picoCTF Solutions
picoCTF 2022Reverse EngineeringMedium

patchme.py

Published: July 20, 2023Updated: December 9, 2025

Description

A Python script decrypts flag.txt.enc after checking a password. The password is plainly stored inside the code-use it to reveal the flag.

Setup

patchme.flag.pyflag.txt.enc

Open patchme.flag.py and note the password hard-coded inside the function (e.g., `ak98-=90adfjhgj321sleuth9000`).

Run `python3 patchme.flag.py`, enter the password, and the script prints the flag.

python3 patchme.flag.py

Solution

  1. Step 1Read the function
    `f` stores the password in clear text. Nothing needs to be patched; just use that string when prompted.
  2. Step 2Get the flag
    Run the script alongside flag.txt.enc, enter the password, and copy the picoCTF output.

Flag

picoCTF{p47ch1ng_l1f3_h4ck_f01e...}

This is a reminder to never ship secrets in client-side code-anyone can read them.