Description
A sleepy Windows executable supposedly needs instrumentation to wake up, but its strings already reveal a Base64-encoded flag. Extract the packed archive, inspect the binary, and decode the message.
Fetch the archive and unzip it with the password picoctf to obtain bininst1.exe.
Run strings/binwalk on the binary or its extracted sections to look for human-readable clues.
wget https://challenge-files.picoctf.net/c_verbal_sleep/.../bininst1.zip
unzip bininst1.zip # password: picoctf
strings bininst1.exe | grep -i flag
echo "cGljb0NURnt3NGtlX20zX3VwX3cxdGhfZnIxZGFfZjI3YWNjMzh9" | base64 -d
Solution
- Step 1Extract the binaryUnzip the provided archive and inspect bininst1.exe. binwalk -e can extract embedded sections if you want to search smaller blobs.
- Step 2Decode the hidden stringstrings reveals “Ok, I'm Up! The flag is: <Base64>”. Decode that string with base64 -d (or CyberChef) to recover picoCTF{...}.
Flag
picoCTF{w4ke_m3_up_w1th_fr1da_f27a...}
Despite the title, no instrumentation is required-plain static inspection suffices.