Rating: 5.0
## [See the original writeup on site](https://barelycompetent.dev/post/ctfs/2021-04-11-ritsecctf/#revision).
### Revision
> ... They aren’t necessarily obvious but are helpful to know.
>
> http://git.ritsec.club:7000/Revision.git/
>
> ~knif3
So, clone the given repo:
```bash
git clone http://git.ritsec.club:7000/Revision.git/ && cd Revision
```
At this point, given the name of the challenge, I started by sifting through all the commits/revisions, using the following:
```
git log --all --oneline
```
After a bit of scrolling, we come across the following set of revisions:
```
...
| * 76568fd Update sponsorship packet
| * 88aaf37 TXkgZGVzaWduIGlzIGNvbXBsZXRlIQo=
| * 68733d8 N2Q5ZDI1ZjcxY2I4YTVhYmE4NjIwMjU0MGEyMGQ0MDUK
| * b1a0dcb ZjRkNWQwYzA2NzFiZTIwMmJjMjQxODA3YzI0M2U4MGIK
| * 4a2893a NjliNjQ2MjNmODZkZWYxNmNlMTdkNDU0YjhiZTQxYWUK
| * 4963627 ODk3MzE2OTI5MTc2NDY0ZWJjOWFkMDg1ZjMxZTcyODQK
| * 0f40e6e MmNkNmVlMmM3MGIwYmRlNTNmYmU2Y2FjM2M4YjhiYjEK
| * 8e8ce11 OTI1MjBhNWE5Y2Y4OTMyMjBiOWNkNDQ3ZjU4NWYxNDQK
| * 60f4e46 YjcyNjlmYTI1MDg1NDhlNDAzMmM0NTU4MThmMWUzMjEK
| * ee3d68b MzcyZTI1ZjIzYjVhOGFlMzNjN2JhMjAzNDEyYWNlMzAK
| * ebd4f62 ZjUzMDIzODY0NjRmOTUzZWQ1ODFlZGFjMDM1NTZlNTUK
| * 53e3f77 OTI1MjBhNWE5Y2Y4OTMyMjBiOWNkNDQ3ZjU4NWYxNDQK
| * 1849148 NmQ3ZmNlOWZlZTQ3MTE5NGFhOGI1YjZlNDcyNjdmMDMK
| * 9d6d714 ZjRkNWQwYzA2NzFiZTIwMmJjMjQxODA3YzI0M2U4MGIK
| * eae1814 ODk3MzE2OTI5MTc2NDY0ZWJjOWFkMDg1ZjMxZTcyODQK
| * a2e1f5b MDFmYmRjNDRlZjgxOWRiNjI3M2JjMzA5NjVhMjM4MTQK
| * 82b7ac8 YjcyNjlmYTI1MDg1NDhlNDAzMmM0NTU4MThmMWUzMjEK
| * 1b07dd8 OTI1MjBhNWE5Y2Y4OTMyMjBiOWNkNDQ3ZjU4NWYxNDQK
| * c410e16 ZTI5MzExZjZmMWJmMWFmOTA3ZjllZjlmNDRiODMyOGIK
| * a4ee01c OWZmYmY0MzEyNmUzM2JlNTJjZDJiZjdlMDFkNjI3ZjkK
| * 2e1c2e0 YjcyNjlmYTI1MDg1NDhlNDAzMmM0NTU4MThmMWUzMjEK
| * 6fcc886 OWQ3YmYwNzUzNzI5MDhmNTVlMmQ5NDVjMzllMGE2MTMK
| * 2a712b0 YjAyNjMyNGM2OTA0YjJhOWNiNGI4OGQ2ZDYxYzgxZDEK
| * 58e54d7 NzJjZmQyNzJhY2UxNzJmYTM1MDI2NDQ1ZmJlZjliMDMK
| * d8ddbff MmNkNmVlMmM3MGIwYmRlNTNmYmU2Y2FjM2M4YjhiYjEK
| * 432c9ee ZjRkNWQwYzA2NzFiZTIwMmJjMjQxODA3YzI0M2U4MGIK
| * f108cdb OTI1MjBhNWE5Y2Y4OTMyMjBiOWNkNDQ3ZjU4NWYxNDQK
| * 9fe2c0e ZTg1ZGRlMzMwYzM0ZWZiMGU1MjZlZTMwODJlNDM1M2IK
| * 50f69d6 ODk3MzE2OTI5MTc2NDY0ZWJjOWFkMDg1ZjMxZTcyODQK
| * 6f621db MDA5NTIwMDUzYjAwMzg2ZDExNzNmMzk4OGM1NWQxOTIK
| * 48297e0 OTI1MjBhNWE5Y2Y4OTMyMjBiOWNkNDQ3ZjU4NWYxNDQK
