picoCTF 2022 | bloat.py Write-up

Challenge description

Can you get the flag? Run this Python program in the same directory as this encrypted flag.

Category: Reverse Engineering


Our first step after downloading the files will be to look through the python program.

That’s a lot to take in

The code here is purposefully written to be confusing for the reader, with the aim of obfuscating the program’s true purpose.

I’ll try to run some segments of this program to see what I’m working with.

So that spells out “happychance”
And this means “That password is incorrect”

Repeating this process a few times allowed me to clean up the program a little bit.

That’s a lot better

With this, we can see that if we give the program the correct password (happychance), it will print out the flag. As with the patchme.py challenge, however, I prefer to just edit out the password check entirely.

Small changes to arg232 and arg133

And now, run the modified program to get the flag.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: