picoCTF 2022 | unpackme.py Write-up

Challenge description

Can you get the flag? Reverse engineer this Python program.

Category: Reverse Engineering


Since this is a reverse engineering problem, let’s start by looking at the code for this python program.

We can see a payload (seemingly encoded in base64), which will be decrypted using the key_str variable, itself encoded in base64.
After this, the decoded payload will be executed, so presumably, the payload itself is a small program.

Trying to run unpackme.flag.py confirms this theory:

It prompted me for a password

Going back to the python program, what if I were to just print out the decoded payload instead of executing it?

A slight modification to print out the decoded payload

Just as expected, the payload is a python script, and our flag is also there to grab.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: