picoCTF Solutions
picoCTF 2021General SkillsEasy

Static ain't always noise picoCTF 2021 Solution

Published: April 2, 2026

Description

Can you look at the data in this binary? Download static and ltdis.sh.

Setup

Download both static and ltdis.sh from the challenge page.

Confirm the binary type before running tools that assume a specific format.

bash
wget <url>/static
bash
wget <url>/ltdis.sh
bash
file static

Solution

Walk me through it
  1. Step 1Run ltdis.sh on the binary
    ltdis.sh runs strings -o static (or similar) on the binary and saves output to a .strings.txt file alongside it. Run it, then list the generated text files to find the output filename.
    bash
    bash ltdis.sh static
    bash
    ls *.txt
    Learn more

    The strings utility scans any binary file and extracts sequences of printable ASCII characters above a minimum length (default 4). This works because compiled programs often contain embedded text: error messages, URLs, version strings, author credits, and - in CTFs - flags. Even without source code, strings is one of the first tools any reverse engineer runs on an unknown binary.

    Shell scripts as wrappers: ltdis.sh is a bash script that wraps strings with specific options and redirects output to a predictably named file. Writing wrapper scripts around existing tools is a common Unix practice - it standardizes arguments, captures output for later analysis, and makes workflows repeatable. The name "ltdis" likely stands for "light disassembly" or similar.

    Static vs. dynamic analysis: The challenge title "Static Ain't Always Noise" plays on two meanings of "static." In reverse engineering, static analysis means examining a binary without executing it - reading its bytes, running strings, disassembling with objdump, or decompiling with Ghidra. Dynamic analysis means running the program and observing its behavior. Both are complementary and important skills.

  2. Step 2Search for the flag
    Grep the output file for the picoCTF prefix. If nothing matches, lower the strings minimum length (default is 4) - the flag may be a short word in a longer transformation. Filter to lines starting with picoCTF{ if multiple matches appear.
    bash
    grep '^picoCTF{' static.ltdis.strings.txt
    bash
    # If no matches, re-run strings with a smaller minimum length:
    bash
    strings -n 3 static | grep -i pico
    Learn more

    grep (Global Regular Expression Print) searches text for lines matching a pattern. It's an indispensable Unix tool for filtering large outputs. In CTF work, grepping for known patterns like picoCTF, flag, or FLAG quickly filters thousands of lines of binary output down to the one line you care about.

    A compiled binary can easily contain thousands of strings - library function names, debug symbols, format strings, linker metadata, and more. Without grep, manually scanning static.ltdis.strings.txt would take minutes. With it, the search takes milliseconds. Useful grep flags for CTF work:

    • -i - case-insensitive search (matches picoctf, PICOCTF, etc.)
    • -n - show line numbers so you can find context in the file
    • -A 2 -B 2 - show 2 lines of context around each match
    • -r - recurse into directories (useful when output is split across files)

    Why flags appear in binaries: Flag-checking programs typically compare user input against a stored value. The simplest approach stores the flag as a literal string, making it trivially extractable with strings. More sophisticated challenges encode, encrypt, or generate the flag at runtime to prevent this - but even then, static analysis often reveals key clues.

Flag

picoCTF{...}

ltdis.sh runs strings on the binary and saves output; the flag is embedded as a plaintext string.

Want more picoCTF 2021 writeups?

Browse picoCTF 2021Full library

Useful tools for General Skills

Related reading

What to try next