| * fca179e NmQ3ZmNlOWZlZTQ3MTE5NGFhOGI1YjZlNDcyNjdmMDMK
| * 8aeb075 OWQ3YmYwNzUzNzI5MDhmNTVlMmQ5NDVjMzllMGE2MTMK
| * 3abc63e ODk3MzE2OTI5MTc2NDY0ZWJjOWFkMDg1ZjMxZTcyODQK
| * 5772320 MDFmYmRjNDRlZjgxOWRiNjI3M2JjMzA5NjVhMjM4MTQK
| * 764794b OTI1MjBhNWE5Y2Y4OTMyMjBiOWNkNDQ3ZjU4NWYxNDQK
| * f23c832 MzJmOGUwYmI2OTQ0YTZlZmU4YjEzNTFiNzJiOGZhY2MK
| * 331c43d ZDliZWQzYjdlMTUxZjExYjhmZGFkZjc1ZjFkYjk2ZDkK
| * 2092ddb NjVkYjI3MzA3YWEwY2RmMGIzYzAzMjM0MzFlMDhhMTUK
| * 2a769dd NDg1YmRiYWNlZmUyMjM0NGY2ZTc4Y2E1OGE2NjkyNDIK
...
```
Which all look like base64 encoded strings. The first entry is "My design is complete!", while all the subsequent ones are just random hexadecimal numbers.
Checking out the most recent revisions, the one for "My design is complete!", I decided to check the difference between that commit, and the one right before it, like so:
```bash
git --no-pager diff --stat --color 88aaf373f80263e14713efea263ac99550711322..68733d819366b78225df3525017876319b96b1a5
```
Which gives you the following output:
```
flag.txt | 1 +
1 file changed, 1 insertion(+)
```
Hey, that looks interesting! Checking out that commit, we see `}` in the `flag.txt` file.
At this point, it seems that we need to work through the set of commits relating to the random hexadecimal base64 strings, and `cat flag.txt` at each revision, getting one more individual character of the flag at a time.
With a tiny bit of processing, we can grab just the revision commit SHA's out of the above; This gives us a file with the following set of revisions:
```
68733d8
b1a0dcb
4a2893a
4963627
0f40e6e
8e8ce11
60f4e46
ee3d68b
ebd4f62
53e3f77
1849148
9d6d714
eae1814
a2e1f5b
82b7ac8
1b07dd8
c410e16
a4ee01c
2e1c2e0
6fcc886
2a712b0
58e54d7
d8ddbff
432c9ee
f108cdb
9fe2c0e
50f69d6
6f621db
48297e0
fca179e
8aeb075
3abc63e
5772320
764794b
f23c832
331c43d
2092ddb
2a769dd
```
Which we can now loop through automatically and display the flag file at that revision, like so:
```bash
for line in $(cat revisions); do git checkout $line --quiet && cat flag.txt; done > flag_reversed
```
Which is this, after removing the newlines:
```bash
cat flag_reversed | tr -d '\n'
}sm0c_tig_3s0ht_detp1rcs_u0y_3p0h_I{SR
```
Which, reversed, is:
```
python -c 'print("}sm0c_tig_3s0ht_detp1rcs_u0y_3p0h_I{SR"[::-1])'
RS{I_h0p3_y0u_scr1pted_th0s3_git_c0ms}
```
