Hisssss, can you ssssee ssssome sssssecretssss?
Download the file below.
Running strings on the file we can see it has an embedded python file in it. With the help of uncompyle6 we’re able to decompile the binary (after changing its extension to pyc):
There’s a lot going on here and many similar variables to confuse things. When we run the program we know we’re only seeing output that takes a few random elements of the sszz array and capitalizes the characters in the string.
To that end, the easiest thing to do here first is just modify the code to print the output of the other variables - “zzz” and “ssszzz” stand out as suspicious because they are iterating over the “zzss” string of bytecode. Just trying these first, the flag string turns out to be hiding in the “zzz” variable.