Description
“Quantum Scrambler” is nothing more than a deterministic shuffle of a list of hex bytes. Capture the remote output, re-run the loops in reverse, and you recover the original flag.
Setup
Connect to `verbal-sleep.picoctf.net 53222` and save the shuffled output to a file (the server only scrambles the list and prints it).
Download `quantum_scrambler.py` so you can study the `scramble` function and confirm no actual encryption took place.
nc verbal-sleep.picoctf.net 53222 > result
wget https://challenge-files.picoctf.net/c_verbal_sleep/27d1d27147deac5835e1ef9633cf1858c89bf32b14e2f4fbac72b6ca093f6d27/quantum_scrambler.py
Solution
- Step 1Understand the scramble routineThe provided code repeatedly pops elements and appends prefixes, but never modifies the underlying data. It simply reorders sublists, meaning the plaintext bytes are still present.
- Step 2Iterate through the nested listsParsing the result with `eval` yields a nested Python list. Walking each sublist, append the first and last element to a buffer, then append the remaining bytes stored in the final two lists. This recreates the original sequence of hex strings.with open('result') as f: data = eval(f.read())print(''.join(chr(int(chunk[2:], 16)) for chunk in rebuilt_bytes))
- Step 3Decode to ASCIIConvert each hex chunk (e.g., `0x70`) back to a character via `chr(int(chunk[2:], 16))`. Joining the characters prints the picoCTF flag.
Flag
picoCTF{python_is_weird9ece...}
Any faithful translation of the scramble loop works; the key insight is that nothing was encrypted, only permuted.