Skip to content
Startseite » picoCTF Transformation

picoCTF Transformation

This one is about the Transformation challenge on picoCTF.

On this challenge you get a file called ‘enc’ and a code snipped ''.join([chr((ord(flag[i]) << 8) + ord(flag[i + 1])) for i in range(0, len(flag), 2)]).

When you look at the content of the ‘enc’ file, you get some asian characters:

$ cat enc
灩捯䍔䙻ㄶ形楴獟楮獴㌴摟潦弸弲㘶㠴挲ぽ

My first attemp was ignoring the code snipped and paste the characters to some online translators like Google translate and deepl. It seems that the characters are not from one asian language but at least chinese and japanese… so this is not very helpfull.

So let’s take a look at the code. It’s a python oneliner which seems to do something with a flag. So since the category of this challenge is labeled as Reverse Engineering, we have to look what this code does with the flag and invert the logic.

So let’s take this oneliner a little bit apart:

# out = ''.join([chr((ord(flag[i]) << 8) + ord(flag[i + 1])) for i in range(0, len(flag), 2)])
# is the very same as:
flag = 'secret flag'
out = ""
for i in range(0, len(flag), 2):
  out += chr( (ord(flag[i]) << 8) + ord(flag[i + 1]) )

So what does this script do:

  • First of all, we need to have a secret flag stored in flag.
  • Then, we have a for loop which iterates over every second character of the flag, starting at position 0
  • inside the loop, it takes the character, convert it to its ASCII number representation, shift it 8 bits to the left, which is the same as multiply it with 256
  • take the next character and convert it to the ASCII number representation
  • add both numbers together
  • get the number back to a character
  • add it to the output

So all we have to do is invert the logic step by step with a python script:

encrypted_flag = "灩捯䍔䙻ㄶ形楴獟楮獴㌴摟潦弸弲㘶㠴挲ぽ"
flag = ""

for c in encrypted_flag:
  number = ord(c)
  second = number % 256
  first = int( (number - second) / 256 )
  flag += chr(first)+chr(second)

print(flag)

So what does our script do?

  • First of all save the encrypted flag in encrypted_flag
  • create an empty string for the decrypted flag
  • iterate with a for loop over every character of the encrypted_flag
  • inside the loop, take the character and get the number representation
  • get the remainder of dividing this number by 256 and save it as number of the every second character of the flag
  • take the number againg, substract the number of the second character, divide the result by 256 and convert the result from floating point to an integer value and save it as number of the every first character of the flag
  • get the character representation for every first and second integer value and concat it to the flag string
  • As the last step, print out the final decrypted flag

Congratulations. You’ve got another flag.

Leave a Reply

Your email address will not be published.