picoCTF Solutions
picoCTF 2026Reverse EngineeringMedium

Autorev 1

Published: March 20, 2026

Description

You think you can reverse engineer? Let's test out your speed.

Setup

Launch the challenge instance and connect.

A binary will be sent or made available -- you need to reverse it quickly.

Solution

  1. Step 1Receive and analyse the binary
    The challenge sends a binary that checks a password. Use automated tools to quickly identify the correct input.
    strings ./binary
    ltrace ./binary somepassword
    strace ./binary somepassword
  2. Step 2Use angr for automated reverse engineering
    Angr can symbolically execute the binary to find the input that leads to the success path, without needing to manually reverse the algorithm.
    pip install angr
    python3 << 'EOF' import angr, claripy proj = angr.Project("./binary", auto_load_libs=False) # Create symbolic input password = claripy.BVS("password", 8*32) # 32-char input state = proj.factory.entry_state(stdin=angr.SimFile(content=password+b"\n")) sm = proj.factory.simulation_manager(state) sm.explore(find=lambda s: b"picoCTF" in s.posix.dumps(1), avoid=lambda s: b"Wrong" in s.posix.dumps(1)) if sm.found: sol = sm.found[0] print("Password:", sol.solver.eval(password, cast_to=bytes)) print("Flag:", sol.posix.dumps(1)) EOF

Flag

picoCTF{4ut0r3v_1_...}

Automated reverse engineering with angr or angr + symbolic execution quickly finds the valid input.