pico2026 autorev1

The following Python program connects to the server, gets the hex bytes of an executable, disassembled it and looks for where the secret number is stored in a variable, then sends that number (20 times). from pwn import * import re context.arch = 'amd64' HOST = "mysterious-sea.picoctf.net" PORT = 52344 def extract_secret(code): # Disassemble asm = disasm(code) # Look for mov dword ptr [rbp-?], IMM matches = re.findall(r'mov.*\[rbp.*\],\s*(0x[0-9a-fA-F]+)', asm) if matches: return int(matches[0], 16) return None def main(): io = remote(HOST, PORT) for i in range(20): io.recvuntil(b"bytes:\n") hexdata = io.recvline().strip().decode() # Convert hex to bytes binary = bytes.fromhex(hexdata) # Extract secret secret = extract_secret(binary) if secret is None: log.failure("Failed to extract secret") return log.info(f"Secret: {secret}") io.sendline(str(secret).encode()) io.interactive() if __name__ == "__main__": main()