Warmed Up picoCTF 2019 Solution

Description

1. Step 1Convert hex to decimal with Python
   0x3D breaks down as 3*16 + 13 = 61. Python's int() with base 16 converts hex strings directly: int('0x3D', 16) returns 61.
   python

   python3 -c "print(int('0x3D', 16))"

   Copied!
   Learn more

   Hexadecimal (base 16) is the number system most commonly used in computing and security. It uses sixteen digits: 0-9 for values 0-9, and A-F (or a-f) for values 10-15. The prefix 0x is the conventional way to indicate a hexadecimal number in source code and shell environments.

   Converting hex to decimal manually: multiply each digit by its positional power of 16 and sum the results. For 0x3D: the digit 3 is in the 16's place (3 × 16 = 48), and the digit D (= 13) is in the 1's place (13 × 1 = 13). Sum: 48 + 13 = 61.

   Why hexadecimal matters in security:

   • Each hex digit represents exactly 4 bits (a nibble), so 2 hex digits = 1 byte
   • Memory addresses, opcodes, file offsets, and color codes are all conventionally written in hex
   • Hash values (MD5, SHA-256) and cryptographic keys are displayed as hex strings
   • Network packets and binary file formats are analyzed in hex editors

   Python's int(x, base) function converts any string to an integer in the given base. Similarly, hex(n) converts an integer to its hex string, bin(n) gives binary, and oct(n) gives octal. For quick conversions in the shell, printf '%d\n' 0x3D or echo $((16#3D)) both work without Python.

   Mental math shortcuts for hex-to-decimal conversion are worth developing. The letters A through F have fixed values to memorize: A=10, B=11, C=12, D=13, E=14, F=15. For two-digit hex numbers, the left digit is multiplied by 16 and added to the right digit's value. With practice, values like 0xFF=255, 0x80=128, 0x7F=127, and 0x100=256 become instantly recognizable - these specific values are critical landmarks in security because they mark boundaries for signed/unsigned byte overflow.

   In binary exploitation and memory analysis, nearly every value you encounter is expressed in hexadecimal. Stack addresses like 0x7ffe3a2b1c40, heap allocations, function pointers, and opcodes in disassembly listings are all hex. Being able to mentally convert between hex and decimal (especially for small values) speeds up understanding of buffer overflows, where you need to know exactly how many bytes fit before an overflow occurs. The value 0x41(decimal 65, ASCII "A") is a classic canary in buffer overflow testing because a pattern of 0x41 bytes in a crash dump is immediately visible.

   Hexadecimal in networking and cryptography is equally ubiquitous. IPv6 addresses are written in hex groups separated by colons. MAC addresses use hex octets separated by colons or hyphens. SHA-256 hash outputs are 64 hex characters (256 bits). TLS session IDs, certificate serial numbers, and AES keys are all stored and transmitted as hex-encoded byte strings. Fluency with hex conversion is not just a CTF skill - it is a foundational competency for any security professional working at the protocol or binary level.

Alternate Solution

Flag

0x3D = 3*16 + 13 = 61. Python's int(x, 16) converts hex strings to decimal.