 Hey, welcome back guys. John Hammond here looking at Pico CTF 2017. We just finished up the web exploitation category because there was only one simple challenge in there. So let's move into the reverse engineering ones because there are, again, low-hanging fruit 20-point challenges. Let's see what we've got. Hex to raw. This program requires some unprincipled characters as input. But how do you print unprincipled characters? See, allow yourself to blah, blah, blah, and turn that hex to raw. Alright, so let's copy that location. Let's get our shell going. But before we do that, let's create a hex to raw directory. And then let's connect to with our shell. Cool. CD into this directory here. We can just paste it in and ls to check out the files. So we have a flag there. We could just cat out, but it says permission denied. That's because we don't have permission to read it. Okay. The hex sports and hex to raw 2 version has it. But we're not supposedly a member of that group. So we have to take advantage of using this program, hex to raw. It looks like you can do it. What is input? Can we check that out? No, we can't see that either. Okay, so we can check out hex to raw, but it's a binary program. So it looks like it has strings in there to determine what the flag, or things that it will output on the screen, but no real flag. So we have to figure out what we can do here. What did the hints say? Google for easy techniques of getting raw output to the command line. In this case, you should be looking for an easy solution. Hmm. Well, let's see what the hex to raw program does to begin with. It says, give me this in raw form. Okay, such that hex 0x41 is A. Okay, so this must be hex, right? We've seen hex before 0 through 9A through F. So we have this string that we supposedly need into the raw form. Okay, we can Google that like hex to raw, right? Hecto decimal to string online, paste that in. Oh, but it is disgusting. So, can we echo that? Can we? Oh, no, I can't. Nope, it looks like it just moved it back. Okay. So we can't just like copy that and put that back in our shell. So how do we get it inside of our shell to begin with? How about Linux hex to raw? Google that. Hecto string to bytes. Hmm, a lot of Perl stuff. That's not particularly very, that's a lot of like regex and stuff that we don't need to get into just yet. But how about this guy's solution? I used to do this with xxd, xxd-tac-r-tac-p. Looks like you can just pass in some characters to it. Like 5A, that's a hex byte. So xxd-tac-r-tac-p. So checking out the man page for xxd, xxd will make a hex dump or do the reverse. So you can take a binary and just or any file you want and convert it to that hexo decimal form or, you know, dump back into its binary form, the raw form. So if you wanted to use those arguments like tac-r to reverse it or something, tac-p, what's that other argument? We can check the page here. Tac-p text plain, also known as plain hex dump style, which will give it to you that raw original character that you're looking at for real. If we have that string in standard output, let's echo that string of hex, pipe that to xxd-tac-r-tac-p, so it gets it as input. Okay, we've got that raw rendition of it. So we could have that and pipe that into the hex to raw program, so it takes it as input. And awesome, okay, looks like it gets it. That's what I wanted. Here's the flag. So now that we have the flag, let's copy and paste that into a flag.txt file, document it. I'm not going to go into the effort of trying to create a get flag script for this one because it requires all that piping that we did, and I think SSH will have a little bit of a hard time with that, especially with the echo going through, because echo would look like it was interpreting a lot of the pipes. So we'll ignore that and just keep that as the flag, but we will go ahead and paste that now, submit it, and get up 20 points on the scoreboard. So awesome. Thank you guys for watching. Hey, I do want to give a quick shout-out to my supporters. One dollar a month on Patreon will give you a shout-out just like this at the end of the video. Five dollars a month will give you early access to all of my videos that I record, typically in bulk, and I let YouTube gradually release them. If you want the content right when it's ready, as it's hot, you can do it that way. Thanks again for watching, guys. If you did like the video, please do press that like button. Maybe leave me a comment. If you're willing to subscribe, and if you really want to support me, check me out on Patreon. Thanks.