Warmed Up picoCTF 2019 Solution

Published: April 2, 2026

Description

What is 0x3D (hexadecimal) in decimal?

Solution

Want to try it yourself first?

The guided walkthrough reveals hints one step at a time.

Walk me through it
  1. Step 1
    Convert hex to decimal with Python
    Observation
    I noticed the challenge asked for the decimal value of 0x3D, which is a hexadecimal literal, so I needed a reliable base-16 to base-10 conversion; Python's int() with base 16 handles this directly and avoids manual arithmetic errors.
    0x3D breaks down as 3*16 + 13 = 61. Python's int() with base 16 converts hex strings directly: int('0x3D', 16) returns 61.
    python
    python3 -c "print(int('0x3D', 16))"

    Expected output

    61
    What didn't work first

    Tried: Manually treating each hex character as a decimal digit and summing them (3 + D = 3 + 13 = 16 instead of 61).

    Positional notation means each digit is weighted by its place value, not just added together. In base 16, the left digit 3 is in the 16s place (3 * 16 = 48) and D is in the 1s place (13 * 1 = 13), giving 61 - not 16.

    Tried: Running int('3D', 16) without the 0x prefix, or int('0x3D', 10) with base 10.

    int('3D', 16) actually works and returns 61, but int('0x3D', 10) raises a ValueError because '0x3D' is not a valid base-10 string. Python's int() only strips the 0x prefix automatically when the base argument is 16 or 0; passing base 10 with a hex-prefixed string causes an error instead of a conversion.

    Learn more

    Hexadecimal (base 16) is the number system most commonly used in computing and security. It uses sixteen digits: 0-9 for values 0-9, and A-F (or a-f) for values 10-15. The prefix 0x is the conventional way to indicate a hexadecimal number in source code and shell environments.

    Converting hex to decimal manually: multiply each digit by its positional power of 16 and sum the results. For 0x3D: the digit 3 is in the 16's place (3 × 16 = 48), and the digit D (= 13) is in the 1's place (13 × 1 = 13). Sum: 48 + 13 = 61.

    Why hexadecimal matters in security:

    • Each hex digit represents exactly 4 bits (a nibble), so 2 hex digits = 1 byte
    • Memory addresses, opcodes, file offsets, and color codes are all conventionally written in hex
    • Hash values (MD5, SHA-256) and cryptographic keys are displayed as hex strings
    • Network packets and binary file formats are analyzed in hex editors

    Python's int(x, base) function converts any string to an integer in the given base. Similarly, hex(n) converts an integer to its hex string, bin(n) gives binary, and oct(n) gives octal. For quick conversions in the shell, printf '%d\n' 0x3D or echo $((16#3D)) both work without Python.

    Mental math shortcuts for hex-to-decimal conversion are worth developing. The letters A through F have fixed values to memorize: A=10, B=11, C=12, D=13, E=14, F=15. For two-digit hex numbers, the left digit is multiplied by 16 and added to the right digit's value. With practice, values like 0xFF=255, 0x80=128, 0x7F=127, and 0x100=256 become instantly recognizable - these specific values are critical landmarks in security because they mark boundaries for signed/unsigned byte overflow.

    In binary exploitation and memory analysis, nearly every value you encounter is expressed in hexadecimal. Stack addresses like 0x7ffe3a2b1c40, heap allocations, function pointers, and opcodes in disassembly listings are all hex. Being able to mentally convert between hex and decimal (especially for small values) speeds up understanding of buffer overflows, where you need to know exactly how many bytes fit before an overflow occurs. The value 0x41(decimal 65, ASCII "A") is a classic canary in buffer overflow testing because a pattern of 0x41 bytes in a crash dump is immediately visible.

    Hexadecimal in networking and cryptography is equally ubiquitous. IPv6 addresses are written in hex groups separated by colons. MAC addresses use hex octets separated by colons or hyphens. SHA-256 hash outputs are 64 hex characters (256 bits). TLS session IDs, certificate serial numbers, and AES keys are all stored and transmitted as hex-encoded byte strings. Fluency with hex conversion is not just a CTF skill - it is a foundational competency for any security professional working at the protocol or binary level.

Interactive tools
  • Base64 & Base32 DecoderDecode Base64 and Base32 strings with auto-detection. Multi-layer mode unwraps nested encodings automatically.
  • Recipe ChainStack decoders into a pipeline: Base64, hex, ROT, XOR, Morse, URL, Atbash, Vigenère, and more. Magic mode auto-discovers the chain. Bookmark the URL to save it.
  • Number Base ConverterConvert numbers between binary, octal, decimal, and hexadecimal instantly. Enter any value and see all four bases update in real time.
Alternate Solution

Use the Number Base Converter on this site - enter 0x3D in the hex field and instantly see the decimal and binary equivalents without opening a Python interpreter.

Flag

Reveal flag

picoCTF{61}

0x3D = 3*16 + 13 = 61. Python's int(x, 16) converts hex strings to decimal.

Key takeaway

Hexadecimal is the universal language of low-level computing: memory addresses, opcodes, hash digests, cryptographic keys, and network protocol fields are all expressed in base 16. Each pair of hex digits encodes exactly one byte, making it a compact, human-readable representation of raw binary data. Fluency with base conversions is foundational for binary exploitation, network forensics, and cryptographic analysis, where recognizing boundary values like 0xFF (255) or 0x7F (127) instantly signals potential integer overflow conditions.

Related reading

Want more picoCTF 2019 writeups?

Useful tools for General Skills

What to try next