Vault door 5

In the last challenge, you mastered octal (base 8), decimal (base 10), and hexadecimal (base 16) numbers, but this vault door uses a different change of base as well as URL encoding!

Analysis:

There are 2 functions, base64encode and urlencode. urlencode is in UTF-8 format.

String expected is compared with the converted password we entered to see if its corrrect.

Solution:

We want to first reverse the base64 encoding and utf-8 and we can do it using pybase64 module.

Next we notice that in urlencode there is .format("%%%2x",input...) To break this down ( my interpretation ). The first % is to start, and last to end. Leaving the middle one which is added into the string. 2x means changing it into hexadecimal form. As a result, the string after i decode will be %(hex value)...

To address this, we can .replace('%',' 0x') in python and we can then convert hex to int.

This is the code:

from pybase64 import b64decode

string = "JTYzJTMwJTZlJTc2JTMzJTcyJTc0JTMxJTZlJTY3JTVm"+ "JTY2JTcyJTMwJTZkJTVmJTYyJTYxJTM1JTY1JTVmJTM2"+ "JTM0JTVmJTM4JTM0JTY2JTY0JTM1JTMwJTM5JTM1"
decoded = b64decode(string).decode('utf-8')
replaced = decoded.replace("%"," 0x") #we need to reverse the binary conversion ".format(%%%2x)"
# %%% means add perfectange sign first % is to start, last to exit
#2x refers to changing to hexadecimal, thus we need to convert it back to original numbers
print(replaced)
characters = replaced.split(" ")
output = "picoCTF{"
for ch in characters:
    if ch != '':
        output += chr(int(ch,16))

print(output+"}")

Flag : picoCTF{c0nv3rt1ng_fr0m_ba5e_64_84fd5095}