Reverse Engineering - unpackme.py - writeup
description
Can you get the flag?
Reverse engineer this Python program.
writeup
Let’s download the python program first.
1
| wget https://artifacts.picoctf.net/c/470/unpackme.flag.py
|
I will try to reverse engineer this python code …
If we take a look at the code:
1
2
3
4
5
6
7
8
9
10
11
| import base64
from cryptography.fernet import Fernet
payload = b'gAAAAABiMD1Ju5_eZeZy7C03K_YcWGDGXfvy5A9b5HzV-uZIYN8syTFGHgLwoRonYtCS0WcDrufxRRXlvNKtyEMqMS0AADLcRNr6VYpLLbKaETF37L22GEg1ok8NutHXK6gy47sBLmxmWWU729b86rzK6IMc2Kg-CR0bMm_fzrbRrWEYSk0WRNnKxy7Juuy-Ss2RjbACKgbwL7HNGATu3hYuPflf3PCKztLRFXCBxijKncKZgt68wYhGnPAzYvUVrdhhtMg9ra7ZKIirltPfKC8iX2DqmR9vVA=='
key_str = 'correctstaplecorrectstaplecorrec'
key_base64 = base64.b64encode(key_str.encode())
f = Fernet(key_base64)
plain = f.decrypt(payload)
exec(plain.decode())
|
We can see that some part of the code is missing.
That part is encoded using base64 with a key.
Here is the part that encodes the code:
1
2
3
| f = Fernet(key_base64)
plain = f.decrypt(payload)
exec(plain.decode())
|
We can simply go ahead and modify the program
to show us the encoded code in plaintext:
We get this:
1
2
3
4
5
6
| pw = input('What\'s the password? ')
if pw == 'batteryhorse':
print('picoCTF{175_chr157m45_616d21a3}')
else:
print('That password is incorrect.')
|
This is the part that was missing.
And we can immediately see the flag:
1
| picoCTF{175_chr157m45_616d21a3}
|