Description
Investigate the binary and encoded text file. Decode the data to find the flag.
Setup
Download both the binary and the encoded data file.
wget <url>/mysterywget <url>/encodedDatachmod +x mysterySolution
Walk me through it- Step 1Examine both filesRun file and strings on the binary. Run xxd on the encoded data file to understand its format. The binary likely reads and decodes the data file.bash
file mysterybashstrings mysterybashxxd encodedData | head -20bash./mystery encodedDataLearn more
When a challenge provides both a binary and a data file, the binary typically demonstrates the encoding. Run it on the data file and observe the output. Then reverse the encoding using Ghidra analysis of the binary.
- Step 2Reverse engineer the encodingOpen the binary in Ghidra. Find the encoding/decoding function. Understand the transformation applied to each byte or block of the input data.bash
ghidra mystery &Learn more
Common encoding schemes: base64, hex encoding, XOR with a fixed key, bitwise rotation, custom alphabet substitution. Look for patterns in the encoded data - regular character sets suggest base64 or hex, while binary blobs suggest XOR or rotation.
- Step 3Decode the dataWrite a Python script implementing the reverse of the encoding and apply it to encodedData to reveal the flag.python
python3 << 'EOF' with open('encodedData', 'rb') as f: data = f.read() # Apply reverse encoding (fill in from Ghidra analysis) decoded = bytes(b ^ 0xFF for b in data) # example: XOR with 0xFF print(decoded.decode('ascii', errors='replace')) EOFLearn more
Always verify your decoding by checking if the output contains printable ASCII and the picoCTF flag pattern. If the output is mostly garbage, the encoding direction or key is wrong.
Flag
picoCTF{...}
Reverse engineer the encoding binary in Ghidra to understand the transformation, then decode the data file to get the flag.