Search for a command to run...
Santa left you an encoded gift under the tree!
Recover the hidden message inside the encoded data/
Flag format: FLAGT{...}
cat encoded.txt
# Output: cXt2cEwEA0ROaHAGUUNoYwdodQQBBnlob3oDAko=
The encoded string looks like base64.
file decoder
# Output: ELF 64-bit LSB pie executable, x86-64
strings decoder
# Shows: "Welcome to Santa's decoder π"
# "Here is your encoded gift: %s"
# "Can you recover the secret message?"
# "encoded.txt"
The binary appears to just read and display the encoded text - it doesn't actually decode it! This means we need to figure out the encoding scheme ourselves.
Since the encoded string looks like base64, let's decode it:
echo "cXt2cEwEA0ROaHAGUUNoYwdodQQBBnlob3oDAko=" | base64 -d | hexdump -C
Output:
00000000 71 7b 76 70 4c 04 03 44 4e 68 70 06 51 43 68 63 |q{vpL..DNhp.QChc|
00000010 07 68 75 04 01 06 79 68 6f 7a 03 02 4a |.hu...yhoz..J|
The decoded bytes contain:
q{vpL, DNhp, QChc, hu, yhoz, J0x04, 0x03, 0x06, 0x07, 0x01, 0x02This suggests another layer of encoding beyond base64.
The presence of control characters suggests a cipher. XOR encryption is common in CTF, so we try XOR with different single byte keys:
#!/usr/bin/env python3
import base64
encoded = "cXt2cEwEA0ROaHAGUUNoYwdodQQBBnlob3oDAko="
decoded_bytes = base64.b64decode(encoded)
# Try ALL 256 possible single byte keys (0x00 to 0xFF)
for key in range(256):
result = bytes([b ^ key for b in decoded_bytes])
try:
text = result.decode('ascii')
# Check if all bytes are printable ASCII (32-126)
if all(32 <= b < 127 for b in result):
print(f"Key 0x{key:02x} ({key:3d}): {text}")
if 'FLAG' in text:
print(f" *** FOUND THE FLAG! ***")
break
except:
pass
XORing with 0x37 (55 in decimal) reveals the flag.
Key 0x20 ( 32): Q[VPl$#dnHP&qcHC'HU$!&YHOZ#"j
Key 0x21 ( 33): PZWQm%"eoIQ'pbIB&IT% 'XIN["#k
...
Key 0x37 ( 55): FLAG{34sy_G1ft_T0_B361N_XM45}
*** FOUND THE FLAG! ***