xFF
And with 0xFF causes no changes to a value, so that can be ignored. We can skip the twos complement bit by prematurely XORing every value in SIN with 0xFF. Therefore the program becomes INPUT ^ SIN = OUTPUT.
However, we dont have any information about input or output beyond their lengths, EXCEPT that OUTPUT is wrapped in flag format. Therefore we can express it as