Description
This vault uses Base64 and URL encoding for the password. Decode the layers to find the flag.
Setup
Download the Java source file and inspect it.
wget <url>/VaultDoor5.javaSolution
Walk me through it- Step 1Read the Java source and identify the encoding chainOpen VaultDoor5.java. The checkPassword method applies Base64 encoding and URL encoding to the input, then compares it to a stored string. To reverse this: the stored string is URL-decoded, then Base64-decoded, to recover the password.bash
cat VaultDoor5.javaLearn more
Base64 encodes binary data as printable ASCII characters (A-Z, a-z, 0-9, +, /). It inflates the data by 33% and is reversible without a key.
URL encoding (percent encoding) replaces special characters with a percent sign followed by their hex code (e.g., space becomes %20). This ensures text can be safely embedded in URLs.
These are encodings, not encryption - they provide zero confidentiality. Anyone who recognizes the encoding chain can reverse it instantly.
- Step 2Reverse the encoding chainExtract the stored encoded string from the Java source. First URL-decode it, then Base64-decode the result. The output is the password to submit.bash
# URL-decode then Base64-decode the stored string:pythonpython3 -c "import urllib.parse, base64; s = '<paste stored string>'; print(base64.b64decode(urllib.parse.unquote(s)).decode())"Learn more
Python's
urllib.parse.unquote()performs URL decoding.base64.b64decode()performs Base64 decoding. Chain them in the reverse order of the encoding (URL-decode first, then Base64-decode) to recover the plaintext.
Alternate Solution
Use the Base64 Decoder on this site to reverse the Base64 layer after manually URL-decoding the stored string.
Flag
picoCTF{...}
The password went through URL encoding then Base64 encoding before storage - reverse by URL-decoding then Base64-decoding.