picoCTF Solutions
picoCTF 2026General SkillsEasy

Undo picoCTF 2026 Solution

Published: March 20, 2026

Description

Can you reverse a series of Linux text transformations to recover the original flag?

Setup

Launch the challenge instance and connect.

You'll be given an obfuscated string and a description of the transformations applied to it.

Solution

Walk me through it
  1. Step 1Identify the transformations
    Inspect the obfuscated string and pattern-match the format. Length, character set, and structure tell you which transformation produced it.
    Learn more

    Rules of thumb for identification:

    • Base64: charset A-Za-z0-9+/, length is a multiple of 4 (zero or one or two trailing = chars to pad). If you see = at the end, it's almost certainly base64.
    • Hex: charset 0-9a-f (or all uppercase), even length, no other characters. 706963 is hex; cGlj is base64.
    • Charcode array: literally a bracketed list of integers, e.g. [112,105,99,111]. Looks like data, not text.
    • ROT13 / Caesar: same length as the original, only letters affected, looks like garbled English.
    • Reversed (rev): same length, recognizable words run backwards (FTCocip).
    • Binary (0/1 chars): only 0 and 1, length divisible by 8 (or 7 for ASCII without parity).

    Ambiguity: base64 vs hex. A short string like cafe is both valid hex and valid base64. The trick: try both decoders and gate on whether the output is printable ASCII / starts with a known plaintext prefix like picoCTF{. Whichever produces a readable result is the right one.

    See the CTF Encodings guide for the full identification ladder and CyberChef recipes.

  2. Step 2Reverse the transformations in order
    Apply each transformation's inverse in *exactly* the opposite order. If the encoder was flag | A | B | C, the decoder is encoded | C_inv | B_inv | A_inv.
    bash
    # Example pipeline reversal:
    bash
    # Encoded as: base64 -> rev -> tr 'a-z' 'A-Z'
    bash
    # Reverse :   tr 'A-Z' 'a-z' -> rev -> base64 -d
    bash
    echo 'OBFUSCATED_STRING' | tr 'A-Z' 'a-z' | rev | base64 -d
    bash
    bash
    # Individual reversals:
    bash
    echo 'STRING' | rev
    bash
    echo 'STRING' | base64 -d
    bash
    echo 'STRING' | xxd -r -p           # -r = reverse mode (hex->bin), -p = plain hex (no addrs/ASCII)
    bash
    echo 'STRING' | tr 'A-Za-z' 'N-ZA-Mn-za-m'  # ROT13 (self-inverse)
    Learn more

    Worked example: wrong order produces garbage. Suppose the flag is picoCTF{hi} and the encoder is base64 | rev. Encoding:

    $ echo -n 'picoCTF{hi}' | base64
cGljb0NURntoaX0=
$ echo -n 'cGljb0NURntoaX0=' | rev
=0Xahotn{RUNc0bjlGc

    Right order (rev then base64 -d):

    $ echo -n '=0Xahotn{RUNc0bjlGc' | rev | base64 -d
picoCTF{hi}

    Wrong order (base64 -d first):

    $ echo -n '=0Xahotn{RUNc0bjlGc' | base64 -d
base64: invalid input  # the leading '=' breaks the decoder outright

    xxd -r -p flags inline. -r = reverse (hex back to binary). -p = plain hex: no offset addresses, no ASCII column, just contiguous hex digits. Without -p, xxd expects its own dump format with offsets and gutter columns, and a clean hex string will fail to parse.

    See the CTF Encodings guide for the full inverse table and a CyberChef workflow for stacking these in a UI.

  3. Step 3Read the flag
    After applying all inverse transformations, the result should start with picoCTF{...}.

Flag

picoCTF{und0_th3_tr4nsf0rm_...}

Apply each transformation in reverse order - common Linux text tools like rev, tr, base64, and xxd are involved.

Want more picoCTF 2026 writeups?

Browse picoCTF 2026Full library

Useful tools for General Skills

Related reading

What to try next