Stones (rev)

We are given a file, stones.whatdis. Running file on it shows it as a Windows binary file.

We soon realise that it is a Python compiled executable and use Pylingual to decompile it to get the following:

# Decompiled with PyLingual (https://pylingual.io)
# Internal filename: CHAL-stones.py
# Bytecode version: 3.10.0rc2 (3439)
# Source timestamp: 1970-01-01 00:00:00 UTC (0)

import requests
from datetime import datetime
from urllib.request import urlopen
from datetime import datetime
server_url = 'http://3.142.133.106:8000/'
current_time = urlopen('http://just-the-time.appspot.com/')
current_time = current_time.read().strip()
current_time = current_time.decode('utf-8')
current_date = current_time.split(' ')[0]
local_date = datetime.now().strftime('%Y-%m-%d')
if current_date == local_date:
    print("We're gonna need a really big brain; bigger than his?")
first_flag = 'WGMY{1d2993'
user_date = current_date
params = {'first_flag': first_flag, 'date': user_date}
response = requests.get(server_url, params=params)
if response.status_code == 200:
    print(response.json()['flag'])
else:
    print(response.json()['error'])

It sends a GET request to a hardcoded IP address and port, and if the supplied user_date is correct we get the flag.

Notice that the challenge description also mentions the existence of a /flag endpoint on the server. When accessing that endpoint it gives us the link to a YouTube video.

Entering the upload date of the youtube video as the 'date' parameter, we can retrieve the flag. Below is my solve script:

import requests
from datetime import datetime
from urllib.request import urlopen
from datetime import datetime
server_url = 'http://3.142.133.106:8000/'
current_time = urlopen('http://just-the-time.appspot.com/')
current_time = current_time.read().strip()
current_time = current_time.decode('utf-8')
current_date = current_time.split(' ')[0]
local_date = datetime.now().strftime('%Y-%m-%d')
if current_date == local_date:
    print("We're gonna need a really big brain; bigger than his?")
first_flag = 'WGMY{1d2993'
user_date = current_date
params = {'first_flag': first_flag, 'date': '2022-07-25'}
response = requests.get(server_url, params=params)
if response.status_code == 200:
    print(response.json()['flag'])
else:
    print(response.json()['error'])

Last updated 3 days ago

# Decompiled with PyLingual (https://pylingual.io) # Internal filename: CHAL-stones.py # Bytecode version: 3.10.0rc2 (3439) # Source timestamp: 1970-01-01 00:00:00 UTC (0) import requests from datetime import datetime from urllib.request import urlopen from datetime import datetime server_url = 'http://3.142.133.106:8000/' current_time = urlopen('http://just-the-time.appspot.com/') current_time = current_time.read().strip() current_time = current_time.decode('utf-8') current_date = current_time.split(' ')[0] local_date = datetime.now().strftime('%Y-%m-%d') if current_date == local_date: print("We're gonna need a really big brain; bigger than his?") first_flag = 'WGMY{1d2993' user_date = current_date params = {'first_flag': first_flag, 'date': user_date} response = requests.get(server_url, params=params) if response.status_code == 200: print(response.json()['flag']) else: print(response.json()['error'])

import requests from datetime import datetime from urllib.request import urlopen from datetime import datetime server_url = 'http://3.142.133.106:8000/' current_time = urlopen('http://just-the-time.appspot.com/') current_time = current_time.read().strip() current_time = current_time.decode('utf-8') current_date = current_time.split(' ')[0] local_date = datetime.now().strftime('%Y-%m-%d') if current_date == local_date: print("We're gonna need a really big brain; bigger than his?") first_flag = 'WGMY{1d2993' user_date = current_date params = {'first_flag': first_flag, 'date': '2022-07-25'} response = requests.get(server_url, params=params) if response.status_code == 200: print(response.json()['flag']) else: print(response.json()['error'])