Description
The compiled KeygenMe.class encodes the flag character by character. Decompile it with an online Java decompiler to read the flag characters directly from the source.
Go to an online Java decompiler (e.g., decompiler.com or javadecompilers.com) and upload KeygenMe.class.
Read through the decompiled source. The flag characters appear inline in the comparisons that check each character of the license key.
# Upload KeygenMe.class to an online Java decompiler and read the decompiled sourceSolution
Want to try it yourself first?
The guided walkthrough reveals hints one step at a time.
Step 1
Decompile with an online Java decompilerObservationI noticed the provided artifact was a compiled KeygenMe.class file rather than Java source, which suggested that decompiling the bytecode would expose the hardcoded character comparisons used to validate the license key.Upload KeygenMe.class to an online Java decompiler such as decompiler.com or javadecompilers.com. The decompiled source shows the flag characters inline in the license-check function's comparisons.What didn't work first
Tried: Running
strings KeygenMe.classto extract the flag characters directly from the binary.The
stringscommand prints ASCII sequences of 4+ characters, but individual character literals stored as integer constants in bytecode are not emitted as printable strings. You get class and method names but not the flag characters. A proper decompiler reconstructs the source-level character literals from the bytecode instruction operands.Tried: Trying to run
java KeygenMeand supplying guessed input to brute-force the license check.The class file checks a full key string character by character, making brute force over the full flag space impractical. The decompiler approach recovers each expected character directly from the comparison operands in O(1) reads rather than guessing.
Learn more
Java
.classfiles contain bytecode - a platform-independent intermediate representation that the JVM executes. Unlike native binaries, bytecode retains rich structural information: class names, method names, field names, and character literals survive compilation largely intact. This makes Java bytecode much easier to reverse engineer than compiled C or C++ code.Online decompilers like decompiler.com reconstruct near-perfect Java source from bytecode without requiring any local installation. Other tools include jd-gui, Procyon, CFR, and Fernflower (the engine inside IntelliJ IDEA). For quick extraction,
strings KeygenMe.classoften reveals character literals without full decompilation.Step 2
Read the flag from the decompiled sourceObservationI noticed the decompiled source used a charAt(N) pattern to compare each input position against a hardcoded literal, which meant reading those literals in sequence would directly yield the full flag without any additional decoding.The decompiled code checks each character position of the input key against a literal character. Reading through these comparisons reveals the full flag:picoCTF{700l1ng_r3qu1r3d_...}.Learn more
The
charAt(N)pattern checks one character at a time against a hardcoded literal. In the decompiled source, each comparison is visible directly. Reading through the decompiler output in order gives you the flag without needing grep pipelines or rev.The key lesson: Java bytecode is not obfuscated by default. A stock Java compile preserves all the structure needed for decompilation. Real obfuscation requires tools like ProGuard or DexGuard that rename symbols and restructure control flow. Without obfuscation, any Java decompiler recovers readable source in seconds.
Interactive tools
- Strings ExtractorPull printable text from any binary, library, or image. ASCII and UTF-16 detection, configurable minimum length, flag-like highlight, no command line needed.
- Hex ViewerView text or raw hex bytes as a xxd-style hex dump with byte offset, hex columns, and ASCII sidebar. Highlights printable characters and null bytes.
Flag
Reveal flag
picoCTF{700l1ng_r3qu1r3d_2bf...}
The challenge name is a hint: you need fresh Java tooling to read the class file.