diff --git a/lvl_08_incomplete.py b/lvl_08_incomplete.py
old mode 100644
new mode 100755
diff --git a/lvl_08_incomplete.py b/lvl_08_incomplete.py
old mode 100644
new mode 100755
diff --git a/lvl_09.py b/lvl_09.py
new file mode 100755
index 0000000..ecf2bfe
--- /dev/null
+++ b/lvl_09.py
@@ -0,0 +1,45 @@
+#! /usr/bin/python
+from __future__ import print_function # import print from python3: end=""
+import time
+import re
+import subprocess
+import pexpect # sudo apt-get install python-pexpect
+import random
+import binascii
+import struct
+import sys, os, time
+import bluepy.btle as btle
+
+'''
+42 0x2A READ Im advertising the flag
+
+MD5OFLOL
+'''
+deviceMAC = open('ctf_mac.txt').read()
+p = btle.Peripheral(deviceMAC)
+svc=p.getServiceByUUID(0x00FF)
+print ("Attached to peripheral")
+
+print("Loading level 09")
+hex1 = binascii.unhexlify(str('%0*x' % (4,9)))
+p.writeCharacteristic(0x30, hex1, withResponse=False)
+
+p.disconnect()
+
+print("Starting advertisement listner")
+ps = subprocess.Popen(["btmon"], shell=False, stdout=subprocess.PIPE)
+gp = subprocess.Popen(["grep", "Name"], shell=False, stdin=ps.stdout)
+ps.stdout.close()
+#output = gp.communicate()[0]
+#ps.wait()
+
+print("Please wait 5s...")
+time.sleep(5)
+
+print("Starting hcitool")
+ps2 = subprocess.Popen(['hcitool', 'lescan'], shell=False)
+
+print("Please wait 5s...")
+time.sleep(5)
+ps2.terminate()
+ps.terminate()
\ No newline at end of file
diff --git a/lvl_08_incomplete.py b/lvl_08_incomplete.py
old mode 100644
new mode 100755
diff --git a/lvl_09.py b/lvl_09.py
new file mode 100755
index 0000000..ecf2bfe
--- /dev/null
+++ b/lvl_09.py
@@ -0,0 +1,45 @@
+#! /usr/bin/python
+from __future__ import print_function # import print from python3: end=""
+import time
+import re
+import subprocess
+import pexpect # sudo apt-get install python-pexpect
+import random
+import binascii
+import struct
+import sys, os, time
+import bluepy.btle as btle
+
+'''
+42 0x2A READ Im advertising the flag
+
+MD5OFLOL
+'''
+deviceMAC = open('ctf_mac.txt').read()
+p = btle.Peripheral(deviceMAC)
+svc=p.getServiceByUUID(0x00FF)
+print ("Attached to peripheral")
+
+print("Loading level 09")
+hex1 = binascii.unhexlify(str('%0*x' % (4,9)))
+p.writeCharacteristic(0x30, hex1, withResponse=False)
+
+p.disconnect()
+
+print("Starting advertisement listner")
+ps = subprocess.Popen(["btmon"], shell=False, stdout=subprocess.PIPE)
+gp = subprocess.Popen(["grep", "Name"], shell=False, stdin=ps.stdout)
+ps.stdout.close()
+#output = gp.communicate()[0]
+#ps.wait()
+
+print("Please wait 5s...")
+time.sleep(5)
+
+print("Starting hcitool")
+ps2 = subprocess.Popen(['hcitool', 'lescan'], shell=False)
+
+print("Please wait 5s...")
+time.sleep(5)
+ps2.terminate()
+ps.terminate()
\ No newline at end of file
diff --git a/lvl_09_incomplete.py b/lvl_09_incomplete.py
deleted file mode 100644
index 8f3a108..0000000
--- a/lvl_09_incomplete.py
+++ /dev/null
@@ -1,10 +0,0 @@
-#! /usr/bin/python
-import binascii
-import struct
-import sys, os, time
-import bluepy.btle as btle
-
-'''
-42 0x2A READ Im advertising the flag
-
-'''
diff --git a/lvl_08_incomplete.py b/lvl_08_incomplete.py
old mode 100644
new mode 100755
diff --git a/lvl_09.py b/lvl_09.py
new file mode 100755
index 0000000..ecf2bfe
--- /dev/null
+++ b/lvl_09.py
@@ -0,0 +1,45 @@
+#! /usr/bin/python
+from __future__ import print_function # import print from python3: end=""
+import time
+import re
+import subprocess
+import pexpect # sudo apt-get install python-pexpect
+import random
+import binascii
+import struct
+import sys, os, time
+import bluepy.btle as btle
+
+'''
+42 0x2A READ Im advertising the flag
+
+MD5OFLOL
+'''
+deviceMAC = open('ctf_mac.txt').read()
+p = btle.Peripheral(deviceMAC)
+svc=p.getServiceByUUID(0x00FF)
+print ("Attached to peripheral")
+
+print("Loading level 09")
+hex1 = binascii.unhexlify(str('%0*x' % (4,9)))
+p.writeCharacteristic(0x30, hex1, withResponse=False)
+
+p.disconnect()
+
+print("Starting advertisement listner")
+ps = subprocess.Popen(["btmon"], shell=False, stdout=subprocess.PIPE)
+gp = subprocess.Popen(["grep", "Name"], shell=False, stdin=ps.stdout)
+ps.stdout.close()
+#output = gp.communicate()[0]
+#ps.wait()
+
+print("Please wait 5s...")
