You should have used something that can't be trivially solved with instruction counting. A fixed memcmp would require more work.

Way to spoil the fun for everyone else.

I took care not to post the solution, so you are still free to try it the hard way.

I filled this issue quickly and laconically in the hopes that it wouldn't be hard for the author to replace the strlen with a loop using a fixed number of steps. The cool thing about this obfuscation scheme, if I understand it correctly, is that it should not be possible to differentiate between conditional branches just by counting instructions.

Hopefully the author does replace it. But in general even mentioning what you did in the first comment can leak some information, so I'd be careful. It's always more fun to let everyone take a shot with a blank slate. :)

Thanks, added a new version; same as original, but with a new key and constant time strcmp. Should prevent the easiest solutions.

great !