Category: PicoCTF_2023

Contains all write ups for challenges featured in 2023’s picoCTF event from 14th March to 28th March.

PicoCTF_2023 /

Repetitions

PicoCTF 2023 challenge: Repetition
Figure 1: The challenge description

This challenge starts off with an encoded file, “enc_flag” which was downloaded with wget into Kali Linux Virtual Machine.

Inspection of enc_flag’s contents shows it to a piece of encoded string, consisting of a mix of Upper case letters, lower case letters and integers.

At a quick glance, the string does not start with 0x, it contains lower case letters as well as upper case letters beyond F in the alphabet. Therefore it is certainly not some numeric value like hexadecimal but resembles ASCII characters. Most notably, the piece of string ending in == could be indicative of base64 encoding.

Further reading from base64encoder confirms this and explains that a double == instead of single = means the last chunk of the message is exactly 16 bits. [1]

Hence ASCII decoding was performed on the message using bash command.

echo -e <string> | base64 -d
Figure 1: 1st base64 decoding iteration.

This did not convert the message into any recognizable English. It may be that a different encoding was used but the clues in the hint suggests a different reason. The wording was “multiple decoding” with no mention of different decoding schemes stacked together.

Hence the next step is to take the output of this decoding as input to a second iteration of decoding, then doing this repetitively till it becomes legible English. To prevent wasting time if this is the wrong approach, I will run no more than 10 iterations.

Figure 2: 2nd base64 decoding iteration.
Figure 3: 3rd base64 decoding iteration.
Figure 4: 4th base64 decoding iteration.
Figure 5: 5th base64 decoding iteration.

Upon the 5th iteration, the output has shown the flag.

References:

[1] “What is Base64 Encoding and How does it work?,” www.base64encoder.io. https://www.base64encoder.io/learn/