\> PicoCTF 2022 Writeups

This website contains Jackwin Hui's writeups for the 2022 PicoCTF competition.

PicoCTF2022 - unpackme.py

Description

Can you get the flag? Reverse engineer this Python program.

Information

Point Value: 100 points

Category: Reverse Engineering

Hints

(None)

Solution

After downloading the Python program and the encrypted flag, we run the Python program in the terminal. Running the program gives us a prompt "Please enter correct password for flag: ". We go back to the Python program and see a function that checks for the user password and an if statement as follows: if (user_pw == "ak98" +
    "-=90" +
    "adfjhgj321" +
                 "sleuth9000"): From this, we can see that the password is the string "ak98-=90adfjhgj321sleuth9000". Entering this back into our terminal gives us the flag. jackwin@COMPUTER ~ % python3 patchmeFlag.py
Please enter correct password for flag: ak98-=90adfjhgj321sleuth9000
Welcome back... your flag, user:
picoCTF{p47ch1ng_l1f3_h4ck_c4a4688b}

Flag

picoCTF{p47ch1ng_l1f3_h4ck_c4a4688b}