+time.sleep(5)
+
+print("Starting hcitool")
+ps2 = subprocess.Popen(['hcitool', 'lescan'], shell=False)
+
+print("Please wait 5s...")
+time.sleep(5)
+ps2.terminate()
+ps.terminate()
\ No newline at end of file
diff --git a/lvl_09_incomplete.py b/lvl_09_incomplete.py
deleted file mode 100644
index 8f3a108..0000000
--- a/lvl_09_incomplete.py
+++ /dev/null
@@ -1,10 +0,0 @@
-#! /usr/bin/python
-import binascii
-import struct
-import sys, os, time
-import bluepy.btle as btle
-
-'''
-42 0x2A READ Im advertising the flag
-
-'''
diff --git a/solutions.txt b/solutions.txt
old mode 100644
new mode 100755
index 86a26ad..e83265e
--- a/solutions.txt
+++ b/solutions.txt
@@ -7,7 +7,7 @@
Attached to peripheral
Loading level 1
Reading value
-Flag: eca7d1f3cf60a8b5344a
+Flag: fc3fd58dcdad9ab23fac
root@PiBenchDash:/opt/BLE_CTF_V2# ./lvl_02.py
Attached to peripheral
@@ -62,3 +62,45 @@
[sp] Pairing successful
[bp] Attached to peripheral
[==] Flag: a16ee1a4001c66c3a670
+
+root@PiBenchDash:/opt/BLE_CTF_V2# ./lvl_09.py
+Attached to peripheral
+Loading level 09
+Starting advertisement listner
+Please wait 5s...
+Starting hcitool
+Please wait 5s...
+LE Scan ...
+3C:71:BF:F1:EF:C6 FLAG_09
+3C:71:BF:F1:EF:C6 (unknown)
+ Name (complete): FLAG_09
+ Name (complete): MD5OFLOL
+ Name (complete): ..
+
+root@NanoyPiBenchDash:/opt/BLE_CTF_V2# ./send2handle.py 0x2e fc3fd58dcdad9ab23fac
+root@NanoyPiBenchDash:/opt/BLE_CTF_V2# ./send2handle.py 0x2e eca7d1f3cf60a8b5344a
+root@NanoyPiBenchDash:/opt/BLE_CTF_V2# ./send2handle.py 0x2e eca7d1f3cf60a8b5344a
+root@NanoyPiBenchDash:/opt/BLE_CTF_V2# ./send2handle.py 0x2e b46fa238cf820d0f60c1
+root@NanoyPiBenchDash:/opt/BLE_CTF_V2# ./send2handle.py 0x2e f401f21d02fdd0a4fc00
+root@NanoyPiBenchDash:/opt/BLE_CTF_V2# ./send2handle.py 0x2e 84cf61c35b2d9c92217d
+root@NanoyPiBenchDash:/opt/BLE_CTF_V2# ./send2handle.py 0x2e 1dec0e624f2ecf1513dc
+root@NanoyPiBenchDash:/opt/BLE_CTF_V2# ./send2handle.py 0x2e eca7d1f3cf60a8b5344a
+root@NanoyPiBenchDash:/opt/BLE_CTF_V2# ./send2handle.py 0x2e aee4bd941f8b4d9e3921
+
+root@NanoyPiBenchDash:/opt/BLE_CTF_V2# ./enumerate.py
+- snip -
+42 0x2A READ docs: https://github.com/hackgnar/ble_ctf_infinity
+44 0x2C READ Flags complete: 9 /10
+46 0x2E READ WRITE Submit flags here
+48 0x30 READ WRITE Write 0x0000 to 0x00FF to goto flag
+50 0x32 READ WRITE Write 0xC1EA12 to reset all flags
+52 0x34 READ Flag 0: Complete
+54 0x36 READ Flag 1: Complete
+56 0x38 READ Flag 2: Complete
+58 0x3A READ Flag 3: Complete
+60 0x3C READ Flag 4: Complete
+62 0x3E READ Flag 5: Complete
+64 0x40 READ Flag 6: Complete
+66 0x42 READ Flag 7: Complete
+68 0x44 READ Flag 8: Incomplete
+70 0x46 READ Flag 9: Complete