This question seems difficult, but it's actually quite simple. It asks:
The police station offers free pickles to police officers. However, someone stole the pickles from the pickle jar! You find a clue on a USB drive left at the scene of the crime.
When you click on the 'clue', a .jar file is immediately downloaded onto your computer. In order to solve this question, you should first have a basic understanding of .jar files. A .jar (Java Archive) file is "a package file format typically used to aggregate many Java class files and associated metadata and resources (text, images, etc.) into one file to distribute application software or libraries on the Java platform," as stated by Wikipedia. Basically, it's a .zip file containing compiled Java code and/or sourcecode, etc.
Since .jar files are compiled, you'd need to decompile it to view its contents. There are many ways of doing that, such as installing decompiler plugins for Eclipse (an IDE), installing decompiling software (e.g. JavaDecompiler), etc.
However, I chose to simply use an online decompiler, specifically one at jd.benow.ca (which I found by going on Google and typing 'java decompiler').
When you scroll all the way to the bottom of the page, there is a 'Live Demo' option. Simply drag and drop the .jar file into the striped area (under 'Input Files')
Let go of the .jar file, and wait for it do decompile (which shouldn't take that long). When it's done, look at the 'Output Java Code' section. Explore each of the packages (which should only include
Within
But that doesn't mean that there's nothing else in there.
Since .jar files are compiled, you'd need to decompile it to view its contents. There are many ways of doing that, such as installing decompiler plugins for Eclipse (an IDE), installing decompiling software (e.g. JavaDecompiler), etc.
However, I chose to simply use an online decompiler, specifically one at jd.benow.ca (which I found by going on Google and typing 'java decompiler').
When you scroll all the way to the bottom of the page, there is a 'Live Demo' option. Simply drag and drop the .jar file into the striped area (under 'Input Files')
Let go of the .jar file, and wait for it do decompile (which shouldn't take that long). When it's done, look at the 'Output Java Code' section. Explore each of the packages (which should only include
META-INF and com.picoctf).Within
META-INF is MANIFEST.MF, which only says this:
Manifest-Version: 1.0
Class-Path: .
Main-Class: com.picoctf.Jar
Jar.class, which only says this:
package com.picoctf;
import java.io.PrintStream;
public class Jar {
public static void main(String[] args) {
System.out.println("Who stole the pickles from the pickle jar?");
}
}
But that doesn't mean that there's nothing else in there.
pickle.p still hasn't been opened. Upon clicking it to open, it says:
S'YOUSTOLETHEPICKLES'
p0
.
YOUSTOLETHEPICKLES into the submit box will get you the 30 points.