picoCTF Solutions
picoCTF 2023Reverse EngineeringMedium

Safe Opener 2

Published: April 26, 2023Updated: December 9, 2025

Description

A compiled SafeOpener.class supposedly reveals the forgotten safe code. Either strings analysis or Java decompilation uncovers the embedded flag.

Setup

Download SafeOpener.class

Download SafeOpener.class and inspect it with strings or a Java decompiler such as jd-gui.

Extract the Java source to locate the hard-coded password and picoCTF flag.

wget https://artifacts.picoctf.net/c/290/SafeOpener.class
strings SafeOpener.class | grep pico
sudo apt install jd-gui && jd-gui SafeOpener.class

Solution

  1. Step 1Use strings for a quick win
    The compiled class embeds the flag literally. Running strings (or cat if you convert to .java) reveals picoCTF{...} near the bottom.
  2. Step 2Optional: Decompile
    Open the class in jd-gui to view SafeOpener.java. The flag appears in the clear, and you can save the decompiled file for reference.
    cat SafeOpener.java | grep pico | cut -d "\" -f1

Flag

picoCTF{SAf3_0p3...8a993}

No dynamic execution is required; the challenge is purely static analysis.