Description
A mysterious file named enc_flag hides nested encodings. Your task is to unwrap each layer until the plain-text flag appears.
Setup
Fetch the provided enc_flag file and work from a shell where you can chain decoding utilities.
Prepare a helper script or rely on CyberChef to repeatedly decode from Base64 until human-readable text appears.
wget https://artifacts.picoctf.net/c/451/enc_flag && \
printf "cat enc_flag | base64 --decode | base64 --decode | base64 --decode | base64 --decode | base64 --decode | base64 --decode\n" > decode.sh && \
chmod +x decode.shSolution
- Step 1Automate the decodingExecute the helper script to stream the file through six Base64 decoders. The output collapses to the original ASCII message.
./decode.shLearn more
Nested Base64 encoding means the data has been passed through Base64 encoding multiple times in succession. Each layer wraps the previous output in another layer of the same encoding. To recover the original, you must decode exactly as many times as it was encoded - in this case, six times.
Shell pipelines make this trivial:
cat enc_flag | base64 --decode | base64 --decode | ...chains decoders without creating intermediate files. Each|passes the stdout of the left command as stdin to the right command. This is the Unix philosophy of small, composable tools:base64 --decodedoes one thing (one decode step), and you repeat it as many times as needed.Detecting how many layers exist: after each decode, check if the output is still Base64 (recognizable by its printable alphabet and
=padding) or has become binary/readable text. You can also count the layers by counting how many times decoding produces another Base64-shaped string before finally yielding the flag. Tools like CyberChef's "Magic" operation can detect and auto-strip multiple encoding layers automatically. - Step 2Alternative: CyberChefIf you prefer a GUI, paste the file contents into CyberChef and chain multiple From Base64 operations until the flag is shown.
Learn more
CyberChef(developed by GCHQ and open-sourced) is a browser-based data transformation tool that supports hundreds of operations: encoding/decoding, hashing, encryption, compression, format conversion, and more. Operations are chained visually by dragging them into a "Recipe" panel, and the output updates in real time as you add steps.
For this challenge, adding six "From Base64" operations to the Recipe and pasting the enc_flag content into the Input panel immediately shows the flag in the Output panel. CyberChef also has a "Magic" operation that attempts to automatically detect and decode encoding layers - it often identifies multi-layer Base64 without any manual configuration.
CyberChef runs entirely in the browser with no data leaving your machine (unless you use the hosted version at gchq.github.io), making it safe for sensitive data. It can also be self-hosted or used offline by downloading the release ZIP. It is a staple tool for CTF players, malware analysts, and anyone who regularly transforms data formats.
Related guides
Base64, Hex, and Common CTF Encodings Explained
This challenge stacks six layers of Base64. The encodings guide covers Base64, its URL variant, multi-layer patterns, and every other encoding format you will encounter in CTFs.
Flag
picoCTF{base64_n3st...e523f49}
Each Base64 decode peels a layer; six iterations reveal the final picoCTF flag.