Jailpy3 (LIT 2025)

I usually don't solve rev challenges (games are an exception) but I have no idea why a python jail was also put into the rev category...

Made with a burning passion for pyjails (i.e. creating insane payloads just to bypass some random condition), I turned everything in this python script into pyjail tech! Here's a program that's suppose to print a flag. But something seems to be getting in the way...

We were provided with a 11.5MB python file... calling this a jail challenge would be wrong instead it is just obfuscated python code.

# The starting of obfuscated python file provided
print({}.__class__.__subclasses__()[2].copy.__builtins__[{}.__class__.__subclasses__()[2].copy.__builtins__[chr(1^2^32^64)+chr(8^32^64)+chr(2^16^32^64)]({}.__class__.__subclasses__()[2].copy.__builtins__[chr(1^2^4^8^16^64)+chr(1^2^4^8^16^64)+chr(1^8^32^64)+chr(1^4^8^32^64)+chr(16^32^64)+chr(1^2^4^8^32^64)+chr(2^16^32^64)+chr(4^16^32^64)+chr(1^2^4^8^16^64)+chr(1^2^4^8^16^64)](chr(1^2^16^32^64)+chr(1^4^16^32^64)+chr(2^32^64)+chr(16^32^64)+chr(2^16^32^64)+chr(1^2^4^8^32^64)+chr(1^2^32^64)+chr(1^4^32^64)+chr(1^2^16^32^64)+chr(1^2^16^32^64)).select.POLLIN^{}.__class__.__subclasses__()[2].copy.__builtins__[chr(1^2^4^8^16^64)+chr(1^2^4^8^16^64)+chr(1^8^32^64)+chr(1^4^8^32^64)+chr(16^32^64)+chr(1^2^4^8^32^64)+chr(2^16^32^64)+chr(4^16^32^64)+chr(1^2^4^8^16^64)+chr(1^2^4^8^16^64)](chr(1^2^16^32^64)+chr(1^4^16^32^64)+chr(2^32^64)+chr(16^32^64)+chr(2^16^32^64)+chr(1^2^4^8^32^64)+chr(1^2^32^64)+chr(1^4^32^64)+chr(1^2^16^32^64)+chr(1^2^16^32^64)).select.POLLPRI^{}...

Seeing this code the first thing that we should do is replace chr(...) with the actual contents. The ^ operator represents a XOR operation (it is not exponent). So I asked ChatGPT to quickly write a script for me which performs these operations and hopefuly deobfuscates this.

import ast
import operator
import re
import sys
from pathlib import Path

ALLOWED_BINOPS = {
    ast.BitXor: operator.xor,
    ast.BitOr: operator.or_,
    ast.BitAnd: operator.and_,
    ast.LShift: operator.lshift,
    ast.RShift: operator.rshift,
    ast.Add: operator.add,
    ast.Sub: operator.sub,
    ast.Mult: operator.mul,
    ast.FloorDiv: operator.floordiv,
    ast.Mod: operator.mod,
}
ALLOWED_UNARY = {ast.Invert: operator.invert, ast.UAdd: operator.pos, ast.USub: operator.neg}

def safe_eval_int(expr: str) -> int:
    """Evaluate a small integer expression safely."""
    node = ast.parse(expr, mode="eval")

    def _eval(n):
        if isinstance(n, ast.Expression):
            return _eval(n.body)
        if isinstance(n, ast.Constant) and isinstance(n.value, int):
            return n.value
        if isinstance(n, ast.UnaryOp) and type(n.op) in ALLOWED_UNARY:
            return ALLOWED_UNARY[type(n.op)](_eval(n.operand))
        if isinstance(n, ast.BinOp) and type(n.op) in ALLOWED_BINOPS:
            return ALLOWED_BINOPS[type(n.op)](_eval(n.left), _eval(n.right))
        # Allow nested parentheses via Tuple with one elt in some Python versions? Not needed here.
        raise ValueError(f"disallowed expression: {ast.dump(n, include_attributes=False)}")

    val = _eval(node)
    if not isinstance(val, int):
        raise ValueError("non-integer expression")
    return val

def decode_chr_sequence_to_str(exprs):
    chars = []
    for e in exprs:
        code = safe_eval_int(e)
        try:
            chars.append(chr(code))
        except ValueError:
            raise ValueError(f"chr() out of range: {code}")
    return "".join(chars)

def scan_and_replace_chr_concats(src: str):
    """
    Find spans like: chr(<e1>) + chr(<e2>) + ... and replace with a quoted string.
    Handles whitespace and newlines.
    """
    i, n = 0, len(src)
    replacements = []

    while i < n:
        if src.startswith("chr(", i):
            start = i
            exprs = []

            def read_paren(idx):
                # idx at start of '('
                depth, j = 1, idx + 1
                while j < n and depth:
                    c = src[j]
                    if c == "(":
                        depth += 1
                    elif c == ")":
                        depth -= 1
                    j += 1
                if depth != 0:
                    raise ValueError("unbalanced parentheses in chr(...) sequence")
                return j  # position after ')'

