Let's say that if you got the wrong flag, you did it wrong. I know is like wt*. Enjoy :)
Flag format: CTF{sha256}
CTF{b5858f16d9e3174a367ad5beecb171dcd8e2494d6edcc7a8caa7be2082a2a31f}
Deobfuscate using uncompyle6, and run the result after modifying a function, to get the flag.
After deobfuscating the .pyc with uncompyle6, we get the code:
# Python bytecode 3.6 (3379)
# Decompiled from: Python 3.7.12 (default, Nov 17 2021, 17:34:55)
# [GCC 10.2.1 20210110]
# Embedded file name: ./chall.py
# Compiled at: 2021-09-22 21:48:10
# Size of source mod 2**32: 1508 bytes
import hashlib
version = 'Python 3.6.9'
def sauhd982w1d3jg23fwue(O0O0000O000O0OO0O, O000OO0O0OO0OOO00=2):
O0O00O00O000OOOO0 = O0O0000O000O0OO0O.encode('utf-16-be')
OO0O000OO0OO0OOOO = []
for OOO0O0OOOOOOOOO0O in range(0, len(O0O00O00O000OOOO0), O000OO0O0OO0OOO00):
OO0O0O0OO0O0OO000 = O0O00O00O000OOOO0[OOO0O0OOOOOOOOO0O:OOO0O0OOOOOOOOO0O + O000OO0O0OO0OOO00]
OO0O000OO0OO0OOOO.append(int.from_bytes(OO0O0O0OO0O0OO000, 'big'))
return str(OO0O000OO0OO0OOOO)[1:-1]
def crazy_lol():
if 'aaaaaaaaaaaaaaaaaaaa' is 'aaaaaaaaaaaaaaaaaaaa':
if 'a' * 21 is 'aaaaaaaaaaaaaaaaaaaaa':
return 'yuli'
else:
return 'w3y'
else:
return 'opl'
wufcwruewfhdwb = crazy_lol()
uehrgeriufqodhqf = 'xWjoy'
ourhecnuqwhdi = 'L3Hu'
uwoehsdia9j02m20 = sauhd982w1d3jg23fwue('ă')
fh983hf29hd28fh93 = 'ABvS'
jd2w0d9j20dwj22djc3grh = 'fmVeZ'
password = wufcwruewfhdwb + uehrgeriufqodhqf + ourhecnuqwhdi + uwoehsdia9j02m20 + fh983hf29hd28fh93 + jd2w0d9j20dwj22djc3grh
password_input = input('Enter password to get the correct flag: ')
if password == password_input:
print('CTF{' + hashlib.sha256(password.encode('utf-8')).hexdigest() + '}')
else:
print('CTB{' + hashlib.sha256(password_input.encode('utf-8')).hexdigest() + '}')
# okay decompiling chall.cpython-36.pyc
We try deobfuscating:
# Python bytecode 3.6 (3379)
# Decompiled from: Python 3.7.12 (default, Nov 17 2021, 17:34:55)
# [GCC 10.2.1 20210110]
# Embedded file name: ./chall.py
# Compiled at: 2021-09-22 21:48:10
# Size of source mod 2**32: 1508 bytes
import hashlib
version = 'Python 3.6.9'
def sauhd982w1d3jg23fwue(data, amount=2):
encoded = data.encode('utf-16-be')
result = []
for i in range(0, len(encoded), amount):
enc = encoded[i:i + amount]
result.append(int.from_bytes(enc, 'big'))
return str(result)[1:-1]
def crazy_lol():
if 'aaaaaaaaaaaaaaaaaaaa' is 'aaaaaaaaaaaaaaaaaaaa':
if 'a' * 21 is 'aaaaaaaaaaaaaaaaaaaaa':
return 'yuli'
else:
return 'w3y'
else:
return 'opl'
wufcwruewfhdwb = crazy_lol()
uehrgeriufqodhqf = 'xWjoy'
ourhecnuqwhdi = 'L3Hu'
uwoehsdia9j02m20 = sauhd982w1d3jg23fwue('ă')
fh983hf29hd28fh93 = 'ABvS'
jd2w0d9j20dwj22djc3grh = 'fmVeZ'
password = wufcwruewfhdwb + uehrgeriufqodhqf + ourhecnuqwhdi + uwoehsdia9j02m20 + fh983hf29hd28fh93 + jd2w0d9j20dwj22djc3grh
print(password)
password_input = input('Enter password to get the correct flag: ')
if password == password_input:
print('CTF{' + hashlib.sha256(password.encode('utf-8')).hexdigest() + '}')
else:
print('CTB{' + hashlib.sha256(password_input.encode('utf-8')).hexdigest() + '}')
# okay decompiling chall.cpython-36.pyc
After running, we get: CTF{a89eaecced70954fb2ca4ed80bf6869a9da602fe568d414f30f62a4c42bb2ee7} but it looks like it doesn’t work…
We then try modifying wufcwruewfhdwb to be either ‘yuli’, ‘w3y’ or ‘opl’. The second one, w3y, is the correct one and we get the flag:CTF{b5858f16d9e3174a367ad5beecb171dcd8e2494d6edcc7a8caa7be2082a2a31f}
I think the reason w3y is the correct one is because uncompyle6 interprets the if 'a' * 21 is 'aaaaaaaaaaaaaaaaaaaaa' bit of code in a different way, which makes the statement false. However, if 'aaaaaaaaaaaaaaaaaaaa' is 'aaaaaaaaaaaaaaaaaaaa' this will always be true, no matter the compiler.