RSAC picoCTF Guide

here's how to solve CC Strings

Back to the RSAC picoCTF Guides

Previous Level Guide: ASCII Everywhere

CC Strings

Name: CC Strings
Description: We know this program has the flag, but he won't talk!
Type: Forensics
Challenge from: RSAC picoCTF 2025
Files: chall
Hints:
1. Now CyberChef has a "Strings" function!
2. The flag is 23 characters long

Theory

According to the description, to get the flag we have to make a compiled program talk or something like that, it really doesn't give any info at all, so let's take a quick look at the hints. So it seems we need to use strings, a command to see all the human readable characters of a binary file, then pipe it to grep which we'll use to find the usual format of the flag:

~$ strings chall | grep "picoCTF{"

Solution

So first of all, we'll download the file and give it executing permission, I wanna test something:

shukularuni-picoctf@webshell:~$ wget https://rsac-picoctf-files.picoctf.net/c_rsac_challenges/9bed09c066682468c60d448cc29baace87710bfa3f8c5879bdd33ad1b711e769/chall
--2025-05-19 18:01:29--  https://rsac-picoctf-files.picoctf.net/c_rsac_challenges/9bed09c066682468c60d448cc29baace87710bfa3f8c5879bdd33ad1b711e769/chall
Resolving rsac-picoctf-files.picoctf.net (rsac-picoctf-files.picoctf.net)... 3.160.22.87, 3.160.22.54, 3.160.22.19, ...
Connecting to rsac-picoctf-files.picoctf.net (rsac-picoctf-files.picoctf.net)|3.160.22.87|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 16000 (16K) [application/octet-stream]
Saving to: 'chall'

chall                                                               100%[=================================================================================================================================================================>]  15.62K  --.-KB/s    in 0s      

2025-05-19 18:01:29 (263 MB/s) - 'chall' saved [16000/16000]

shukularuni-picoctf@webshell:~$ chmod +x chall

Before doing anything else, let's see what happens if we execute it just usually:

shukularuni-picoctf@webshell:~$ ./chall 
I will never reveal my secrets!

Okay, so if they don't want to cooperate, then we'll have to use the strings command to search for the flag then:

shukularuni-picoctf@webshell:~$ strings chall | grep "picoCTF{"
picoCTF{41w4y5_57r1n95}

There we go! That's the flag.

Next Level Guide: COLOR-CRYPTO-KEYS

https://rsac.picoctf.org/level/2/4

Explore My Website