Cracking Hidden Password Logic -PicoCTF "PW Crack 2"

CTF challenges often hide secrets in plain sight. The trick is learning how to read the code carefully and understand what it is doing.

Subrat Samantaray

~2 min read · March 13, 2026 (Updated: March 13, 2026) · Free: Yes

In this writeup, we will solve the PicoCTF challenge: PW Crack 2 by analyzing a Python password checker script and reconstructing the hidden password.

Challenge Information

Challenge: PW Crack 2 Author: LT "syreal" Jones

picoCTF — PW Crack 2

Description

Can you crack the password to get the flag? Download the password checker and you'll need the encrypted flag in the same directory too.

Files provided:

level2.py
level2.flag.txt.enc

The objective is simple: find the correct password so the script decrypts the flag.

Step 1 — Inspect the Script

The first step in any reverse engineering challenge is to read the source code.

cat level2.py

Inside the script, the password is not written directly as a string. Instead, it is constructed using Python's chr() function.

Example snippet:

chr(0x33) + chr(0x39) + chr(0x63) + chr(0x65)

At first glance, this may look confusing, but it is simply a way of building a string using ASCII values.

Step 2 — Understanding chr()

The chr() function converts a number into its corresponding ASCII character.

Example:

chr(65) → 'A'
chr(97) → 'a'

In this challenge, the numbers are written in hexadecimal format.

0x33
0x39
0x63
0x65

We convert each value to ASCII.

0x33 → 3
0x39 → 9
0x63 → c
0x65 → e

Combining them reveals the hidden password:

39ce

Step 3 — Verifying with Python

To confirm the decoding, we can run a small Python command:

print(chr(0x33) + chr(0x39) + chr(0x63) + chr(0x65))

Output:

39ce

This confirms that 39ce is the correct password.

Step 4 — Run the Password Checker

Now we execute the script.

python3 level2.py

When prompted for the password, enter:

39ce

If the password is correct, the script decrypts the encrypted flag and prints the flag.

Key Takeaways

This challenge demonstrates several fundamental CTF skills:

1. Code Analysis Always inspect the source code carefully.

2. Understanding Encoding ASCII and hexadecimal encoding appear frequently in CTF challenges.

3. Recognizing Obfuscation Using chr() is a simple way to hide strings in code.

4. Automating Small Tasks Writing small helper scripts can save time during challenges.

Final Thoughts

Although this challenge is simple, it teaches an important lesson: many CTF puzzles rely more on observation than complex exploitation.

Learning to recognize patterns like encoded ASCII values can quickly reveal hidden information in scripts.

#cybersecurity #picoctf #reverse-engineering #python #security-research