picoCTF Solutions
picoCTF 2026General SkillsMedium

bytemancy 2

Published: March 20, 2026

Description

Can you conjure the right bytes? Download `app.py` and recover the exact input the server expects.

Setup

Download app.py

Download and read app.py.

Launch the challenge instance and connect via netcat.

cat app.py

Solution

  1. Step 1Read the source code
    Download app.py. It reads via sys.stdin.buffer (raw bytes) and checks that the input equals b'\xff\xff\xff' (hex byte 0xFF, three times, no space). The key difference from bytemancy-0/1 is that it reads raw binary, not text — you must send literal byte 0xFF, not the string 'ff'.
    cat app.py
  2. Step 2Send the raw bytes
    Send three raw 0xFF bytes followed by a newline. Use printf or Python — plain echo won't work since \xFF is non-printable.
    printf '\xff\xff\xff\n' | nc <HOST> <PORT_FROM_INSTANCE>
    python3 -c "import socket; s=socket.create_connection(('<HOST>', <PORT_FROM_INSTANCE>)); s.recv(512); s.sendall(b'\xff\xff\xff\n'); print(s.recv(512).decode())"

Flag

picoCTF{byt3m4ncy_2_...}

app.py reads raw bytes via sys.stdin.buffer and expects the three literal bytes 0xFF 0xFF 0xFF. Use printf '\xff\xff\xff\n' | nc — sending the text string 'ff' will not work.