## Original Source Code ```python= import base64 from cryptography.fernet import Fernet payload = b'gAAAAABkzWGO_8MlYpNM0n0o718LL-w9m3rzXvCMRFghMRl6CSZwRD5DJOvN_jc8TFHmHmfiI8HWSu49MyoYKvb5mOGm_Jn4kkhC5fuRiGgmwEpxjh0z72dpi6TaPO2TorksAd2bNLemfTaYPf9qiTn_z9mvCQYV9cFKK9m1SqCSr4qDwHXgkQpm7IJAmtEJqyVUfteFLszyxv5-KXJin5BWf9aDPIskp4AztjsBH1_q9e5FIwIq48H7AaHmR8bdvjcW_ZrvhAIOInm1oM-8DjamKvhh7u3-lA==' key_str = 'correctstaplecorrectstaplecorrec' key_base64 = base64.b64encode(key_str.encode()) f = Fernet(key_base64) plain = f.decrypt(payload) exec(plain.decode()) ``` ## Modified ```python= import base64 from cryptography.fernet import Fernet payload = b'gAAAAABkzWGO_8MlYpNM0n0o718LL-w9m3rzXvCMRFghMRl6CSZwRD5DJOvN_jc8TFHmHmfiI8HWSu49MyoYKvb5mOGm_Jn4kkhC5fuRiGgmwEpxjh0z72dpi6TaPO2TorksAd2bNLemfTaYPf9qiTn_z9mvCQYV9cFKK9m1SqCSr4qDwHXgkQpm7IJAmtEJqyVUfteFLszyxv5-KXJin5BWf9aDPIskp4AztjsBH1_q9e5FIwIq48H7AaHmR8bdvjcW_ZrvhAIOInm1oM-8DjamKvhh7u3-lA==' key_str = 'correctstaplecorrectstaplecorrec' key_base64 = base64.b64encode(key_str.encode()) #encode:change key_str to byte str, base64.b64encode: then b64 encode it f = Fernet(key_base64) # assign the "value" of key to variable `f` plain = f.decrypt(payload) print(plain.decode()) #decode: change `plain` from byte str to normal one # exec(plain.decode()) #exec: run the text as a script ``` ## Output ```shell= ┌──(kali㉿kali)-[~/code] └─$ /bin/python /home/kali/code/unpackme.flag.py pw = input('What\'s the password? ') if pw == 'batteryhorse': print('picoCTF{175_chr157m45_5274ff21}') else: print('That password is incorrect.') ``` ## REFs - https://www.geeksforgeeks.org/fernet-symmetric-encryption-using-cryptography-module-in-python/ - https://www.geeksforgeeks.org/advanced-encryption-standard-aes/