Finding "Praktyczna Inżyniera Wsteczna" last hidden flag.

Finding "Praktyczna Inżyniera Wsteczna" last hidden flag.

If you read this blog you can see that from time to time I participate in missions published by Gynvael Coldwind on his English and Polish streams. You might not know that he is an author of 2 (one self, one co-op) books in the simillar topics that he presents on streams. Thoase are: "Zrozumieć programowanie" (ZP) and "Praktyczna inżyniera wsteczna" (PIW). You might also not know that you can find missions or challenges. One famous one being the one on the front page of the PIW. You can read about it here.

Numerous times on streams, Gynvael mentioned, that there is still one puzzle hidden in the PIW book yet unfound. I've decided to give it a try.

I've already read the book last year (my review - in Polish - you can watch here), so in hunt for this puzzle I did not wanted to read it again (not that the book is not good :]). I've needed another approch. I got a hunch that the puzzle will be in Gynvael's chapter (chapter 6, about Python), but wasn't sure. So the approch was to go page by page from the beginning, and if something catches my eye, I'll investigate it more to find out.

It was pretty mundane task I must say and I was almost quitting, when a perticular phrase caught my eye. On page 187 there was an example of obfuscated python script that corresponds to this code

def my_print(text):
  print text
my_print("asdf");

The obfuscated version looked like this:

I don't know if the script looked suspicious to be considered for furthere analysis. Or it looked to long to be just the function. I think the description's wording looked more suspicious to me. Above the script you read (my translation from Polish & my highlighting) "...could be coded to the following form:".

This could word was a bit odd here. Why "could"? It might be that this obfuscation can produce multiple forms, but this was at least first good candidate for being a hidden flag. So what was to be done was to type those characters to Sublime Text, change exec to print, so that nothing is hidden from us and see.

I must say, I did not exepct much. Imagine my surprise and raised heart beat when after executing it apart from the code above I saw a comment with an URL.

Wow. Could that be it? No way. I've entered the url to the browser and to my surprise there it was.

Niesamowite, ktoś to znalazł :)
(Amazing, someone found it :))

An instruction to send an e-mail with a secret code. Send the mail at 10:38 PM and 12 minutes leter I knew. I found the last flag.

Voilà.