PicoCTF Writeup – fixme1.py

by Posted on

# Information:

CTF Name: PicoCTF

CTF Challenge: fixme1.py

Challenge Category: General Skills

Challenge Points: 100

Beginner picoMini 2022.

# Used Tools:

  • Python3

# Challenge Description:

Fix the syntax error in this Python script to print the flag. Download Python script

Hints:

Hint 1
Indentation is very meaningful in Python
Hint 2
To view the file in the webshell, do: $ nano fixme1.py
Hint 3
To exit nano press Ctrl and x and follow the on-screen prompts.
Hint 4
The str_xor function does not need to be reverse engineered for this challenge.

# Writeup:

This is a challenge to help learn how to read python code.

As you probably know, python is a language that uses indentation to identify blocks of code. In java, they use {}, in python indentation.

Below you have the python3 code:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
import random
def str_xor(secret, key):
    #extend key to secret length
    new_key = key
    i = 0
    while len(new_key) < len(secret):
        new_key = new_key + key[i]
        i = (i + 1) % len(key)        
    return "".join([chr(ord(secret_c) ^ ord(new_key_c)) for (secret_c,new_key_c) in zip(secret,new_key)])
flag_enc = chr(0x15) + chr(0x07) + chr(0x08) + chr(0x06) + chr(0x27) + chr(0x21) + chr(0x23) + chr(0x15) + chr(0x5a) + chr(0x07) + chr(0x00) + chr(0x46) + chr(0x0b) + chr(0x1a) + chr(0x5a) + chr(0x1d) + chr(0x1d) + chr(0x2a) + chr(0x06) + chr(0x1c) + chr(0x5a) + chr(0x5c) + chr(0x55) + chr(0x40) + chr(0x3a) + chr(0x58) + chr(0x0a) + chr(0x5d) + chr(0x53) + chr(0x43) + chr(0x06) + chr(0x56) + chr(0x0d) + chr(0x14)
  
flag = str_xor(flag_enc, 'enkidu')
  print('That is correct! Here\'s your flag: ' + flag)

By performing a quick read of the code. I noticed a miss indentation on the last line, the print.

The previous line is in the “normal” block, not inside any function or anything. And what is done on that line is simply assign the variable flag to a string value.

After that line, we have a print with 2 spaces (some indentation). However, this print is also on the “normal” block, therefore it should be on the same “level” (indentation speaking) as of the flag variable.

To solve this, I simply fixed the indentation by removing the 2 spaces before the last print.

Below you have the last part (fixed) of the code snippet above:

flag = str_xor(flag_enc, ‘enkidu’)

print(‘That is correct! Here\’s your flag: ‘ + flag)

And the flag is:

Show flag
picoCTF{1nd3nt1ty_cr1515_6a476c8f}

If you want to checkout the code for the python 3 script with me solution, take a look here.

Thank you very much for reading!

Cheers,

MRegra

Author Profile
MRegra Silva
Related Posts

Published by MRegra Silva

Leave a Reply

Your email address will not be published. Required fields are marked *