Fresh Java picoCTF 2022 Solution

Description

1. Step 1Decompile with an online Java decompiler
   Upload KeygenMe.class to an online Java decompiler such as decompiler.com or javadecompilers.com. The decompiled source shows the flag characters inline in the license-check function's comparisons.
   Learn more

   Java .class files contain bytecode - a platform-independent intermediate representation that the JVM executes. Unlike native binaries, bytecode retains rich structural information: class names, method names, field names, and character literals survive compilation largely intact. This makes Java bytecode much easier to reverse engineer than compiled C or C++ code.

   Online decompilers like decompiler.com reconstruct near-perfect Java source from bytecode without requiring any local installation. Other tools include jd-gui, Procyon, CFR, and Fernflower (the engine inside IntelliJ IDEA). For quick extraction, strings KeygenMe.class often reveals character literals without full decompilation.

2. Step 2Read the flag from the decompiled source
   The decompiled code checks each character position of the input key against a literal character. Reading through these comparisons reveals the full flag: picoCTF{700l1ng_r3qu1r3d_...}.
   Learn more

   The charAt(N) pattern checks one character at a time against a hardcoded literal. In the decompiled source, each comparison is visible directly. Reading through the decompiler output in order gives you the flag without needing grep pipelines or rev.

   The key lesson: Java bytecode is not obfuscated by default. A stock Java compile preserves all the structure needed for decompilation. Real obfuscation requires tools like ProGuard or DexGuard that rename symbols and restructure control flow. Without obfuscation, any Java decompiler recovers readable source in seconds.

Flag

The challenge name is a hint: you need fresh Java tooling to read the class file.