picoCTF 2022 | patchme.py Write-up

Challenge description

Can you get the flag? Run this Python program in the same directory as this encrypted flag.

Category: Reverse Engineering


First thing first, let’s download the two provided files. I used wget for this.

Attempting to run the python script will prompt us for a password, which we don’t yet have. Instead, let’s look into the python code:

The most important snippet of code

Here is the part of the python script that checks if we entered the correct password and if so, decodes and prints the flag.

We have two approaches here. First, we can see the password (ak98-=90adfjghj321sleuth9000) in plaintext, we can run the script again and provide it with the above password. Alternatively, you can modify the script to skip the password check altogether. I’ll go for the second approach, mainly because it sounds more fun.

Now the script will give me the flag when 1 = 1, which is always true.

And there we have it

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: