First, download both the files and store them in the same directory.level2.py and level2.flag.txt.enc

Then use the following command in the terminal to see the contents of the file.

nano level2.py

We can see that inside the function level_2_pw_check there is an if statement that checks the user input with a password. The password is encoded in a series of chr(). We can see that they start with 0x, which means that they are in the hexadecimal format. In this case, the chr() function returns the symbol value of the hex value.

Here is an example of the ASCII table, to better understand the conversion.

Dark Theme ASCII Table
Quickly find the ASCII code of every character, number and letter. Also supports the Windows-1252 extension.
0x4d

In my case, I got if( user_pw == chr(0x33) + chr(0x39) + chr(0x63) + chr(0x65) ), so open up a terminal and enter the following.

python3
print(chr(0x33) + chr(0x39) + chr(0x63) + chr(0x65))

Yours might be different, so change according to your situation. That in turns gives us the password we need to unlock the hidden flag. Now, just run the program and enter the password that you found from above.

python3 level2.py

Congrats, you’ve got the flag!

Tagged in:

picoCTF CTF General Skills