Rating: 4.0

PasswordGuesser THCON 2024

Challenge

password-guesser

Understanding the challenge

The description suggests that there is a secret hidden in the source code of the password-guesser and secret is given when we give password.
There is also a file password-guesser.elf
Maybe we have to decompile it to get the secret.
Assuming it is written in python lets move forward.

Solution

To decompile ELF file written in python there is a tool pyinstxtractor so lets decompile it using this tool.
Decompiled folder contains many files but we are interested in password-guesser.pyc because it is the main file and it contains the secret.
It is a compiled python file so we have to decompile it also.
It can be decompiled using tool 'uncompyle6'.
In the reveal function f1-f13 arranged in ascending order is the base64 encoded flag.

f1 = "Zm"
f2 = "xh"
f3 = "Zz1U"
f4 = "SEN"
f5 = "PTntz"
f6 = "b01V"
f7 = "Q0h"
f8 = "fNF90a"
f9 = "DNf"
f10 = "RklM"
f11 = "RV9z"
f12 = "aVozf"
f13 = "Q=="

base64 encoded flag

ZmxhZz1USENPTntzb01VQ0hfNF90aDNfRklMRV9zaVozfQ==

base64 decoded

flag=THCON{soMUCH_4_th3_FILE_siZ3}

flag : THCON{soMUCH_4_th3_FILE_siZ3}

Original writeup (https://github.com/2-quantum/THCON-2k24/blob/main/passwordguesser/passwordguesser.md).