Rating:

# Full WriteUp

Full Writeup on our website: [http://www.aperikube.fr/docs/tjctf_2018/pythonreversing](http://www.aperikube.fr/docs/tjctf_2018/pythonreversing)

-----

# TL;DR

The script wasn’t really obfuscated. We had the output of the hashed flag and had to recover the input.
The clear text was first randomized with the equivalent of the following code:

```
flag = [random.randint(1,5) * ord(x) for x in flag]
```

Then a xor was applied with the following key: *ligma_sugma_sugondese_*
Finally the result was printed in binary, letter could be 8 to 10 digits and were concatenated.

An efficient bruteforce / cryptanalysis gave us the flag.

Original writeup (http://www.aperikube.fr/docs/tjctf_2018/pythonreversing/).