BRONCO CTF Writeup
Table of Contents
Introduction⌗
This write-up covers two challenges I solved at BRONCO CTF. The first challenge, Reversing for Ophidiophilies, involved reversing a Python script to recover a flag. The second challenge, TheFlagIsHere, was a .pyc file that I decompiled to retrieve the flag.
Reversing for Ophidiophilies (Reverse Engineering)⌗
In this challenge, we were given the following Python code:
flag = input()
carry = 0
key = "Awesome!"
output = []
for i, c in enumerate(flag):
val = ord(c)
val += carry
val %= 256
val ^= ord(key[i % len(key)])
output.append(val)
carry += ord(c)
carry %= 256
print(bytes(output).hex())
The script took an input string (the flag) and processed it using a combination of addition, XOR, and modulo operations, then outputted a hex-encoded string. The objective was to reverse this process and retrieve the original flag.
I reverse-engineered the process by reversing the XOR operation and undoing the carry addition:
hex_string = "23a326c27bee9b40885df97007aa4dbe410e93"
encoded_bytes = bytes.fromhex(hex_string)
key = "Awesome!"
carry = 0
flag = []
for i, val in enumerate(encoded_bytes):
val ^= ord(key[i % len(key)]) # Reverse XOR operation
val = (val - carry) % 256 # Reverse addition with carry
flag.append(chr(val))
carry = (carry + val) % 256 # Update carry
original_flag = "".join(flag)
print("Recovered Flag:", original_flag)
Running the script produced the following output:
Flag: bronco{charge_away}
TheFlagIsHere (Reverse Engineering)⌗
This challenge provided a .pyc file, which I decompiled using
uncompyle6
. After decompiling, I skimmed through the code to find the flag:
The flag extracted from the script was:
Flag: bronco{br0nc0s3c_fl4g5_4r3_345y}