diff --git a/lvl_08_incomplete.py b/lvl_08_incomplete.py
old mode 100644
new mode 100755

diff --git a/lvl_08_incomplete.py b/lvl_08_incomplete.py
old mode 100644
new mode 100755
diff --git a/lvl_09.py b/lvl_09.py
new file mode 100755
index 0000000..ecf2bfe
--- /dev/null
+++ b/lvl_09.py
@@ -0,0 +1,45 @@
+#! /usr/bin/python
+from __future__ import print_function   # import print from python3: end=""
+import time   
+import re
+import subprocess
+import pexpect    # sudo apt-get install python-pexpect
+import random
+import binascii
+import struct
+import sys, os, time
+import bluepy.btle as btle
+  
+'''
+42  0x2A   READ         Im advertising the flag
+
+MD5OFLOL
+'''
+deviceMAC = open('ctf_mac.txt').read()  
+p = btle.Peripheral(deviceMAC)
+svc=p.getServiceByUUID(0x00FF)
+print ("Attached to peripheral")
+
+print("Loading level 09")
+hex1 = binascii.unhexlify(str('%0*x' % (4,9)))
+p.writeCharacteristic(0x30, hex1, withResponse=False)
+
+p.disconnect()
+
+print("Starting advertisement listner")
+ps = subprocess.Popen(["btmon"], shell=False, stdout=subprocess.PIPE)
+gp = subprocess.Popen(["grep", "Name"], shell=False, stdin=ps.stdout)
+ps.stdout.close()
+#output = gp.communicate()[0]
+#ps.wait()
+
+print("Please wait 5s...")
+time.sleep(5)
+
+print("Starting hcitool")
+ps2 = subprocess.Popen(['hcitool', 'lescan'], shell=False) 
+
+print("Please wait 5s...")
+time.sleep(5)
+ps2.terminate()
+ps.terminate()
\ No newline at end of file

diff --git a/lvl_08_incomplete.py b/lvl_08_incomplete.py
old mode 100644
new mode 100755
diff --git a/lvl_09.py b/lvl_09.py
new file mode 100755
index 0000000..ecf2bfe
--- /dev/null
+++ b/lvl_09.py
@@ -0,0 +1,45 @@
+#! /usr/bin/python
+from __future__ import print_function   # import print from python3: end=""
+import time   
+import re
+import subprocess
+import pexpect    # sudo apt-get install python-pexpect
+import random
+import binascii
+import struct
+import sys, os, time
+import bluepy.btle as btle
+  
+'''
+42  0x2A   READ         Im advertising the flag
+
+MD5OFLOL
+'''
+deviceMAC = open('ctf_mac.txt').read()  
+p = btle.Peripheral(deviceMAC)
+svc=p.getServiceByUUID(0x00FF)
+print ("Attached to peripheral")
+
+print("Loading level 09")
+hex1 = binascii.unhexlify(str('%0*x' % (4,9)))
+p.writeCharacteristic(0x30, hex1, withResponse=False)
+
+p.disconnect()
+
+print("Starting advertisement listner")
+ps = subprocess.Popen(["btmon"], shell=False, stdout=subprocess.PIPE)
+gp = subprocess.Popen(["grep", "Name"], shell=False, stdin=ps.stdout)
+ps.stdout.close()
+#output = gp.communicate()[0]
+#ps.wait()
+
+print("Please wait 5s...")
+time.sleep(5)
+
+print("Starting hcitool")
+ps2 = subprocess.Popen(['hcitool', 'lescan'], shell=False) 
+
+print("Please wait 5s...")
+time.sleep(5)
+ps2.terminate()
+ps.terminate()
\ No newline at end of file
diff --git a/lvl_09_incomplete.py b/lvl_09_incomplete.py
deleted file mode 100644
index 8f3a108..0000000
--- a/lvl_09_incomplete.py
+++ /dev/null
@@ -1,10 +0,0 @@
-#! /usr/bin/python
-import binascii
-import struct
-import sys, os, time
-import bluepy.btle as btle
-  
-'''
-42  0x2A   READ         Im advertising the flag
-
-'''

