# Reverse Engineering ### Transformation \[20 pts] \[Not Solved] > **Description** > > I wonder what this really is... [enc](https://mercury.picoctf.net/static/dd6004f51362ff76f98cb8c699510f23/enc) `''.join([chr((ord(flag[i]) << 8) + ord(flag[i + 1])) for i in range(0, len(flag), 2)])` **Solution** a **Flag:** ### keygenme-py \[30 pts] \[Not Solved] > **Description** > > [keygenme-trial.py](https://mercury.picoctf.net/static/0c363291c47477642c72630d68936e50/keygenme-trial.py) **Solution** a **Flag:** ### crackme-py \[30 pts] > **Description** > > [crackme.py](https://mercury.picoctf.net/static/f440bf2510a28914afae2947749f2db0/crackme.py) **Solution** So opening up the code I noticed that their are two functions, but when ran only 1 is called. I added only 1 line of code that would print out the flag. ``` decode_secret(bezos_cc_secret) ``` **Flag: picoCTF{1|\\/|\_4\_p34||ut\_8c551048}** ### ARMssembly 0 \[40 pts] \[Not Solved] > **Description** > > What integer does this program print with arguments `4004594377` and `4110761777`? File: [chall.S](https://mercury.picoctf.net/static/006961dc756fc3f418b0dbe0a42dcee8/chall.S) Flag format: picoCTF{XXXXXXXX} -> (hex, lowercase, no 0x, and 32 bits. ex. 5614267 would be picoCTF{0055aabb}) **Solution** a **Flag:** ### speeds and feeds \[50 pts] \[Not Solved] > **Description** > > There is something on my shop network running at `nc mercury.picoctf.net 28067`, but I can't tell what it is. Can you? **Solution** a **Flag:** ### Shop \[50 pts] \[Not Solved] > **Description** > > Best Stuff - Cheap Stuff, Buy Buy Buy... Store Instance: [source](https://mercury.picoctf.net/static/db20ea321ce780e69e29fd4b60e60fe0/source). The shop is open for business at `nc mercury.picoctf.net 3952`. **Solution** a **Flag:** ### ARMssembly 1 \[70 pts] \[Not Solved] > **Description** > > For what argument does this program print \`win\` with variables `83`, `0` and `3`? File: [chall\_1.S](https://mercury.picoctf.net/static/b4fd1dabc9dec63c37180b5b05783b55/chall_1.S) Flag format: picoCTF{XXXXXXXX} -> (hex, lowercase, no 0x, and 32 bits. ex. 5614267 would be picoCTF{0055aabb}) **Solution** a **Flag:** ### ARMssembly 2 \[90 pts] \[Not Solved] > **Description** > > What integer does this program print with argument `3297082261`? File: [chall\_2.S](https://mercury.picoctf.net/static/397a4b46a393eda0777f925f1a866f90/chall_2.S) Flag format: picoCTF{XXXXXXXX} -> (hex, lowercase, no 0x, and 32 bits. ex. 5614267 would be picoCTF{0055aabb}) **Solution** a **Flag:** ### Hurry up! Wait ! \[100 pts] \[Not Solved] > **Description** > > [svchost.exe](https://mercury.picoctf.net/static/7163c5d64bc60b4d079422da5c5e5053/svchost.exe) **Solution** a **Flag:** ### gogo \[110 pts] \[Not Solved] > **Description** > > Hmmm this is a weird file... [enter\_password](https://mercury.picoctf.net/static/eb7ca66cba87f2df20ea754c89148343/enter_password). There is a instance of the service running at `mercury.picoctf.net:34256`. **Solution** a **Flag:** ### ARMssembly 3 \[130 pts] \[Not Solved] > **Description** > > What integer does this program print with argument `4012702611`? File: [chall\_3.S](https://mercury.picoctf.net/static/9fdd746aed67479ab23642b1149c70aa/chall_3.S) Flag format: picoCTF{XXXXXXXX} -> (hex, lowercase, no 0x, and 32 bits. ex. 5614267 would be picoCTF{0055aabb}) **Solution** a **Flag:** ### Let's get dynamic \[150 pts] \[Not Solved] > **Description** > > Can you tell what this file is reading? [chall.S](https://mercury.picoctf.net/static/474c53d8354545efbc0498791b9d9aef/chall.S) **Solution** a **Flag:** ### Easy as GDB \[160 pts] \[Not Solved] > **Description** > > The flag has got to be checked somewhere... File: [brute](https://mercury.picoctf.net/static/02142a2292c67ace2fe4ef82280ac907/brute) **Solution** a **Flag:** ### ARMssembly 4 \[170 pts] \[Not Solved] > **Description** > > What integer does this program print with argument `3459413018`? File: [chall\_4.S](https://mercury.picoctf.net/static/14c05cb93b965abb045e9b565d61931e/chall_4.S) Flag format: picoCTF{XXXXXXXX} -> (hex, lowercase, no 0x, and 32 bits. ex. 5614267 would be picoCTF{0055aabb}) **Solution** a **Flag:** ### Powershelly \[180 pts] \[Not Solved] > **Description** > > It's not a bad idea to learn to read Powershell. We give you the output, but do you think you can find the input? [rev\_PS.ps1](https://mercury.picoctf.net/static/64180dd699923792daa2806cf90b1bcf/rev_PS.ps1) [output.txt](https://mercury.picoctf.net/static/64180dd699923792daa2806cf90b1bcf/output.txt) **Solution** a **Flag:** ### Rolling My Own \[300 pts] \[Not Solved] > **Description** > > I don't trust password checkers made by other people, so I wrote my own. It doesn't even need to store the password! If you can crack it I'll give you a flag. [remote](https://mercury.picoctf.net/static/c4951a16150471875346d4a3cfddc703/remote) `nc mercury.picoctf.net 47110` **Solution** a **Flag:** ### Checkpass \[375 pts] \[Not Solved] > **Description** > > What is the password? File: [checkpass](https://mercury.picoctf.net/static/dae13be1822da155932b6bdef8ebdeba/checkpass) Flag format: picoCTF{...} **Solution** a **Flag:**