Category: Miscellaneous
Flag: apoorvctf{d0n7_w0rry_y0u_4r3_s4n3}
Challenge Description
Hallo, Wave 2 has been released , Happy pwning
Analysis
At first this one felt like a troll because the obvious Discord flag everyone sees is the welcome free-points one, and that was wrong for this challenge.
So I stopped overthinking and did the basic thing manually: looked at the suspicious announcement that matched the exact challenge text vibe (the Wave 2 post), copied that message content, and inspected it as escaped Unicode. The escaped output immediately showed tons of invisible characters (\u200c, \u200d, \u202a, \u202c, \ufeff) injected all over the text, which is a classic hidden-payload signal.
TOKEN="<discord_token>"
CID="1089453266208829520"
MID="1479871689105084446"
curl -s -H "Authorization: $TOKEN" "https://discord.com/api/v9/channels/$CID/messages?around=$MID&limit=100" \
| jq -r '.[] | select(.id=="1479871689105084446") | .content'Hallo @everyone !
Wave 2 is now released! 🌊 We hope ...python - <<'PY'
import os
import requests
token = "<discord_token>"
cid = "1089453266208829520"
mid = "1479871689105084446"
api = "https://discord.com/api/v9"
r = requests.get(
f"{api}/channels/{cid}/messages",
headers={"Authorization": token},
params={"around": mid, "limit": 100},
timeout=30,
)
msg = [m for m in r.json() if m["id"] == mid][0]["content"]
print(msg.encode("unicode_escape").decode())
PY\u200c\u200c\u200c\u200c\u202c\ufeff\u202aHallo @everyone \u200c\u200c\u200c\u200c\ufeff\u202a\u202a!
\n\nWave \u200c\u200c\u200c\u200c\ufeff\u202a\u200d\u200c\u200c\u200c\u200c\ufeff\u202a\u200d2...From there the decode path was straightforward: split invisible runs into fixed 7-symbol chunks and treat each symbol as a base-5 digit. The mapping that produced readable text was \u200c=0, \u200d=1, \u202a=2, \u202c=3, \ufeff=4. Decoding those base-5 chunks gave the flag text directly.
python - <<'PY'
import re
import requests
token = "<discord_token>"
cid = "1089453266208829520"
mid = "1479871689105084446"
api = "https://discord.com/api/v9"
r = requests.get(
f"{api}/channels/{cid}/messages",
headers={"Authorization": token},
params={"around": mid, "limit": 100},
timeout=30,
)
msg = [m for m in r.json() if m["id"] == mid][0]["content"]
runs = []
cur = ""
for ch in msg:
cp = ord(ch)
if (0x200B <= cp <= 0x200F) or (0x202A <= cp <= 0x202E) or (0x2060 <= cp <= 0x206F) or cp == 0xFEFF:
cur += ch
else:
if cur:
runs.append(cur)
cur = ""
if cur:
runs.append(cur)
mp = {"\u200c": 0, "\u200d": 1, "\u202a": 2, "\u202c": 3, "\ufeff": 4}
out = []
for r in runs:
for i in range(0, len(r), 7):
blk = r[i:i+7]
if len(blk) < 7:
continue
v = 0
for ch in blk:
v = v * 5 + mp[ch]
out.append(chr(v))
decoded = "".join(out)
print(decoded)
print(re.findall(r"apoorvctf\{[^}]+\}", decoded, re.I))
PYapoorvctf{d0n7_w0rry_y0u_4r3_s4n3}
['apoorvctf{d0n7_w0rry_y0u_4r3_s4n3}']Solution
# solve.py
import re
import requests
TOKEN = "<discord_token>"
CHANNEL_ID = "1089453266208829520"
MESSAGE_ID = "1479871689105084446"
API = "https://discord.com/api/v9"
r = requests.get(
f"{API}/channels/{CHANNEL_ID}/messages",
headers={"Authorization": TOKEN},
params={"around": MESSAGE_ID, "limit": 100},
timeout=30,
)
msg = [m for m in r.json() if m["id"] == MESSAGE_ID][0]["content"]
runs = []
cur = ""
for ch in msg:
cp = ord(ch)
if (0x200B <= cp <= 0x200F) or (0x202A <= cp <= 0x202E) or (0x2060 <= cp <= 0x206F) or cp == 0xFEFF:
cur += ch
else:
if cur:
runs.append(cur)
cur = ""
if cur:
runs.append(cur)
mapping = {"\u200c": 0, "\u200d": 1, "\u202a": 2, "\u202c": 3, "\ufeff": 4}
decoded = []
for r in runs:
for i in range(0, len(r), 7):
blk = r[i:i+7]
if len(blk) < 7:
continue
value = 0
for ch in blk:
value = value * 5 + mapping[ch]
decoded.append(chr(value))
decoded_text = "".join(decoded)
print(decoded_text)
print(re.findall(r"apoorvctf\{[^}]+\}", decoded_text, re.I))python solve.pyapoorvctf{d0n7_w0rry_y0u_4r3_s4n3}
['apoorvctf{d0n7_w0rry_y0u_4r3_s4n3}']