Encoding challenge – CTF challenge GP August ’21

by Danni Leave Comment

The last challenge in the "Encoding" category is proudly named "Encoding challenge".

The Encoding challenge.

With that challenge we are provided with a blob of data that presumably is encoded in some way. Below you can see the full string.

90kMOdWSU50ZFpXTnlEROdWUU50ZFRlTnVkeNdWSU50ZjRkTn1kMOdWQq10ZBpWTnFkaNdWQq10ZBpWTnFkaNdWQq10ZBpWTnFkaNdWQq10ZBpWTnFkaNdWQq10ZBpWTnFkaNdWQq10ZBpWTnFkaNdWQq10ZBpWTnFkaNdWQq10ZBpWTnFkaNdWQq10ZBpWTnlkeNdWV610ZBpWTnVkeNdWT610ZBpWTnlkeNdWU610ZBpWTnFleNdWV610ZBpWTnVkeNdWV610ZBpWTnVkeNdWT610ZBpWTnlkeNdWV610ZBpWTnNmeNdWU610ZBpWTnFkaNdWQ610ZNpXTnFkeNdWQ610ZBpXTnFkeNdWQ610ZBpXTnV0RNdWTy40ZVpmTnVkMOdWUq50ZF1mTnV1ROdWUU50ZNpmTnFleNdWUH50ZJpXTnlFROdWUt50ZrRlTnNGVOd2aE50ZFpXTn1kMOdWQq10ZBpWTnVleNdWW610ZBpWTnVkaOd2Y610ZBpWTnFleNdWW610ZBpWTnVkaOdWW610ZBpWTnVlaOdWU610ZBpWTnFleNdWV610ZBpWTn1keNdWW610ZBpWTnFleNdWT610ZBpWTnFlaOdWU610ZBpWTnlkeNdWT610ZBpWTnlleNdWU610ZBpWTnFlaOdWW610ZBpWTntmeNdWV610ZBpWTnNmeNdWV610ZBpWTntmeNdWU610ZBpWTnVkeNdWT610ZBpWTnFkaNdWQ610ZJpXTnFkeNdWQ610ZBpXTnFkeNdWQ610ZBpXTnV0RNdWTy40ZRdkTnFFVOd2Yq50ZBpXTnV0VOdWUU50ZjpmTndmeOdWRX50ZRRkTnVEVOdWV610ZZdkTnNGROdWRU50ZFJjTn1kMOdWQq10ZBpWTnFlaOdWU610ZBpWTnFleNdWV610ZBpWTnNmeNdWW610ZBpWTnFkeNdWT610ZBpWTnVkaOdWV610ZBpWTnFleNdWV610ZBpWTnNmeNdWW610ZBpWTndmeNd2Y610ZBpWTnVkaOdWV610ZBpWTnFleNdWU610ZBpWTnVkeNdWV610ZBpWTnVleNdWT610ZBpWTnllaOdWU610ZBpWTnNmeNdWU610ZBpWTnVkeNdWV610ZBpWTnVkaOd2Y610ZBpWTnFkaNdWQ610ZFpXTnFkeNdWQ610ZBpXTnFkeNdWQ610ZBpXTnV0RNdWTy40ZZdkTnFFROdWSt50ZnpnTnl1ROd2YU50ZFRlTndmeOdWWH50ZjRkTnVFROd2Z650ZZpmTnVEVOdWUy00ZRJTTn1kMOdWQq10ZBpWTnllaOdWU610ZBpWTnFleNdWU610ZBpWTnlkaOdWW610ZBpWTndmeNd2Y610ZBpWTnllaOdWU610ZBpWTnNmeNdWV610ZBpWTnVkeNdWV610ZBpWTndmeNd2Y610ZBpWTnllaOdWU610ZBpWTnNmeNdWU610ZBpWTnVleNdWU610ZBpWTndmeNd2Y610ZBpWTnlleNdWW610ZBpWTnVkeNdWV610ZBpWTnFlaOdWT610ZBpWTnFlaOdWT610ZBpWTnFkaNdWQ610ZBpXTnFkeNdWQ610ZBpXTnFkeNdWQ610ZBpXT

The data seems not to have "weird" characters within and only consist of regular alphanumeric characters. Trying the, for me, obvious tries - like base64 (and variants like base32, base58, base62 and base85) didn't gave any useful data to work further with.
I tried different XOR configurations and ROT13 - but with no further information, it was hard to know in which direction to go. I had a hard time trying to encompas how to proceed, so I moved on to some of the other challenges in the CTF.

After revisiting this challenge, I poked around on the internet, trying to figure out a way to go. This is my first CTF, after only "having fun" at TryHackMe. It's fun (and frustrating) to participate in a "real" CTF; No big hints, timing, scoreboards etc. I kind of like it.
Okay, after some surfing the internet-wave, I stumbled upon the site https://scwf.dima.ninja/ - a live-version of the "Solve Crypto With Force (SCWF)" from https://github.com/DaWouw/SCWF. Putting the provided data into this, didn't at first give anything useful (also the tool is more for crypto and not "normal" encoding). But it suggested that the data was mal-padded base64 - reversed.