            # first chr(
            if src.startswith("chr(", i):
                # read first expr
                open_idx = i + 3  # at '('
                end_after_paren = read_paren(open_idx)
                exprs.append(src[open_idx + 1 : end_after_paren - 1])

                k = end_after_paren
                # consume sequences of + chr(
                while True:
                    # skip whitespace
                    while k < n and src[k].isspace():
                        k += 1
                    if k < n and src[k] == "+":
                        k += 1
                        while k < n and src[k].isspace():
                            k += 1
                        if k < n and src.startswith("chr(", k):
                            open2 = k + 3
                            end2 = read_paren(open2)
                            exprs.append(src[open2 + 1 : end2 - 1])
                            k = end2
                            continue
                    break

                if len(exprs) >= 2:  # only replace concatenations, not single chr(...)
                    try:
                        decoded = decode_chr_sequence_to_str(exprs)
                        replacements.append((start, k, repr(decoded)))
                        i = k
                        continue
                    except Exception:
                        # fall through and advance one char if evaluation fails
                        pass
        i += 1

    # Apply replacements from end to start.
    if not replacements:
        return src, 0
    out = []
    last = 0
    for s, e, rep in sorted(replacements, key=lambda t: t[0]):
        out.append(src[last:s])
        out.append(rep)
        last = e
    out.append(src[last:])
    new_src = "".join(out)
    return new_src, len(replacements)

def deobfuscate_text(src: str, max_passes: int = 8):
    """Run multiple passes to catch cascaded patterns."""
    total = 0
    for _ in range(max_passes):
        src, cnt = scan_and_replace_chr_concats(src)
        total += cnt
        if cnt == 0:
            break
    return src, total

def main():
    if len(sys.argv) < 2:
        print("usage: python deobfuscate_chr_concat.py <input.py> [output.py]")
        sys.exit(2)
    inp = Path(sys.argv[1])
    outp = Path(sys.argv[2]) if len(sys.argv) >= 3 else None
    text = inp.read_text(encoding="utf-8")
    new_text, num = deobfuscate_text(text)
    if outp:
        outp.write_text(new_text, encoding="utf-8")
        print(f"replaced {num} chr-concat sequences -> {outp}")
    else:
        print(new_text)

if __name__ == "__main__":
    main()

After running this script the output looked like (note that it has been truncated... it was still 2.9MB):

# Truncated output after running first deobfuscation script
import collections
print({}.__class__.__subclasses__()[2].copy.__builtins__[{}.__class__.__subclasses__()[2].copy.__builtins__['chr']({}.__class__.__subclasses__()[2].copy.__builtins__['__import__']('subprocess').select.POLLIN^{}.__class__.__subclasses__()[2].copy.__builtins__['__import__']('subprocess').select.POLLPRI^{}.__class__.__subclasses__()[2].copy.__builtins__['__import__']('subprocess').select.POLLNVAL^{}.__class__.__subclasses__()[2].copy.__builtins__['__import__']('subprocess').select.POLLRDNORM)+{}.__class__.__subclasses__()[2].copy.__builtins__['chr']({}...

Now we can notice that there is use of long unnecessary paths to call Python builtin functions and imports. For example the following snippet:

{}.__class__.__subclasses__()[2].copy.__builtins__['chr'](97)

Is equivalent to just using chr(97) , both would return the sample output of a . So now once again I gave these instructions to GPT and it produced a functional script.

import ast, operator, re, sys
from pathlib import Path
import subprocess as _subprocess  # for select.POLL* constants

# ---------- safe integer evaluator ----------
_BINOPS = {
    ast.BitXor: operator.xor, ast.BitOr: operator.or_, ast.BitAnd: operator.and_,
    ast.Add: operator.add, ast.Sub: operator.sub, ast.Mult: operator.mul,
    ast.LShift: operator.lshift, ast.RShift: operator.rshift,
    ast.FloorDiv: operator.floordiv, ast.Mod: operator.mod,
}
_UNARY = {ast.Invert: operator.invert, ast.UAdd: operator.pos, ast.USub: operator.neg}

# expose only allowed names (after normalization we keep POLL* names)
_ALLOWED_NAMES = {name: getattr(_subprocess.select, name)
                  for name in dir(_subprocess.select) if name.startswith("POLL")}

def _safe_eval_int(expr: str) -> int:
    node = ast.parse(expr, mode="eval")

    def ev(n):
        if isinstance(n, ast.Expression): return ev(n.body)
        if isinstance(n, ast.Constant) and isinstance(n.value, int): return n.value
        if isinstance(n, ast.UnaryOp) and type(n.op) in _UNARY: return _UNARY[type(n.op)](ev(n.operand))
        if isinstance(n, ast.BinOp) and type(n.op) in _BINOPS: return _BINOPS[type(n.op)](ev(n.left), ev(n.right))
        if isinstance(n, ast.Name) and n.id in _ALLOWED_NAMES: return _ALLOWED_NAMES[n.id]
        raise ValueError(f"disallowed expression: {ast.dump(n, include_attributes=False)}")
    v = ev(node)
    if not isinstance(v, int): raise ValueError("non-integer")
    return v

