Duy's Tinkerings

picoCTF 2022 | bloat.py Write-up

Challenge description

Can you get the flag? Run this Python program in the same directory as this encrypted flag.

Category: Reverse Engineering

Solution

Our first step after downloading the files will be to look through the python program.

That’s a lot to take in

The code here is purposefully written to be confusing for the reader, with the aim of obfuscating the program’s true purpose.

I’ll try to run some segments of this program to see what I’m working with.

So that spells out “happychance”

And this means “That password is incorrect”

Repeating this process a few times allowed me to clean up the program a little bit.

That’s a lot better

With this, we can see that if we give the program the correct password (happychance), it will print out the flag. As with the patchme.py challenge, however, I prefer to just edit out the password check entirely.

Small changes to arg232 and arg133

And now, run the modified program to get the flag.

Leguminosae

April 9, 2022

ctf, picoCTF, picoCTF 2022

picoCTF, picoCTF 2022, Reverse Engineering

Leave a Reply Cancel reply

Enter your comment here…

Fill in your details below or click an icon to log in:

Email (required) (Address never made public)

Name (required)

Website

You are commenting using your WordPress.com account. ( Log Out / Change )

You are commenting using your Twitter account. ( Log Out / Change )

You are commenting using your Facebook account. ( Log Out / Change )

Cancel

Connecting to %s

picoCTF 2022 | bloat.py Write-up

Challenge description

Solution

Share this:

Like this:

Leave a Reply Cancel reply