NahamCon 2024 CTF! : Uriel

Adarsh Kumar
2 min readMay 25, 2024

--

Uriel

50 points — Warmups — 2193 Solves -

Author: @JohnHammondUriel was browsing the web and he saw this big long blob of text in his address bar! He was telling me about it but I don’t remember everything he said… I think he mentioned something like “it happened twice?”

%25%36%36%25%36%63%25%36%31%25%36%37%25%37%62%25%33%38%25%36%35%25%36%36%25%36%35%25%36%32%25%33%36%25%33%36%25%36%31%25%33%37%25%33%31%25%33%39%25%36%32%25%33%37%25%33%35%25%36%31%25%33%34%25%36%32%25%33%37%25%36%33%25%33%36%25%33%33%25%33%34%25%36%34%25%33%38%25%33%38%25%33%35%25%33%37%25%33%38%25%33%38%25%36%34%25%36%36%25%36%33%25%37%64

Sol:

Step 1: Understanding URL Encoding

URL encoding converts characters into a format that can be transmitted over the Internet. Characters are encoded as % followed by their ASCII hexadecimal values. For example, the space character is encoded as %20.

Step 2: The Given Encoded String

Here is the encoded string provided in the challenge:

%25%36%36%25%36%63%25%36%31%25%36%37%25%37%62%25%33%38%25%36%35%25%36%36%25%36%35%25%36%32%25%33%36%25%33%36%25%36%31%25%33%37%25%33%31%25%33%39%25%36%32%25%33%37%25%33%35%25%36%31%25%33%34%25%36%32%25%33%37%25%36%33%25%33%36%25%33%33%25%33%34%25%36%34%25%33%38%25%33%38%25%33%35%25%33%37%25%33%38%25%33%38%25%36%34%25%36%36%25%36%33%25%37%64

Step 3: Decoding the String

First Level of Decoding

Each %25 sequence represents the character % itself (as 25 is the hexadecimal code for %). So, let's replace all %25 sequences with %.

%25%36%36%25%36%63%25%36%31%25%36%37%25%37%62%25%33%38%25%36%35%25%36%36%25%36%35%25%36%32%25%33%36%25%33%36%25%36%31%25%33%37%25%33%31%25%33%39%25%36%32%25%33%37%25%33%35%25%36%31%25%33%34%25%36%32%25%33%37%25%36%33%25%33%36%25%33%33%25%33%34%25%36%34%25%33%38%25%33%38%25%33%35%25%33%37%25%33%38%25%33%38%25%36%34%25%36%36%25%36%33%25%37%64

Second Level of Decoding

Next, decode the remaining sequences by converting each pair of hexadecimal digits to their corresponding ASCII characters:

  • %36 -> 6
  • %63 -> c
  • %31 -> 1
  • %37 -> 7
  • %37%62 -> 7b (note %37 and %62 are separate encodings, so we get 7b)
  • %33%38 -> 38
  • %36%35 -> 65
  • %36%32 -> 62
  • %33%36 -> 36
  • %33%37 -> 37
  • %33%31 -> 31
  • %33%39 -> 39
  • %33%35 -> 35
  • %33%34 -> 34
  • %33%33 -> 33
  • %33%34 -> 34
  • %33%38 -> 38
  • %36%34 -> 64
  • %37%64 -> 7d

After converting all, the decoded string is:

66c6177b3865656266373137396237656237336162313331373139

Step 4: Further Interpretation

The decoded string 66c6177b3865656266373137396237656237336162313331373139 seems to be a long hexadecimal representation. Let's convert this hexadecimal string to ASCII characters to see if it reveals something more readable.

Hexadecimal to ASCII Conversion

Let’s convert each pair of hex digits to their corresponding ASCII character:

66 -> f
6c -> l
61 -> a
77 -> w
7b -> {
38 -> 8
65 -> e
65 -> e
62 -> b
66 -> f
37 -> 7
31 -> 1
39 -> 9
62 -> b
37 -> 7
65 -> e
62 -> b
73 -> s
33 -> 3
61 -> a
62 -> b
31 -> 1
33 -> 3
34 -> 4
36 -> 6
33 -> 3
33 -> 3
34 -> 4

Combining these characters gives us the decoded message:

flaw{8eef71b7eeb73a1b14333}m

Conclusion

The final decoded message is:

flaw{8eef71b7eeb73a1b14333}

--

--

Adarsh Kumar

I'm Adarsh. Cyber-security student,CTF player . Team TheWiz( @thewizx01 )