picoCTF Solutions
PathPart of the General Skills path · Step 3 of 4: Git and Version Control
picoCTF 2024General SkillsEasy

Blame Game

Published: April 3, 2024

Description

Someone's commits seems to be preventing the program from working. Who is it?

Setup

Download challenge.zip

Download the challenge zip, unzip it locally, then change into the drop-in directory.

wget https://artifacts.picoctf.net/c_titan/74/challenge.zip && \
unzip challenge.zip && \
cd drop-in/

Solution

Unlike the Time Machine challenge, the answer isn't visible from a plain git log over the entire repo. You need to focus on message.py to pinpoint the culprit.
  1. Step 1List repository history
    Use git log --oneline --decorate to see an overview of commits. This gives context about recent changes and commit messages.
    git log --oneline --decorate
    Learn more

    git logis your window into a repository's entire history. Every commit records a snapshot of the project along with metadata: who made the change (author name + email), when, and a message describing why.

    The flags here do specific things:

    • --oneline - collapses each commit to a single line (hash + message). Great for scanning quickly.
    • --decorate - shows branch and tag labels next to the relevant commits so you can see where HEAD and any branches currently point.

    In CTFs, repos are often seeded with a long history to hide a single suspicious commit. Scanning with --oneline lets you spot unusual messages fast.

  2. Step 2Focus on the suspicious file
    Run git log message.py to narrow the search to the file that broke the flag printer. You're interested in the commit introducing the bogus optimization.
    git log message.py
    Learn more

    Passing a filename to git logfilters the output to only commits that touched that specific file. This is one of git's most useful forensic tools - instead of sifting through every commit in the repo, you see only the history relevant to one path.

    This technique is called file-level blame tracing and is commonly used in real incident response: if a bug was introduced into a specific module, git log path/to/file.py immediately surfaces who touched it and when.

    You can go even further with git log -p message.py to see the actual diff for every change to that file inline.

  3. Step 3Blame the culprit
    Once you've identified the offending commit, take note of the author line; that name is the flag. You can double-check by running git show <COMMIT_HASH>.
    git show <COMMIT_HASH>
    Learn more

    git show <hash>prints everything about a single commit: the author, date, full message, and a unified diff showing exactly what lines were added or removed. It's the most direct way to inspect what a specific commit actually did.

    The author field records who originally wrote the change. This is distinct from the committer- in workflows involving rebases or patches, these can be different people. In this challenge the author is who you're after.

    git blame message.py is another related tool - it annotates every line of a file with the commit hash and author that last changed it. Useful when you want to know who wrote a specific line rather than who touched the file overall.

Related guides

Linux Command Line Basics for CTF

This challenge uses git and grep in the terminal. The Linux CLI guide covers these commands and the other shell tools that appear across General Skills challenges.

Flag

picoCTF{@sk_th3_1nt3rn_ea3...}

The flag is the author of the suspicious commit (the "optimize file size of prod code" change in message.py). It appears in the git log message.py output once you examine the file history.

Want more picoCTF 2024 writeups?

Browse picoCTF 2024Full library

Useful tools for General Skills

Related reading

Do these first

What to try next