Rating:
[full writeup](https://ctf.harrisongreen.me/2019/x-mas-ctf/whats_up_santa/)
Seems like there are many solutions to this. I solved it by breaking in the javascript and mangling incoming messages to trick my client into crafting a malformed "reply" message.
