picoCTF Solutions
PathPart of the General Skills path · Step 2 of 4: Number Systems
picoCTF 2024General SkillsEasy

endianness picoCTF 2024 Solution

Published: April 3, 2024

Description

Know of little and big endian?

Read the technique guide

  • How to Read and Analyze Hex DumpsLearn to read and analyze hex dumps for CTF challenges -- understanding the xxd format, spotting magic bytes, finding hidden strings, and using hex editors to inspect binary files.

Setup

Download flag.c

Download the source code to understand the challenge.

Connect to the remote service and have a hex converter ready (CyberChef, python, etc.).

bash
nc titan.picoctf.net <PORT_FROM_INSTANCE>

Solution

Walk me through it
This is a warm-up endianness challenge. Once you understand basic little-endian conversion here, advance to endianness-v2 for a more complex forensics application involving image file recovery.
  1. Step 1Capture the word and convert to hex
    The server prints a word (e.g., ffoxf). Convert each character to its ASCII hex value to get 66 66 6f 78 66.
    Learn more

    Each character maps to its ASCII hex value. ASCII is a 7-bit encoding where printable characters start at 0x20 (space) and run through 0x7E (~). You can look them up with man ascii or use Python: hex(ord('f')) returns 0x66.

    Worked example for ffoxf: ord('f') = 0x66, ord('o') = 0x6f, ord('x') = 0x78. So the byte array is [0x66, 0x66, 0x6f, 0x78, 0x66].

    The server is essentially asking: if you stored this 5-character string in memory as a series of bytes, what bytes would you see, and in what order? To answer, you first need the ASCII byte values.

  2. Step 2Submit little-endian representation
    Reverse the byte order: 66 66 6f 78 66 becomes 66 78 6f 66 66. Submit without spaces or 0x prefix.
    bash
    66786f6666
    Learn more

    Little endian means the least significant byte is stored first (at the lowest memory address). x86 and ARM (in most modes) use little-endian. So 0x12345678 is stored as 78 56 34 12. Reversing the byte array of the ASCII characters gives the little-endian representation.

  3. Step 3Submit big-endian representation
    The big-endian representation is the bytes in their original left-to-right order: 66 66 6f 78 66. Submit without spaces or 0x prefix.
    bash
    66666f7866
    Learn more

    Big endian means the most significant byte comes first, which matches the natural left-to-right reading order of a number. Network protocols (TCP/IP) use big endian, which is why it is also called network byte order. For the ASCII bytes of a word, big endian is simply the characters in their original order.

    The server asks for both representations in sequence. After getting both correct it prints the flag. Use an ASCII table or Python to convert each character, then submit the bytes reversed (little-endian) and in order (big-endian).

    See the CTF encodings guide for ASCII-to-hex flows and the hex dumps guide for spotting byte order in raw output.

Alternate Solution

Use the Binary to Hex tool on this site to quickly look up ASCII hex values for each character - then manually reverse the byte order to produce the little-endian answer without opening Python.

Related guides

How to Read and Analyze Hex Dumps

This challenge turns on understanding byte order in hex. The hex dumps guide covers endianness, xxd output format, and how to interpret multi-byte values from a binary dump.

Flag

picoCTF{3ndi4n_sw4p_su33ess_d58...}

After a handful of conversions the service prints the flag.

Want more picoCTF 2024 writeups?

Browse picoCTF 2024Full library

Tools used in this challenge

Related reading

Do these first

What to try next