Tags: python bytecode rev
Rating:
With a bit of googling, you'll find that this is a Python Bytecode file.
Bytecode instrunctions: `https://sceweb.sce.uhcl.edu/helm/WEBPAGE-Python/documentation/python_tutorial/lib/bytecodes.html`
**These are the most important instructions:**
LOAD_FAST references a local argument, which can be interpreted as a function parameter.
LOAD_CONST references a variable outside the function scope.
BUILD_SLICE creates a Python slice, e.g. array[4:6]
BINARY_SUBSCRIPT essentially performs indexing, e.g. array[4]
COMPARE_OP performs a boolean comparison, e.g. ==
POP_JUMP_IF_FALSE - not certain on what this means, but it can be reasonably guessed that this will execute a return statement for
the function if the previous expression evaluated to false
With that in mind, let's try to analyze the first function:
```
15 0 LOAD_FAST 0 (flag) --> string: flag
2 LOAD_CONST 0 (None)
4 LOAD_CONST 1 (6)
6 BUILD_SLICE 2 --> [None:6]
8 BINARY_SUBSCR --> flag[None:6]
10 LOAD_CONST 2 ('TCP1P{')
12 COMPARE_OP 3 (!=) --> flag[None:6] != 'TCP1P{'
14 POP_JUMP_IF_FALSE 38
16 LOAD_FAST 0 (flag) --> string: flag
18 LOAD_CONST 3 (-1)
20 LOAD_CONST 0 (None)
22 BUILD_SLICE 2 --> [-1:None]
24 BINARY_SUBSCR --> flag[-1:None]
26 LOAD_CONST 4 ('}')
28 COMPARE_OP 3 (!=) --> flag[-1:None] != '}'
30 POP_JUMP_IF_FALSE 38
```
With this first function analyzed, it is easy to now analyze the rest of the functions by hand!
A short summary of each relevant function follows:
```
15:
flag[:6] == 'TCP1P{'
flag[-1:] = '}'
18:
flag[6:10] == 'byte'
21:
flag[10, 15, 18] = chr(98) = '_'
24:
flag[11:15] == 'code'
27:
flag[11] == flag[19] --> c
30:
flag[12] == ord(flag[20]) - 6 --> u
33:
ord(flag[16]) != 105 --> i
ord(flag[17]) != 115 --> s
36:
flag[19] != 'H' (overrides 27)
39:
ord(flag[20]) == 117 --> u (confirms 30)
42:
ord(flag[21]) != ord(flag[2]) - 10 --> F
45:
flag[22] != lower(flag[0]) --> t
48:
flag[22] == flag[23] --> t
```
*Note: I essentially treated != and == as doing the same thing, telling us what should be at that index.
Flag: TCP1P{byte_code_is_HuFtt}
Index: 0123456789012345678901234