# ---------- decoding helpers ----------
def _decode_chr_concat(src: str):
    """Replace chr(expr)+chr(expr)+... with quoted string."""
    i, n = 0, len(src); reps = []
    def read_paren(j):
        depth, k = 1, j+1
        while k < n and depth:
            c = src[k]
            if c == "(": depth += 1
            elif c == ")": depth -= 1
            k += 1
        if depth: raise ValueError("unbalanced parens")
        return k

    while i < n:
        if src.startswith("chr(", i):
            start = i
            aopen = i + 3
            aend = read_paren(aopen)
            exprs = [src[aopen+1:aend-1]]
            k = aend
            while True:
                while k < n and src[k].isspace(): k += 1
                if k < n and src[k] == "+":
                    k += 1
                    while k < n and src[k].isspace(): k += 1
                    if src.startswith("chr(", k):
                        bopen = k + 3
                        bend = read_paren(bopen)
                        exprs.append(src[bopen+1:bend-1])
                        k = bend
                        continue
                break
            if len(exprs) >= 2:
                try:
                    s = "".join(chr(_safe_eval_int(e)) for e in exprs)
                    reps.append((start, k, repr(s)))
                    i = k; continue
                except Exception:
                    pass
        i += 1
    if not reps: return src, 0
    out, last = [], 0
    for s, e, rep in reps:
        out.append(src[last:s]); out.append(rep); last = e
    out.append(src[last:])
    return "".join(out), len(reps)

def _decode_single_chr(src: str):
    """Replace chr(<int-expr>) with a quoted one-character string where safe."""
    # Avoid touching when followed/preceded by + which _decode_chr_concat handles.
    pattern = re.compile(r"chr\(\s*([^\(\)]*?)\s*\)")
    def repl(m):
        expr = m.group(1)
        # skip if contains quotes or disallowed chars to be safe
        if any(c in expr for c in "'\"[]{}"): return m.group(0)
        try:
            ch = chr(_safe_eval_int(expr))
            return repr(ch)
        except Exception:
            return m.group(0)
    new = pattern.sub(repl, src)
    changed = int(new != src)
    return new, changed

# ---------- normalization passes ----------
_BUILTINS_JAIL = re.compile(
    r"\{\}\.__class__\.__subclasses__\(\)\[\d+\]\.copy\.__builtins__"
)
def _normalize(src: str):
    s = src
    # 1) Collapse jail path to __builtins__
    s = _BUILTINS_JAIL.sub("__builtins__", s)
    # 2) Replace __builtins__['chr']( … ) -> chr( … )
    s = re.sub(r"__builtins__\s*\[\s*['\"]chr['\"]\s*\]\s*\(", "chr(", s)
    # 3) Replace __builtins__['__import__']('subprocess') -> subprocess
    s = re.sub(
        r"__builtins__\s*\[\s*['\"]__import__['\"]\s*\]\s*\(\s*['\"]subprocess['\"]\s*\)",
        "subprocess", s)
    # 4) Replace subprocess.select.POLLXXX -> POLLXXX
    s = re.sub(r"subprocess\s*\.\s*select\s*\.\s*(POLL[A-Z_]+)", r"\1", s)
    return s

def simplify_text(src: str, max_passes: int = 10):
    s = _normalize(src)
    total = 0
    for _ in range(max_passes):
        s2, n1 = _decode_chr_concat(s)
        s3, n2 = _decode_single_chr(s2)
        s4 = _normalize(s3)  # new opportunities may appear
        total += n1 + n2
        if s4 == s:
            break
        s = s4
    return s, total

def main():
    if len(sys.argv) < 2:
        print("usage: python simplify_ctf_obfuscation.py <input.py> [output.py]")
        sys.exit(2)
    inp = Path(sys.argv[1]); text = inp.read_text(encoding="utf-8")
    out, n = simplify_text(text)
    if len(sys.argv) >= 3:
        Path(sys.argv[2]).write_text(out, encoding="utf-8")
        print(f"simplified with {n} chr-rewrites -> {sys.argv[2]}")
    else:
        print(out)

if __name__ == "__main__":
    main()

Finally, after executing this deobfuscation script we got our flag:

LITCTF{h0w_c0nvolu7ed_c4n_i7_g37_f0r_0n3_s1mpl3_w0rk4round??}

import collections
print('LITCTF{h0w_c0nvolu7ed_c4n_i7_g'__builtins__['__import__']('types').FunctionType(__builtins__['__import__']('marshal').loads(__builtins__['bytes'].fromhex('630000000000000000000000000300000000000000f3300000009700640064016c005a00020065006a020000000000000000000000000000000000006402ab01000000000000010079012903e9000000004ee9010000002902da026f73da055f65786974a900f300000000fa033c783efa083c6d6f64756c653e7208000000010000007314000000f003010101db0009883888328f38893890418d3b7206000000')), {'os': __builtins__['__import__']('os')})()+'37_f0r_0n3_s1mpl3_w0rk4round??}')

The challenge did look hard at start, probably I got scared because of the large file size, but by making two simple observations and using any LLM to write the scripts the challenge was easy solvable.