Serpentine

Description

Solution

1. Step 1Identify the bug
   Run the script and press 'b'. Instead of printing the flag, it prints a message saying it called the wrong function. Open the source and find the 'b' branch -- it calls a placeholder print statement instead of print_flag().
   python3 serpentine.pyCopied!
   Learn more

   This challenge teaches a fundamental debugging skill: reading error messages and tracing program flow. The script runs without crashing (no syntax error), but produces the wrong output -- a logic bug rather than a syntax error. Logic bugs are often harder to find because the interpreter cannot detect them; only you can, by understanding what the code should do versus what it actually does.

   The menu-driven structure (options a, b, c, etc.) is a common pattern in interactive scripts and command-line tools. Each option maps to a branch in an if/elif/else chain. When a branch calls the wrong function or omits a function call entirely, the user sees unexpected behavior rather than a crash.

   A key technique here is reading the source before running. Once you know the script has a "b" option that should print the flag, you can search for that branch in the code and immediately see what it actually does -- without needing to run and interact with the script repeatedly.

2. Step 2Fix the 'b' branch
   In the elif branch for option 'b', replace the incorrect print statement with a call to print_flag(). The function is already defined at the top of the script.
   Learn more

   Functions in Python are reusable blocks of code defined with the def keyword. Calling a function means invoking its code by name with parentheses: print_flag(). Omitting the parentheses references the function object without calling it -- a common mistake that produces no error but also does nothing useful.

   The bug in this script is that the b branch contains a print() statement (or calls some other function) instead of print_flag(). This might have been an intentional challenge design -- simulating the kind of copy-paste error or incomplete implementation that happens in real codebases.

   When fixing bugs in unfamiliar code, the safest approach is to make the smallest possible change that corrects the behavior -- in this case, a single line replacement. Larger refactors risk introducing new bugs or changing behavior in unintended ways.

3. Step 3Run the fixed script
   Execute the fixed script and press 'b' at the menu. print_flag() is called and the flag is printed.
   python3 serpentine.pyCopied!
   Learn more

   Verifying the fix by running the script confirms the entire chain works: the menu is displayed, option 'b' is accepted, the correct branch is executed, print_flag() is called, and the flag appears. This end-to-end verification is essential -- a fix that eliminates the error message but fails to produce the flag has not actually solved the problem.

   The challenge name "serpentine" is a reference to Python (whose logo is a snake). The word also implies winding, twisting paths -- mirroring the indirect route to the flag caused by the misdirected function call. Many picoCTF challenge names are puns or thematic references worth noting.

   The broader skill here is code modification: reading existing code, understanding its intent, identifying where it deviates from that intent, and making a targeted correction. This is the daily work of software debugging and is directly applicable to reverse engineering challenges where you modify or patch programs to change their behavior.

Flag

picoCTF{...}

The fix is a one-line edit -- understanding what a function does versus what the code currently calls is the core skill tested here.