ASIS-CTF Finals 2014 - CapLow (75pts) writeup

The challenge description was: Our new agent encrypt a message like this, let us know what he wanted to say!

qvnju181mjziote0zge4mdk0odi4odfmnmnmnmi5zjm2yzy3mq==

So let's find out what this agent wanted to say, this definitely looks like base64 encoded data:

mrt:~/asis/caplow$ echo "qvnju181mjziote0zge4mdk0odi4odfmnmnmnmi5zjm2yzy3mq==" | base64 --decode
...._5.<......4...i.h..9..<..

Obviously it's scrambled because it's all lower case, let's try the uppercase version:

mrt:~/asis/caplow$ echo "QVNJU181MJZIOTE0ZGE4MDK0ODI4ODFMNMNMNMI5ZJM2YZY3MQ==" | base64 --decode
ASIS_50.H914da802.82881L4.L4.9d.6a.71

Much better, so we know that we need to find the proper casing for the base64 string in order to get the flag. While making a script to do that could be fun I decided to go manually but chunks of 8 letters:

mrt:~/asis/caplow$ echo "QVNJU181" | base64 --decode
ASIS_5

mrt:~/asis/caplow$ echo "MjZiOTE0" | base64 --decode
26b914

And after a couple minutes:

mrt:~/asis/caplow$ echo "QVNJU181MjZiOTE0ZGE4MDk0ODI4ODFmNmNmNmI5ZjM2YzY3MQ==" | base64 --decode
ASIS_526b914da809482881f6cf6b9f36c671

We got our flag:

ASIS_526b914da809482881f6cf6b9f36c671