 Hello everyone and welcome back to another YouTube video. My name is John Hammond, still checking out the Junior CTF or capture the flag game and competition that was going on last weekend. So I want to showcase this ROFL rolling on floor laughing challenge. Apparently it's a trivial admin task, whatever that means, 400 points. So a few people will solve it. And there's a GIF, a GIF, or whatever, of a rolling around. And he is actually a link. If you click on him, it leads you to the Base64 Wikipedia article. And we get this included PDF file, which is apparently a bunch of Base64 strings or a giant Base64 string. Who knows? Let's take a look at it and let's download it. So I actually view the source here. I go ahead and I grab the URL for this, because I just want to straight up download it. I think you can, can you just click on it? Or can you like specify a download? No, that's a zoom in button. So I guess you would just have to save it. And let's put it in Junior's. There's going to do folder for this one, ROFL. So let's sit over there. CDROFL. Oh, almost got some seem locomotive twice in a row. Damn. All right. So there's the text PDF. Is that an actual PDF file now? Did they, did they just fool me with that? I don't want the viewer. I want the actual URL. Okay. So now let's save this. Let's save this. I just want to be sure. Let's get rid of the text files. Okay. So we have this giant PDF, which we want to be able to get the text out of. I'm not going to like copy and paste all this because that would be dumb. Although it would probably work. Maybe can I control A? Yeah, select all just like that. Sweet. Maybe that actually isn't too bad of an idea. I had used PDF to text and just scraped out everything out of here. PDF to txt. And that gets it all, but it includes the new line characters, which may not be what you want all the time. It's going page by page. And there are 73 pages. So it's .text. If you do this, does this include new lines? It does. It looks like. I mean, all of these are new lines. Regardless, we should be able to save this one now. So there's our text in all in base 64. What just happened? Did I just delete it? Yeah, I guess I guess I deleted it. What the heck just happened? Okay, whatever. Let's put it back. And we can base 64 decode this now. We can base 64 dash D it. But it gives us more base 64, which I'm assuming if we base 64 decode that it will give us more base 64. So right now we have like recursive base 64. So I tried to like, whip out a small easy thing to be able to keep track of that. So I created a like zero file. And I cat zero, right? So now what I'm going to do is I'm going to create a while loop, or a for loop, actually, because I can do this like, let's say 100 times for I in range of one to 100. And I can do let's let a variable p equal i, the value of i minus one. So I use let so I can do some math and actually subtract one from this guy. So people be the previous thing. And I will be the current file that I'm looking at because I want to be able to keep decoding again and again and again. But I don't want to override everything that I've done if I append or if I overwrite the file that I'm currently processing and looking at because bash does that sometimes. So we let this new variable and then we can base 64 decode the previous and we append it to or we redirect it to a new file, the I file. So it's done. And now we have a bunch of files, which I can all file if I wanted to. And I get ASCII text ASCII text ASCII text all the time, until I get this 32 one which apparently has ISO 8859 text. So if you actually cattle all these now, or if you like you did for I in range some of them actually are empty, like you saw, like everything after almost after 32 is empty so we know we're at the very end. Let's display them all 0232 do cat I done. But again, it's just the recursive base 64 until we get to the very end, which is this ISO encoding. See, I googled this for a little bit. Like what is this thing but it's just in their character set. So it took a lot of lurking around in the telegram like IRC chat, conversation channel thing, begging administrators and mods and asking like what are we supposed to do with this. What is this is clearly not the flag this is clearly not the hex bytes for it like if I just hex edit that file. We've got some things here but these are a unit there's a specific character set. So what they tell us eventually is that, oh, we didn't expect like this challenge wasn't intended for any other international players this was just for Russian, because it was a Russian CTF this was just for this is not for non Russian players. So they didn't expect anyone to actually like get this one that was outside of the Russia or whatever they were they were putting it on for. So apparently this ISO 8859 text is Koi, which is another Koi 8, which is an 8 bit character encoding designed to cover Russian. So that it is it it's just being interpreted as the ISO 8859 one right now. So we have to convert it from Koi to UTF-8 or something we can actually read or something like a real Russian text flag. So literally the flag is in Russian. I would not have been able to get in this I would never have gotten this unless they straight up told me this is what I have to do, which is why they straight up told me this is what I had to do. So again, if I have not yet made my point clear about how much this was a crazy stupid and sometimes really bad CTF and there was a lot of guessing and a lot of weird language barriers. Yet again, the flag is in Russian. So, okay, let me explain what I did. Then I'm solving it and getting it out of the that Koi encoding my get flag script uses icon to force the Koi 8 file into changing the type to UTF-8. So that's the command I ended up running the convert convert text from one character encoding to another. So I convert Koi 8 R the 32 file to a new file, the flag dot text, and I can cat that file and literally this Russian text is your flag. I don't know if it actually translates anything. That's actually an interesting point. Does this translate to anything at all? Huts, wonder. Yeah, whatever that is or means. But literally you would submit this as literally what you would submit and get your points. So peculiar, peculiar challenge, but really cool recursive base 64 encoding. I hadn't done that tactic before where I had like a simple while loop previous number that I can base 64 out of and just crank that out in a while loop and then I can just see where the offset is and what I hit all the empty files. Anyway, I know, okay, this 32 was the last one in recursive base 64. So that was kind of cool. Not too bad of a challenge, although what the heck? Not too bad in the technical sense that I did some cool bash scripting while loops for recursive base 64. But why is the flag in Russian? Whatever, I realize it's a Russian CTF. But I was hoping for international players we could still be cool. Enough of me gibber jabbering and blabbering on. Thanks for watching the video guys. I hope to see you in a later video.