picoCTF Solutions
Beginner picoMini 2022General SkillsEasy

Glitch Cat

Published: April 2, 2026

Description

Our flag printing service has glitched! Connect to the server and decode the output.

Setup

Remote

Connect with netcat to receive the glitched flag.

nc saturn.picoctf.net <PORT>

Solution

  1. Step 1Connect and receive the output
    Connect with netcat. The server sends a string like: 'picoCTF{gl17ch_m3_n07_' + chr(0x61) + chr(0x34) + chr(0x39) + ... where some characters are expressed as Python chr() calls instead of literals.
    nc saturn.picoctf.net <PORT>
    Learn more

    netcat (nc) is a lightweight networking utility that opens a raw TCP or UDP connection and passes data between your terminal and the remote host. It is sometimes called the "Swiss army knife of networking" because it can act as both a client and a server, making it invaluable for CTF challenge connections, port scanning, and debugging network services.

    The server here sends a Python expression rather than a plain string. This is a form of light obfuscation -- the flag is technically present in the output, but not immediately human-readable because some characters are encoded as chr() calls with hexadecimal arguments. The challenge teaches you to recognize this pattern and reverse it.

    Hexadecimal arguments like 0x61 are common in low-level contexts: 0x61 is 97 in decimal, which is the ASCII code for the lowercase letter a. Understanding the relationship between hex values and ASCII characters is a core CTF skill used constantly in reverse engineering and binary exploitation.

  2. Step 2Evaluate the Python expression
    Copy the full output and run it as a Python print statement. Python evaluates the chr() calls and string concatenation, assembling the complete flag.
    python3 -c "print('picoCTF{...}')
    Learn more

    chr() is Python's built-in function that converts an integer to the corresponding Unicode character. For values 0–127, Unicode matches ASCII exactly, so chr(0x61) returns 'a', chr(0x7d) returns '', and so on. Its inverse is ord(), which converts a character back to its integer code point.

    The python3 -c "..." flag lets you run a Python one-liner directly from the shell without creating a file. This is extremely useful for quick calculations, decoding, and scripting during CTF challenges. The expression is evaluated exactly as if it were in a .py file.

    String concatenation with + in Python joins strings left to right. The server is effectively building the flag character by character -- mixing literal substrings with chr()-encoded characters -- and printing the resulting expression instead of the evaluated result. Wrapping it in print() forces Python to evaluate and display the assembled string.

Flag

picoCTF{...}

chr() converts an integer to its Unicode character -- the server 'obfuscates' parts of the flag by expressing them as Python chr() calls rather than literal characters, but evaluating the expression immediately reveals them.

More General Skills