Description
The provided Python script (`bloat.flag.py`) hides logic behind an array of printable characters before requesting a password to decrypt `flag.txt.enc`. Deobfuscate the script to recover the password, then run it to reveal the flag.
Setup
Download both `bloat.flag.py` and `flag.txt.enc` into the same working directory.
Read through the script to understand how the lookup table `a[...]` maps back to readable characters.
After uncovering the hard-coded password (`happychance`), run the script to decrypt the encrypted flag file.
wget https://artifacts.picoctf.net/c/103/bloat.flag.py
wget https://artifacts.picoctf.net/c/103/flag.txt.enc
python3 bloat.flag.py
python3 bloat.flag.py | tee output.txt
sed -n '2p' output.txt
Solution
- Step 1Understand the lookup tableAll strings are constructed from the array `a`, so sending the array through a Python REPL and printing the indexed characters reveals the original statements and variables.
- Step 2Recover the passwordDeobfuscating the script exposes `happychance` near the top of the file. Once you know it, you can leave the script as-is and supply the password at runtime.
- Step 3Decrypt the flagExecute `python3 bloat.flag.py`, enter `happychance`, and capture the output with `tee` or redirect to isolate the second line-which contains the picoCTF flag.
Flag
picoCTF{d30bfu5c4710n_f7w_b80...}
Never run opaque scripts blindly-printing the decoded payload first keeps you safe and shows the password immediately.