ZeroDays CTF 2024 RE - 1
For the first Capture The Flag (CTF) challenge, participants are presented with a singular file named 'mystery.pyc'.
Figure 1: Initial Challenge Sample
In Python, .pyc files represent compiled bytecode generated by the interpreter upon script import or execution. They facilitate direct execution by the interpreter without recurrent source code compilation, thus enhancing script execution speed, particularly for substantial scripts or modules. Once generated, .pyc files render .py files unnecessary unless subsequent edits are required.
Attempting to open a .pyc file in a text editor does not reveal any readable data or code.
Figure 2: Display of unintelligible data when opening the .pyc file in a text editor
The decompilation of this .pyc file into source code will be conducted using a tool called pycdc, accessible here.
Upon downloading the project, the instructions provided in the project's readme are followed to build the project and acquire pycdc.exe.
Figure 3: Depicts the compiled pycdc.exe binary
To execute pycdc in accordance with the readme instructions, utilize the following command format -
./pycdc [PATH TO PYC FILE]
Figure 4: Illustrates the decompiled mystery.pyc
This yields the following decompilation output -
def print_flag(): Unsupported opcode: JUMP_BACKWARD flag = [ 90, 101, 114, 111, 68, 97, 121, 115, 123, 112, 121, 99, 95, 100, 51, 99, 111, 109, 112, 49, 108, 51, 100, 125] # WARNING: Decompyle incomplete
The observed output comprises valid decimal representations convertible to ASCII characters. This can be effectively employed for flag reconstruction in CyberChef, specifically utilizing the "From Decimal" function.
Figure 5: Displays the decoded flag output achieved through CyberChef
This results in obtaining the flag. The acquired flag is as follows -
Flag - ZeroDays{pyc_d3comp1l3d}