picoCTF Solutions
picoCTF 2024Reverse EngineeringMedium

packer

Published: April 3, 2024Updated: December 9, 2025

Description

Reverse this linux executable?

Setup

Local reversing

Download the out binary from the challenge artifacts.

Have upx, strings, and optionally strip/Ghidra handy.

wget https://artifacts.picoctf.net/c_titan/22/out && \ strings out | head && \ upx -d out && strip out

Solution

  1. Step 1Spot the packer
    strings out reveals UPX markers. Run upx -d out to unpack, then strip out to remove excess symbols (as hinted).
    upx -d out && strip out
  2. Step 2Load into Ghidra
    Analyze the unpacked binary. In entry(), numerous prompts appear; one contains a long hex string. That value is the flag in hex form.
  3. Step 3Convert from hex
    Paste the hex below into CyberChef (From Hex) or run the echo command to decode it locally; the resulting ASCII string is the flag.
    7069636f4354467b5539585f556e5034636b314e365f42316e34526933535f35646565343434317d
    echo 7069636f4354467b5539585f556e5034636b314e365f42316e34526933535f35646565343434317d | xxd -r -p

Flag

picoCTF{U9X_UnP4ck1N6_B1n4Ri3S_5de...}

Decoding the embedded hex string reveals the flag above.