Fresh Java | picoCTF 2022 Solutions

Description

The compiled KeygenMe.class contains the flag in reverse order. Decompile (or strings/grep) and reverse the characters to reveal it.

Setup

Use jd-gui (or another Java decompiler) to view KeygenMe.class and export it as KeygenMe.java.

Grep for `str.charAt` to extract the characters, then reverse the string.

cat KeygenMe.java | grep "str.char" | cut -d "'" -f2 | tr -d '\n' | rev

Step 1Decompile or strings
jd-gui quickly shows the obfuscated code: the flag is built via repeated `str.charAt` calls, but in reverse order.
Step 2Reverse the characters
Extract the characters (via grep/cut) and pipe them through `rev` to recover picoCTF{...}.

picoCTF{700l1ng_r3qu1r3d_2bf...}

The challenge name is a hint: you need fresh Java tooling to read the class file.