picoCTF Solutions
picoCTF 2021General SkillsEasy

Static ain't always noise

Published: April 2, 2026

Description

Can you look at the data in this binary? Download static and ltdis.sh.

Setup

Download both static and ltdis.sh from the challenge page.

wget <url>/static
wget <url>/ltdis.sh

Solution

  1. Step 1Run ltdis.sh on the binary
    ltdis.sh is a wrapper around the strings utility that extracts all printable strings from the binary and saves them to a file named static.ltdis.strings.txt.
    bash ltdis.sh static
    Learn more

    The strings utility scans any binary file and extracts sequences of printable ASCII characters above a minimum length (default 4). This works because compiled programs often contain embedded text: error messages, URLs, version strings, author credits, and -- in CTFs -- flags. Even without source code, strings is one of the first tools any reverse engineer runs on an unknown binary.

    Shell scripts as wrappers: ltdis.sh is a bash script that wraps strings with specific options and redirects output to a predictably named file. Writing wrapper scripts around existing tools is a common Unix practice -- it standardizes arguments, captures output for later analysis, and makes workflows repeatable. The name "ltdis" likely stands for "light disassembly" or similar.

    Static vs. dynamic analysis: The challenge title "Static Ain't Always Noise" plays on two meanings of "static." In reverse engineering, static analysis means examining a binary without executing it -- reading its bytes, running strings, disassembling with objdump, or decompiling with Ghidra. Dynamic analysis means running the program and observing its behavior. Both are complementary and important skills.

  2. Step 2Search for the flag
    Grep the output file for the picoCTF prefix to locate the flag among all the extracted strings.
    grep pico static.ltdis.strings.txt
    Learn more

    grep (Global Regular Expression Print) searches text for lines matching a pattern. It's an indispensable Unix tool for filtering large outputs. In CTF work, grepping for known patterns like picoCTF, flag, or FLAG quickly filters thousands of lines of binary output down to the one line you care about.

    A compiled binary can easily contain thousands of strings -- library function names, debug symbols, format strings, linker metadata, and more. Without grep, manually scanning static.ltdis.strings.txt would take minutes. With it, the search takes milliseconds. Useful grep flags for CTF work:

    • -i -- case-insensitive search (matches picoctf, PICOCTF, etc.)
    • -n -- show line numbers so you can find context in the file
    • -A 2 -B 2 -- show 2 lines of context around each match
    • -r -- recurse into directories (useful when output is split across files)

    Why flags appear in binaries: Flag-checking programs typically compare user input against a stored value. The simplest approach stores the flag as a literal string, making it trivially extractable with strings. More sophisticated challenges encode, encrypt, or generate the flag at runtime to prevent this -- but even then, static analysis often reveals key clues.

Flag

picoCTF{...}

ltdis.sh runs strings on the binary and saves output; the flag is embedded as a plaintext string.

More General Skills