# Question: Verify
### Key: picoCTF{trust_but_verify_2cdcb2de}

**Core concept: SHA256 Hash**

We're given a directory full of files, a checksum.txt file, and a ./decrypt.sh. 

First, I checked the contents of the checksum.txt file. It contained a SHA256 hash of some file in the directory. 
Since all the files were in the same directory, I just generaterdid the SHA256 hashes of the entire directory using `sha256sum files/*`.

I copied the hash from the checksum.txt file and pasted it alongside the sha256sum command, to filter the contents using `grep`.

```bash
ctf-player@pico-chall$ sha256sum files/* | grep 55b983afdd9d10718f1db3983459efc5cc3f5a66841e2651041e25dec3efd46a
55b983afdd9d10718f1db3983459efc5cc3f5a66841e2651041e25dec3efd46a  files/2cdcb2de
```
Then, I ran the ./decrypt.sh script with the file I found in the checksum.txt file.

```bash
ctf-player@pico-chall$ ./decrypt.sh files/2cdcb2de
picoCTF{trust_but_verify_2cdcb2de}
```

Voila! Found the flag!

Output: picoCTF{trust_but_verify_2cdcb2de}