REVERSE - Tag - Zarkyo's bloghttps://zarkyo.fr/tags/reverse/REVERSE - Tag - Zarkyo's blogHugo -- gohugo.ioenCC BY-NC 4.0Sat, 23 May 2026 22:00:00 +0200BreizhCTF 2026 - Seems Emptyhttps://zarkyo.fr/seems-empty/Sat, 23 May 2026 22:00:00 +0200xxxxhttps://zarkyo.fr/seems-empty/

Seems Empty

  • Difficulty: Very Easy
  • Category: Reverse
  • Author: AntwortEinesLebens

Description

During an audit, a strange binary was only displaying a bland message. No network activity, no suspicious writes — nothing but perfectly harmless output. Dismissed among unremarkable artifacts, it was nonetheless tampered with by a malware group.

Even what seems empty can hide a secret.

Files:

  • seems-empty.pyc — Python bytecode compiled for CPython 3.12

Solve

Step 1 — Reconnaissance

file seems-empty.pyc
# seems-empty.pyc: Byte-compiled Python module for CPython 3.12 or newer,
# timestamp-based, .py timestamp: Sun Apr  5 12:20:40 2026 UTC, .py size: 1132 bytes

A .pyc is a compiled Python file (bytecode). The source text is not directly readable. First reflex: run strings to look for readable hints.

]]>