picoCTF Solutions
picoCTF 2024Reverse EngineeringMedium

FactCheck

Published: April 3, 2024Updated: December 9, 2025

Description

This binary is putting together some important piece of information... Can you uncover that information? Examine this file. Do you understand its inner workings?

Setup

Static reversing

Download the binary and review it in Ghidra or objdump.

Pay special attention to the std::basic_string constructor calls and the subsequent comparisons before characters are appended.

wget https://artifacts.picoctf.net/c_titan/187/bin && \ chmod +x bin && \ objdump -D bin | less

Solution

  1. Step 1Map each DAT entry
    In Ghidra, rename the DAT_ addresses (char_0, char_a, etc.) to their literal characters. This makes the later logic much easier to read.
  2. Step 2Evaluate the conditions
    Walk through the comparisons: '5' < 'B' succeeds so 'e' is appended, '6' != 'A' adds '9', the difference check fails, and the trailing lines append d a 2 c 0 e }.
  3. Step 3Concatenate
    Combine the hard-coded prefix picoCTF{wELF_d0N3_mate_ with the characters that passed their checks. The final flag is picoCTF{wELF_d0N3_mate_e9da2c0e}.

Flag

picoCTF{wELF_d0N3_mate_e9da2c0e}

Note that this flag will be different for you based on your downloaded binary.