diff --git a/lvl_08_incomplete.py b/lvl_08_incomplete.py
old mode 100644
new mode 100755
diff --git a/lvl_09.py b/lvl_09.py
new file mode 100755
index 0000000..ecf2bfe
--- /dev/null
+++ b/lvl_09.py
@@ -0,0 +1,45 @@
+#! /usr/bin/python
+from __future__ import print_function   # import print from python3: end=""
+import time   
+import re
+import subprocess
+import pexpect    # sudo apt-get install python-pexpect
+import random
+import binascii
+import struct
+import sys, os, time
+import bluepy.btle as btle
+  
+'''
+42  0x2A   READ         Im advertising the flag
+
+MD5OFLOL
+'''
+deviceMAC = open('ctf_mac.txt').read()  
+p = btle.Peripheral(deviceMAC)
+svc=p.getServiceByUUID(0x00FF)
+print ("Attached to peripheral")
+
+print("Loading level 09")
+hex1 = binascii.unhexlify(str('%0*x' % (4,9)))
+p.writeCharacteristic(0x30, hex1, withResponse=False)
+
+p.disconnect()
+
+print("Starting advertisement listner")
+ps = subprocess.Popen(["btmon"], shell=False, stdout=subprocess.PIPE)
+gp = subprocess.Popen(["grep", "Name"], shell=False, stdin=ps.stdout)
+ps.stdout.close()
+#output = gp.communicate()[0]
+#ps.wait()
+
+print("Please wait 5s...")
+time.sleep(5)
+
+print("Starting hcitool")
+ps2 = subprocess.Popen(['hcitool', 'lescan'], shell=False) 
+
+print("Please wait 5s...")
+time.sleep(5)
+ps2.terminate()
+ps.terminate()
\ No newline at end of file
diff --git a/lvl_09_incomplete.py b/lvl_09_incomplete.py
deleted file mode 100644
index 8f3a108..0000000
--- a/lvl_09_incomplete.py
+++ /dev/null
@@ -1,10 +0,0 @@
-#! /usr/bin/python
-import binascii
-import struct
-import sys, os, time
-import bluepy.btle as btle
-  
-'''
-42  0x2A   READ         Im advertising the flag
-
-'''
diff --git a/solutions.txt b/solutions.txt
old mode 100644
new mode 100755
index 86a26ad..e83265e
--- a/solutions.txt
+++ b/solutions.txt
@@ -7,7 +7,7 @@
 Attached to peripheral
 Loading level 1
 Reading value
-Flag: eca7d1f3cf60a8b5344a
+Flag: fc3fd58dcdad9ab23fac
 
 root@PiBenchDash:/opt/BLE_CTF_V2# ./lvl_02.py 
 Attached to peripheral
@@ -62,3 +62,45 @@
 [sp] Pairing successful
 [bp] Attached to peripheral
 [==] Flag: a16ee1a4001c66c3a670
+
+root@PiBenchDash:/opt/BLE_CTF_V2# ./lvl_09.py 
+Attached to peripheral
+Loading level 09
+Starting advertisement listner
+Please wait 5s...
+Starting hcitool
+Please wait 5s...
+LE Scan ...
+3C:71:BF:F1:EF:C6 FLAG_09
+3C:71:BF:F1:EF:C6 (unknown)
+        Name (complete): FLAG_09
+        Name (complete): MD5OFLOL
+        Name (complete): ..
+
+root@NanoyPiBenchDash:/opt/BLE_CTF_V2# ./send2handle.py 0x2e fc3fd58dcdad9ab23fac
+root@NanoyPiBenchDash:/opt/BLE_CTF_V2# ./send2handle.py 0x2e eca7d1f3cf60a8b5344a
+root@NanoyPiBenchDash:/opt/BLE_CTF_V2# ./send2handle.py 0x2e eca7d1f3cf60a8b5344a
+root@NanoyPiBenchDash:/opt/BLE_CTF_V2# ./send2handle.py 0x2e b46fa238cf820d0f60c1
+root@NanoyPiBenchDash:/opt/BLE_CTF_V2# ./send2handle.py 0x2e f401f21d02fdd0a4fc00
+root@NanoyPiBenchDash:/opt/BLE_CTF_V2# ./send2handle.py 0x2e 84cf61c35b2d9c92217d
+root@NanoyPiBenchDash:/opt/BLE_CTF_V2# ./send2handle.py 0x2e 1dec0e624f2ecf1513dc
+root@NanoyPiBenchDash:/opt/BLE_CTF_V2# ./send2handle.py 0x2e eca7d1f3cf60a8b5344a
+root@NanoyPiBenchDash:/opt/BLE_CTF_V2# ./send2handle.py 0x2e aee4bd941f8b4d9e3921
+
+root@NanoyPiBenchDash:/opt/BLE_CTF_V2# ./enumerate.py 
+- snip -
+42  0x2A   READ         docs: https://github.com/hackgnar/ble_ctf_infinity
+44  0x2C   READ         Flags complete: 9 /10
+46  0x2E   READ WRITE   Submit flags here
+48  0x30   READ WRITE   Write 0x0000 to 0x00FF to goto flag
+50  0x32   READ WRITE   Write 0xC1EA12 to reset all flags
+52  0x34   READ         Flag 0: Complete  
+54  0x36   READ         Flag 1: Complete  
+56  0x38   READ         Flag 2: Complete  
+58  0x3A   READ         Flag 3: Complete  
+60  0x3C   READ         Flag 4: Complete  
+62  0x3E   READ         Flag 5: Complete  
+64  0x40   READ         Flag 6: Complete  
+66  0x42   READ         Flag 7: Complete  
+68  0x44   READ         Flag 8: Incomplete
+70  0x46   READ         Flag 9: Complete