TUCTF “Danger Zone”: Python, Reversing, and Kenny Loggins

Kenny Loggins is related to this challenge in name only, but I had “Danger Zone” stuck in my head the entire time.

Our hint is:

Legend says, this program was written by Kenny Loggins himself.

Okay, not much help there.

If we run the file (“dangerzone”), we get:

$ python dangerzone.pyc
Something Something Danger Zone
=YR2XYRGQJ6KWZENQZXGTQFGZ3XCXZUM33UOEIBJ

If we download the file (“dangerzone”), we see that it’s got a .pyc extension.  That’s a compiled python file.  Can we un-compile it?

A quick google search says “yes.”

Uncompyle

I found “uncompyle6” which is a Python library for decompiling compiled Python.  Wow, what a sentence.

Installing it and running it:

$ pip install uncompyle6
$ uncompyle6 dangerzone.pyc

The output of our “uncompyle” command is:

import base64

def reverse(s):
return s[::-1]

def b32decode(s):
return base64.b32decode(s)

def reversePigLatin(s):
return s[-1] + s[:-1]

def rot13(s):
return s.decode('rot13')

def main():
print 'Something Something Danger Zone'
return '=YR2XYRGQJ6KWZENQZXGTQFGZ3XCXZUM33UOEIBJ'

if __name__ == '__main__':
s = main()
print s

Upon writing this up, I realized that I made this challenge way harder than it needed to be.  I thought that each of the functions represented something that had already been done to the file, meaning that I had to write the inverse function.  Nope!  It’s much simpler than that.  Oh well, I got some Python practice in.

So, the file never explicitly says as much, but I think if we can take and undo each of the functions shown, we’ll have our flag.

Reversing

We need to take =YR2XYRGQJ6KWZENQZXGTQFGZ3XCXZUM33UOEIBJ and call each of the functions on it, and we should get our flag!

# note:  you'll need to include functions shown in previous code snippet

string = "=YR2XYRGQJ6KWZENQZXGTQFGZ3XCXZUM33UOEIBJ"

one = reverse(string)
two = b32decode(one)
three = reversePigLatin(two)
four = rot13(three)
print four

Aaaand:

$ python new_danger.py
TUCTF{r3d_l1n3_0v3rl04d}

confession: I’ve never actually seen Top Gun