 What's up everybody? This is another video right up for the challenge Python reversing for 40 points in the reverse engineering category of TJCTF, a recent capture the flag competition. So the challenge prompt here is found this flag checking file and it is quite vulnerable and we have the source code given to us. So let's go ahead and download that and we can open that source up. Okay, and we have some Python code here using the NumPy library here with a redacted flag, a little bit of code here that we could go through and reverse engineer, although we're given the original output of the file. So we know that okay this must be the flag actually encoded or encrypted with whatever this code does. So I need to give the special shout out and thank you to the other players that I worked on this capture the flag competition with. Yiggles, Modo and Monorail were certainly the two most dedicated and like definitely were putting the pressure on for a lot of these challenges. So props to you. I think Yiggles was actually the one that went through with this brute force and got the flag before any of us, but we were talking about it. We were looking at like, oh, we could totally just brute force this. We don't have to exactly reverse this. So let's go ahead and do that. I'm going to create a please sub like separate rendition of this program. And let's go ahead and clean up a little bit where we can just actually brute force what we need. Let's import string. So we have all the possible characters. Flag, we can actually just go ahead and kind of ignore. And then we'll just save. Okay. Original output can be its own variable here. And let's define this as a function like a general purpose thing. So we can handle it and work with it later. So we'll change this return statement. We'll change this print statement to return. We'll pass in whatever we want to supposedly encrypt. And then we'll change all the string. So if I wanted to, I could just simply run print encrypt with what we know to be the flag format TJ CTF. And we get this binary output, which turns out to be just like the very start of that original output. So what's to stop us from going ahead and brute forcing these things? Let's go ahead and try it. Let's say flag can equal a list of so far TJ CTF with a curly brace. And then we'll do a little while one. So we're constantly looping. Let's do a four character in string dot printable. So we can go through every single character. So we can try and encrypt are like out whatever we want to call that we can call that encrypt of joining our current flag together and the character that we're testing. And we can test if the original output starts with the same amount of string that out does, then we know that okay, we have the correct character, we can go ahead and add that character to our flag list. So flag dot append character, break, etc. And we can print what we have so far of the flag, print dot join flag, great. And otherwise, we can just print out what it is we're trying. Cool. So now we should be able to try this. Go ahead and mark that as executable, run it. And just like that, we have cranked through it. Did it do that at just the very start? It sure did. All right. Wow. I kind of want to see that like in slow motion, because that like was super fast import time. And then let's do like a time dot sleep for while we are getting characters time dot sleep, 0.2, whatever. Yeah, let's try that. That's way too slow. Okay. Looks like it is cranking through the characters just like that. So simple brute force did not really have to reverse engineer much of anything. But pretty cool. Again, thank you to Yiggles Modo and mono rail, and even TJ get fender rev dev X creeper max, other individuals that were kind of going hard on the CTF that's pretty awesome. So thank you guys for all your hard work and effort props to you for the leads. That is our flag here, Python is trivial. So we can go ahead and save that as a flag dot text. We could change that to be a get flag script, etc. But let's go ahead and mark this challenge as complete. Hey, I want to give a quick shout out to the people that support me on Patreon. You guys are fantastic and phenomenal. And I love you $1 a month on Patreon. We'll give you a special shout out just like this at the end of every video $5 or more on Patreon. We'll give you early access to everything that I release on YouTube before it goes live. If you did like this video, please do like comment and subscribe if you want to see more capture the flag, video write ups, programming tutorials, etc. Join our Discord server, link in the description if you want to join a cool community of CTF players, hackers and programmers. If you want to jam with me or any other cool people when another game is going on, you can totally do so there. Hey, I would love to see you on Patreon, and I hope to see you in the next video. Thanks.