Chall: Nothing To See Here!After extracting the compressed file that we down

1. Chall: Nothing To See Here!
2.  
3. After extracting the compressed file that we downloaded, we got "ntsh.py". My experience in python is not good at all! But hey let take a look what inside the python script.
4.  
5. First thing i want to dig into is Base64 string and follow it, and it is base64 decompress and zlib uncompress. So what i did is basically just like that but i did it in my console:
6. - * Extract base64 string save as a file *
7. - $ base64 -d < ./extracted.dump > out
8. - $ zlib-flate -uncompress < out > uncompress
9. - $ file ./uncompress
10. ./uncompress: python 3.7 byte-compile
11.  
12. Oh is a python bytecode compiled file, nice! After googling a little bit i found a tool named "Uncompyle6" that allow us to decompile python bytecode.
13. Then i download the tool via python pip and use it:
14. - $ mv ./uncompress ./uncompress.pyc
15. - $ uncompyle6 ./uncompress.pyc > gamelogic.py
16. - $ file ./gamelogic.py
17. ./gamelogic.py: Python script, UTF-8 Unicode text executable, with very long lines
18.  
19. Now we have recovered the "gamelogic.py" python script. Remembered that "ntsh.py" python script have a DEBUG variable and we need to set that to TRUE to use its own decompiled "gamelogic.py".
20. Now we can edit gamelogic.py to show us more data.
21. Edited code:
22. "
23. for i in range(75):
24. vp = self.game_map[(pos_y + i)]
25. vp = vp[pos_x:pos_x + 145]
26. vk = self.d_keys[(pos_y + i)]
27. vk = vk[pos_x:pos_x + 145]
28. "
29. Save "gamelogic.py" and run "ntsh.py" script again. We can see the whole map and there is our flag ^^
30. FLAG: wgmy{d82bc3aa2e0025cda54ec24b4b23f959}