# Stones (rev)

<figure><img src="/files/ODguCXVVEn2ZOBDn5D01" alt="" width="340"><figcaption></figcaption></figure>

{% file src="/files/IlVIab8bcym9B3xYrYNg" %}

We are given a file, `stones.whatdis`. Running `file` on it shows it as a Windows binary file.&#x20;

<figure><img src="/files/Qxyulkz84uPD2X7hprqJ" alt=""><figcaption></figcaption></figure>

We soon realise that it is a Python compiled executable and use Pylingual to decompile it to get the following:

```python
# Decompiled with PyLingual (https://pylingual.io)
# Internal filename: CHAL-stones.py
# Bytecode version: 3.10.0rc2 (3439)
# Source timestamp: 1970-01-01 00:00:00 UTC (0)

import requests
from datetime import datetime
from urllib.request import urlopen
from datetime import datetime
server_url = 'http://3.142.133.106:8000/'
current_time = urlopen('http://just-the-time.appspot.com/')
current_time = current_time.read().strip()
current_time = current_time.decode('utf-8')
current_date = current_time.split(' ')[0]
local_date = datetime.now().strftime('%Y-%m-%d')
if current_date == local_date:
    print("We're gonna need a really big brain; bigger than his?")
first_flag = 'WGMY{1d2993'
user_date = current_date
params = {'first_flag': first_flag, 'date': user_date}
response = requests.get(server_url, params=params)
if response.status_code == 200:
    print(response.json()['flag'])
else:
    print(response.json()['error'])
```

It sends a GET request to a hardcoded IP address and port, and if the supplied `user_date` is correct we get the flag.&#x20;

Notice that the challenge description also mentions the existence of a `/flag` endpoint on the server. When accessing that endpoint it gives us the link to a YouTube video.

Entering the upload date of the youtube video as the `'date'` parameter, we can retrieve the flag. Below is my solve script:

```python
import requests
from datetime import datetime
from urllib.request import urlopen
from datetime import datetime
server_url = 'http://3.142.133.106:8000/'
current_time = urlopen('http://just-the-time.appspot.com/')
current_time = current_time.read().strip()
current_time = current_time.decode('utf-8')
current_date = current_time.split(' ')[0]
local_date = datetime.now().strftime('%Y-%m-%d')
if current_date == local_date:
    print("We're gonna need a really big brain; bigger than his?")
first_flag = 'WGMY{1d2993'
user_date = current_date
params = {'first_flag': first_flag, 'date': '2022-07-25'}
response = requests.get(server_url, params=params)
if response.status_code == 200:
    print(response.json()['flag'])
else:
    print(response.json()['error'])
```


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://elijahchia.gitbook.io/ctf-blog/wargames.my-ctf-2024/stones-rev.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.