picoCTF Solutions
picoCTF 2026Reverse EngineeringMedium

Bypass Me

Published: March 20, 2026

Description

Your task is to analyze and exploit a password-protected binary called bypassme.bin. Instead of guessing the password, reverse engineer or debug the program to bypass the authentication logic and retrieve the hidden flag.

Setup

Launch the challenge instance and connect.

The binary bypassme.bin will be provided on the remote server.

Solution

  1. Step 1Analyse the binary statically
    Use strings and a disassembler to look at the password check logic. The password comparison may use strcmp, strncmp, or a custom loop.
    strings bypassme.bin
    objdump -d bypassme.bin | grep -A 20 'strcmp\|cmp'
    r2 -A bypassme.bin
  2. Step 2Patch the comparison or extract the password
    Two approaches work here: (1) extract the hardcoded password directly from the binary, or (2) patch the jump instruction after the comparison so it always takes the 'success' branch.
    # Approach 1: extract password with strings or ltrace
    ltrace ./bypassme.bin
    # Approach 2: patch the conditional jump
    r2 -w bypassme.bin
    # In r2: s address_of_jne; wa jmp <success_addr>
  3. Step 3Run the patched binary or use the password
    Either run the patched binary which skips the password check, or supply the extracted password to the original.
    echo 'EXTRACTED_PASSWORD' | ./bypassme.bin
    ./bypassme_patched.bin

Flag

picoCTF{byp4ss_m3_...}

The authentication bypass works either by extracting the hardcoded password or patching the comparison branch.