Kenny Loggins is related to this challenge in name only, but I had “Danger Zone” stuck in my head the entire time.
Our hint is:
Legend says, this program was written by Kenny Loggins himself.
Okay, not much help there.
If we run the file (“dangerzone”), we get:
$ python dangerzone.pyc
Something Something Danger Zone
=YR2XYRGQJ6KWZENQZXGTQFGZ3XCXZUM33UOEIBJ
If we download the file (“dangerzone”), we see that it’s got a .pyc extension. That’s a compiled python file. Can we un-compile it?
A quick google search says “yes.”
Uncompyle
I found “uncompyle6” which is a Python library for decompiling compiled Python. Wow, what a sentence.
Installing it and running it:
$ pip install uncompyle6
$ uncompyle6 dangerzone.pyc
The output of our “uncompyle” command is:
import base64
def reverse(s):
return s[::-1]
def b32decode(s):
return base64.b32decode(s)
def reversePigLatin(s):
return s[-1] + s[:-1]
def rot13(s):
return s.decode('rot13')
def main():
print 'Something Something Danger Zone'
return '=YR2XYRGQJ6KWZENQZXGTQFGZ3XCXZUM33UOEIBJ'
if __name__ == '__main__':
s = main()
print s
Upon writing this up, I realized that I made this challenge way harder than it needed to be. I thought that each of the functions represented something that had already been done to the file, meaning that I had to write the inverse function. Nope! It’s much simpler than that. Oh well, I got some Python practice in.
So, the file never explicitly says as much, but I think if we can take and undo each of the functions shown, we’ll have our flag.
Reversing
We need to take =YR2XYRGQJ6KWZENQZXGTQFGZ3XCXZUM33UOEIBJ and call each of the functions on it, and we should get our flag!
# note: you'll need to include functions shown in previous code snippet
string = "=YR2XYRGQJ6KWZENQZXGTQFGZ3XCXZUM33UOEIBJ"
one = reverse(string)
two = b32decode(one)
three = reversePigLatin(two)
four = rot13(three)
print four
Aaaand:
$ python new_danger.py
TUCTF{r3d_l1n3_0v3rl04d}
