The only challenge I solved during this CTF was the “unVM_me” reverse engineering challenge (finally! Something other than crypto!)
We were given a pyc (Python Bytecode) file containing the flag. Executing it asked for the flag, and told us if it was right or wrong.
Decompiling the bytecode
I used PyCDC to decompile the pyc file. This gave me the following source code (I modified it to add some error checking to help with debugging):
Getting the flag
We can see a list of 13 MD5 hashes. The codes seems to check the MD5 hash of each group of 5 characters from the user string against the corresponding hash in the list. This means we need to crack every hash and that each should give us a 5-character string.
I used HashKiller to crack the hashes (I guess you could also try bruteforcing them, which shouldn’t be too long knowing the first characters were necessarily
This gave us the following flag:
Inputting it back into the program proved it was indeed the correct flag!