Rating:
# Challenge Description
![](https://i.imgur.com/dllMJBP.png)
The part of "**Some things are like ...**" is a hint that will definitely help us solving this Mystrey.
So we open the link and we have this :
![](https://i.imgur.com/werKCxD.png)
The funny thing about Misc Challenges (Sometimes annoying) is that you don't really know what are you looking for or what's the "Topic" until you Dive into the challenge.
If we try to click the names we got a password check for "**Eyang**" and "**Kmathz**" and an image for "**HannaH**"
![](https://i.imgur.com/13QZf8C.png)
Next we try simply to view source to see if we can find anything :)
The Code was pretty messy but in general we could undrestand everyting.
The password check was somthing llike this :
```
(set: _password to "")\
Enter password: (input-box: bind _password, "X====", 1)
(link: "Enter")[{
<script>
for(let i = 0; i < 20000; i++){
_password = sjcl.codec.hex.fromBits(sjcl.hash.sha256.hash(_password));
}
</script>
(if: _password is "08ea0e583b971ca44a6f7c6bdfacc71f384a22f932723fe19b1e36d7e0d067ca")[
(go-to: "K_Correct")
]
(else:)[
(go-to: "K_Incorrect")
]
}]]
```
But here we have the "**K_Correct**" part for "**Kmathz**" and "**Correct**" for "**Eyang**"wich were in the code so we actually don't need any passwords :).
Ok Now we have :
1. An image from "**HannaH**"
2. A google drive link from "**Kmathz**" with this image :
![](https://i.imgur.com/0SZiwtg.png)
3. A Youtube link that you should memorize (So you won't be rickrolled again ;) )
# Rabbit hole :(
I downloaded the imges and tried to find anything useful.
By opening the images in a hexeditor or using any tool we can extract two file from them :
* A zip File
* And an RTF File
The RTF file seems to have an encrypted text :
```
Lt, iwt vgpcs yjgn du iwt RdstIxvtg rjai rdjgi wph gjats iwpi iwxh RdstIxvtg xh p ugpjs!! Wt wph qtigpnts iwt wdan igpsxixdch du iwt AtmBprh htrgti hdrxtin!!! WT BJHI QT TAXBXCPITSId pcn RdstIxvtg Adnpaxhih dji iwtgt: djg htrgti rdst xh rdsixvgt}
```
wich is rot15 ,we decode it and we get :
```
We, the grand jury of the CodeTiger cult court has ruled that this CodeTiger is a fraud!! He has betrayed the holy traditions of the LexMacs secret society!!! HE MUST BE ELIMINATEDTo any CodeTiger Loyalists out there: our secret code is codtigre}
```
So probably the most interesting part is the secret code "**codtigre}**" That was a bit confusing becasue of the "}" wih look like part of flag or somthing.I just tried it as the flag but it was wrong.
Getting back to the zip file we just unzip it and we have another image :
![](https://i.imgur.com/9JLcbpV.png)
OK! it seems to have eyang password written on it reversed.So the password is "**gn4YE**" which infact we don't need it to login as we said earlier but let's keep it any way.
At this point I was pretty confused becauses I tried a lot of things and tools and I have even asked an admin if this "**codtigre}**" was relevant and he said **YES :(:(**
# Zero Width
Tried almost everything I just decided to start again from the beginning.My bad I didn't give the HINT my attention in the first time,because when I did inspect page I could notice some weird red dots in the source and eventually with the "zero mass ,or width ..." part of the hint that does ring a bell and That was the Zero-Width Characters Stego.
So I just copied the part with the zero width Characters.
```
CodeTiger's dictatorship becomes more unbearable with each passing day. I hate every cell in his body. Every day, my blood boils as I witness him. LexMACS is an organization gathering the world's most ambitious and brightest programmers, yet we all suffocate under his iron first.
```
And using this script tooked from [MayADevBe Blog](https://mayadevbe.me/posts/zw_steg/)I was able Finally to get the flag.
```
bin_list = [" ","0","1"]
char_list = ["\u2060", "\u200B", "\u200C"]
def encode(secret_text, open_text):
bin_text = ""
encoded_text = open_text
bin_text = ' '.join(format(ord(x), 'b') for x in secret_text)
for b in bin_text:
encoded_text += char_list[bin_list.index(b)]
return encoded_text
def decode(open_text):
bin_text = ""
for w in open_text:
if w in char_list:
bin_text += bin_list[char_list.index(w)]
bin_val = bin_text.split()
secret_text = ""
for b in bin_val:
secret_text += chr(int(b, 2))
return secret_text
text=open('source.txt','r').read()
#You need to change the <0x> to \u
print(decode(text))
```
### Fun Fact
After I got the text I still got confused hh because of two things :
1. Because of the Challenge name and everything I assumed that we are looking for a name or somthing hh
2. When I tried to submit the flag the first time I missed a "T" in "LITCTF" hhh **again**
# FLAG : `LITCTF{C0dEt1GeR_L1VES}`
## N.B
1.If we just take the binary from the code and you through it in online tool you wouldn't probably get the flag because the length wasn't 8 bit but 7 (somtimes 6 or less)
So we need either to zfill it or just use a script.