Description
Can you reverse a series of Linux text transformations to recover the original flag? Start by searching for the flag here.
Setup
Launch the challenge instance and connect via netcat.
At each step, you'll see a transformed flag and a hint about what transformation was applied. Enter the correct Linux command to reverse it.
nc <HOST> <PORT_FROM_INSTANCE>Solution
Want to try it yourself first?
The guided walkthrough reveals hints one step at a time.
Step 1
Understand the challenge formatObservationI noticed the challenge description said to 'reverse a series of Linux text transformations,' which suggested I needed to understand the server's prompt-and-response loop before attempting any specific decode step.Connect with netcat. The server shows you a transformed flag and a hint. Type the Linux command that reverses the last transformation, and press Enter. Get it right to advance; the server reveals the final flag after all transformations are reversed.bashnc <HOST> <PORT_FROM_INSTANCE>What didn't work first
Tried: Trying to decode or reverse the displayed ciphertext yourself without reading the hint.
The ciphertext alone is not enough to determine the transformation - for example, a reversed base64 string looks like arbitrary characters and could be confused with ROT13 or raw binary. The server explicitly tells you the transformation name in the hint, so the correct approach is to read the hint first and match it to its inverse command.
Tried: Typing the full pipeline with echo, such as 'echo <flag> | base64 -d', instead of just the bare command.
The server pipes the current flag state through your input automatically, so wrapping it in echo causes the server to receive a literal echo command referencing the flag text, not a decode of the held value. Entering only 'base64 -d' lets the server do the piping correctly.
Learn more
Each prompt shows the current state of the flag and a hint like "B64 encode the string" or "reverse the text". The hint describes what was done TO the flag, so you need to do the INVERSE. For example, if the hint says "B64 encode the string", the current state is base64-encoded, so the reverse command is
base64 -d.Step 2
Read the hint and write the inverse commandObservationI noticed the server explicitly names the transformation applied at each step (for example, 'B64 encode the string' or 'reverse the text'), which suggested the correct approach was to read the hint and supply the single inverse Linux command rather than trying to deduce the encoding from the ciphertext alone.The server provides a plain-English hint at each step describing what transformation was applied to the flag (e.g. 'B64 encode the string', 'reverse the text', 'Replace underscores with dashes'). You do not need to deduce the encoding from the ciphertext - the server tells you. Type the single Linux command that undoes the named transformation and press Enter.Learn more
Transformations seen in this challenge and their inverses:
- B64 encode ->
base64 -d - Reverse the text ->
rev - Replace underscores with dashes ->
tr '-' '_' - Replace curly braces with parentheses ->
tr '()' '{}' - ROT13 ->
tr A-Za-z N-ZA-Mn-za-m(ROT13 is self-inverse)
The server responds "Correct. Current flag: ..." on a right answer and "Incorrect. Try again." on a wrong one. Each step is validated individually before the next is shown.
- B64 encode ->
Step 3
Enter the inverse command for each stepObservationI noticed the server validates each answer individually and pipes the current flag state through whatever command I type, which suggested I should enter only the bare inverse command (such as 'base64 -d' or 'rev') without any echo wrapper.Type the single command that undoes the transformation the server named. The server validates each answer before showing the next step. Common commands for this challenge's transformations are shown below.bashbase64 -dbashrevbashtr '-' '_'bashtr '()' '{}'bashtr A-Za-z N-ZA-Mn-za-mWhat didn't work first
Tried: Using 'base64 -e' or omitting the '-d' flag when the hint says 'B64 encode the string'.
The hint describes what was done TO the flag - 'B64 encode' means the current flag is already base64-encoded, so the inverse is decode ('base64 -d'), not encode again. Re-encoding produces a doubly-encoded string and the server returns 'Incorrect. Try again.'
Tried: Using 'tr '_' '-'' (underscore to dash) when the hint says 'Replace underscores with dashes'.
The hint says the original flag had underscores replaced with dashes to produce the current state, so the inverse must convert dashes back to underscores: 'tr - _'. Applying it the wrong direction turns any remaining underscores into dashes and produces the wrong string, causing the server to reject the answer.
Learn more
You type only the command itself (no
echo ... |wrapper). The server pipes the current flag state through whatever you type, so enteringbase64 -ddecodes the base64-encoded flag it is holding. The server then shows the updated flag and the next hint.ROT13 note: ROT13 is its own inverse, so
tr A-Za-z N-ZA-Mn-za-mboth encodes and decodes.Step 4
Read the flagObservationI noticed the server's output after all inverse commands were applied should begin with 'picoCTF{', which confirmed that all transformations had been successfully reversed and the flag was ready to read.After applying all inverse transformations, the result should start withpicoCTF{...}.
Flag
Reveal flag
picoCTF{Revers1ng_t3xt_Tr4nsf0rm@t10ns_...}
Connect via netcat. The server prompts for the Linux command to undo each transformation. Common answers: 'base64 -d' for B64, 'rev' for reverse, 'tr - _' to replace dashes with underscores, 'tr () {}' for parentheses to braces, ROT13 with 'tr A-Za-z N-ZA-Mn-za-m'.