Advent of Cyber 2025 - Day 17


🏰 Breaking the Quantum Warren: A CyberChef Decoding Adventure

Introduction

McSkidy has been captured and confined inside the Quantum Warren, a fortified environment protected by multiple logic‑based authentication layers. Before being trapped, she left subtle clues embedded inside seemingly harmless bunny images.

To help recover access, defenders must analyze how data is encoded, transformed, and validated inside a web application. This challenge focuses on practical decoding techniques, browser inspection, and effective use of CyberChef.

Learning Objectives

By completing this challenge, we learn to:

  • Differentiate between encoding, decoding, and encryption

  • Use CyberChef for real‑world data transformations

  • Extract meaningful information from HTTP headers

  • Analyze client‑side login logic

  • Apply decoding techniques step by step

Key Concepts

Encoding vs Encryption

EncodingEncryption
Ensures compatibilityEnsures confidentiality
Easily reversibleRequires a secret key
No security guaranteeProvides protection
Example: Base64Example: TLS

Decoding simply reverses encoding to restore original data.
Encryption is designed to prevent unauthorized access.

CyberChef Overview

CyberChef is widely known as the “Cyber Swiss Army Knife” for data analysis.

Main Components

  • Operations – Available transformations (Base64, XOR, ROT, Hashing, etc.)

  • Recipe – Chain multiple operations together

  • Input – Encoded or transformed data

  • Output – Decoded or processed result

Simple Example

  • Input: IamRoot

  • Operation: To Base64

  • Then apply From Base64

  • Output: IamRoot

Inspecting Web Pages

Modern browsers expose much more than visible content.

Useful Browser Tools

  • Elements – View page structure

  • Network – Inspect requests and responses

  • Debugger – Analyze scripts

  • Console – Execute JavaScript and view logs

These tools help uncover:

  • Encoded chat messages

  • Authentication logic

  • Hidden HTTP headers

  • Guard or user identifiers

Lock‑by‑Lock Breakdown

🔐 First Lock – Outer Gate

Findings

  • Chat messages were Base64 encoded

  • A question appeared inside HTTP headers:

    “What is the password for this level?”

Logic

  • Username and message must be Base64 encoded

  • Guard’s reply must be decoded

Result

  • Password: Iamsofluffy

🔐 Second Lock – Outer Wall

Change Introduced

  • Password was double Base64 encoded

Steps

  • Extract encoded value

  • Decode Base64 twice

Result

  • Password: Itoldyoutochangeit!

🔐 Third Lock – Guard House

Mechanism

  • Password flow:

    XOR → Base64

  • XOR key:

    cyberchef

Steps

  • Decode Base64

  • Apply XOR using the key

Result

  • Password: BugsBunny

🔐 Fourth Lock – Inner Castle

Curveball

  • Password returned as an MD5 hash

Solution

  • Use a hash lookup service (e.g., CrackStation)

Result

  • Password: passw0rd1

🔐 Fifth Lock – Prison Tower

Dynamic Logic

  • Decoding logic depends on a Recipe ID found in HTTP headers

Recipe Mapping

Recipe IDDecoding Logic
1From Base64 → Reverse → ROT13
2From Base64 → From Hex → Reverse
3ROT13 → From Base64 → XOR(key)
4ROT13 → From Base64 → ROT47

Steps

  • Identify Recipe ID

  • Build matching CyberChef recipe

  • Decode password

Result

  • Password: 51rBr34chBl0ck3r

🏁 Final Flag

THM{M3D13V4L_D3C0D3R_4D3P7}

Conclusion

This challenge provided a hands‑on introduction to:

  • Encoding and decoding fundamentals

  • CyberChef recipe chaining

  • XOR operations

  • Hash identification and cracking

  • Web application inspection techniques

It reinforces an important lesson:

Understanding encoding mechanisms is just as critical as breaking encryption.

Through careful analysis and structured decoding, access was restored and McSkidy’s escape became possible.

Comments

Post a Comment