PicoCTF-2021 Writeup
  • README
  • Binary Exploitation
    • Binary Gauntlet 0
    • Binary Gauntlet 1
    • Stonks
    • What's your input?
  • Cryptography
    • Compress and Attack
    • Dachshund Attacks
    • Double DES
    • Easy Peasy
    • It is my Birthday 2
    • It's Not My Fault 1
    • Mini RSA
    • New Caesar
    • New Vignere
    • No Padding, No Problem
    • Pixelated
    • Play Nice
    • Scrambled: RSA
  • Forensics
    • Disk, disk, sleuth!
    • Disk, disk, sleuth! II
    • information
    • MacroHard WeakEdge
    • Matryoshka doll
    • Milkslap
    • Surfing the Waves
    • Trivial Flag Transfer Protocol
    • tunn3l v1s10n
    • Very very very Hidden
    • Weird File
    • Wireshark doo dooo do doo...
    • Wireshark twoo twooo two twoo...
  • Reverse Engineering
    • ARMssembly 0
    • ARMssembly 2
    • ARMssembly 3
    • ARMssembly 4
    • gogo
    • Hurry up! Wait!
    • keygenme-py
    • Let's get dynamic
    • Rolling My Own
    • Shop
    • speeds and feeds
    • Transformation
  • Web Exploitation
    • Ancient History
    • Bithug
    • GET aHEAD
    • It is my Birthday
    • More Cookies
    • Most Cookies
    • Scavenger Hunt
    • Some Assembly Required 1
    • Some Assembly Required 2
    • Some Assembly Required 3
    • Some Assembly Required 4
    • Super Serial
    • Web Gauntlet 2
    • Web Gauntlet 3
    • Who are you?
    • X marks the spot
Powered by GitBook
On this page
  • Problem
  • Solution
  • Flag

Was this helpful?

Edit on GitHub
  1. Reverse Engineering

Shop

PreviousRolling My OwnNextspeeds and feeds

Last updated 2 years ago

Was this helpful?

Problem

Best Stuff - Cheap Stuff, Buy Buy Buy... Store Instance: source. The shop is open for business at nc mercury.picoctf.net 42159.

Solution

  1. Choose an option to buy, and buy a large negative amount of them so the program gives them to you instead of you paying for them.

  2. Then, buy 1 fruitful flag to have the program print the flag.

  3. The complete program input and output is as follows:

    Welcome to the market!
    =====================
    You have 40 coins
        Item		Price	Count
    (0) Quiet Quiches	10	12
    (1) Average Apple	15	8
    (2) Fruitful Flag	100	1
    (3) Sell an Item
    (4) Exit
    Choose an option: 
    0
    How many do you want to buy?
    -99
    You have 1030 coins
        Item		Price	Count
    (0) Quiet Quiches	10	111
    (1) Average Apple	15	8
    (2) Fruitful Flag	100	1
    (3) Sell an Item
    (4) Exit
    Choose an option: 
    2
    How many do you want to buy?
    1
    Flag is:  [112 105 99 111 67 84 70 123 98 52 100 95 98 114 111 103 114 97 109 109 101 114 95 55 57 55 98 50 57 50 99 125]
  4. We can decode this from decimal to ascii using Python like so python -c 'print("".join([chr(x) for x in [112, 105, 99, 111, 67, 84, 70, 123, 98, 52, 100, 95, 98, 114, 111, 103, 114, 97, 109, 109, 101, 114, 95, 55, 57, 55, 98, 50, 57, 50, 99, 125]]))' to get the flag.

Flag

picoCTF{b4d_brogrammer_797b292c}

Program