Alright - so first off, reverse the data, pad it to fit base64 and then decode. Success! Now we have a new base64 string ready for another decode. This reveals hex-code. I decoded the hex, only to find a full hexdump with clear reversed base64. Working in python, I had to improvise a simple "extractor", reverse and decode that base64 and BUM! Right there the flag revealed itself.

Below is the python script created to extract the flag.

#! /usr/bin/env python3
import base64
from binascii import unhexlify

data = "90kMOdWSU50ZFpXTnlEROdWUU50ZFRlTnVkeNdWSU50ZjRkTn1kMOdWQq10ZBpWTnFkaNdWQq10ZBpWTnFkaNdWQq10ZBpWTnFkaNdWQq10ZBpWTnFkaNdWQq10ZBpWTnFkaNdWQq10ZBpWTnFkaNdWQq10ZBpWTnFkaNdWQq10ZBpWTnFkaNdWQq10ZBpWTnlkeNdWV610ZBpWTnVkeNdWT610ZBpWTnlkeNdWU610ZBpWTnFleNdWV610ZBpWTnVkeNdWV610ZBpWTnVkeNdWT610ZBpWTnlkeNdWV610ZBpWTnNmeNdWU610ZBpWTnFkaNdWQ610ZNpXTnFkeNdWQ610ZBpXTnFkeNdWQ610ZBpXTnV0RNdWTy40ZVpmTnVkMOdWUq50ZF1mTnV1ROdWUU50ZNpmTnFleNdWUH50ZJpXTnlFROdWUt50ZrRlTnNGVOd2aE50ZFpXTn1kMOdWQq10ZBpWTnVleNdWW610ZBpWTnVkaOd2Y610ZBpWTnFleNdWW610ZBpWTnVkaOdWW610ZBpWTnVlaOdWU610ZBpWTnFleNdWV610ZBpWTn1keNdWW610ZBpWTnFleNdWT610ZBpWTnFlaOdWU610ZBpWTnlkeNdWT610ZBpWTnlleNdWU610ZBpWTnFlaOdWW610ZBpWTntmeNdWV610ZBpWTnNmeNdWV610ZBpWTntmeNdWU610ZBpWTnVkeNdWT610ZBpWTnFkaNdWQ610ZJpXTnFkeNdWQ610ZBpXTnFkeNdWQ610ZBpXTnV0RNdWTy40ZRdkTnFFVOd2Yq50ZBpXTnV0VOdWUU50ZjpmTndmeOdWRX50ZRRkTnVEVOdWV610ZZdkTnNGROdWRU50ZFJjTn1kMOdWQq10ZBpWTnFlaOdWU610ZBpWTnFleNdWV610ZBpWTnNmeNdWW610ZBpWTnFkeNdWT610ZBpWTnVkaOdWV610ZBpWTnFleNdWV610ZBpWTnNmeNdWW610ZBpWTndmeNd2Y610ZBpWTnVkaOdWV610ZBpWTnFleNdWU610ZBpWTnVkeNdWV610ZBpWTnVleNdWT610ZBpWTnllaOdWU610ZBpWTnNmeNdWU610ZBpWTnVkeNdWV610ZBpWTnVkaOd2Y610ZBpWTnFkaNdWQ610ZFpXTnFkeNdWQ610ZBpXTnFkeNdWQ610ZBpXTnV0RNdWTy40ZZdkTnFFROdWSt50ZnpnTnl1ROd2YU50ZFRlTndmeOdWWH50ZjRkTnVFROd2Z650ZZpmTnVEVOdWUy00ZRJTTn1kMOdWQq10ZBpWTnllaOdWU610ZBpWTnFleNdWU610ZBpWTnlkaOdWW610ZBpWTndmeNd2Y610ZBpWTnllaOdWU610ZBpWTnNmeNdWV610ZBpWTnVkeNdWV610ZBpWTndmeNd2Y610ZBpWTnllaOdWU610ZBpWTnNmeNdWU610ZBpWTnVleNdWU610ZBpWTndmeNd2Y610ZBpWTnlleNdWW610ZBpWTnVkeNdWV610ZBpWTnFlaOdWT610ZBpWTnFlaOdWT610ZBpWTnFkaNdWQ610ZBpXTnFkeNdWQ610ZBpXTnFkeNdWQ610ZBpXT"

data_reversed = data[::-1]
data_padded = data_reversed + '='
data_base64 = base64.b64decode(data_padded)
data_base64_2 = base64.b64decode(data_base64)
data_hex = bytes.fromhex(data_base64_2.decode())

data_hex_lines = [ line for line in data_hex.split(b'\n')]
data_hexdump = b''
for line in data_hex_lines:
    data_hexdump += line.split(b'|')[1]

data_hexdump_reversed = data_hexdump[::-1]
data_hexdump_reversed = data_hexdump_reversed.decode()

data_base64_3 = base64.b64decode(data_hexdump_reversed)

print(data_base64_3)

FLAG

GPSCTF{7c5783afab5184e81d498d38919d18a1}

Leave a Reply

Your email address will not be published. Required fields are marked *