In this post, we covered encoding and decoding using python and Cyberchef. We solved two challenges from PicoCTF for that.

Encoding and decoding can be done using online encoders and decoders but in this challenge we used python scripts and libraries to represent data in different formats such as hexadecimal, decimal, UTF8, UTF16,etc.

PicoCTF netcat description

There is a nice program that you can talk to by using this command in a shell: $ nc mercury.picoctf.net 35652, but it doesn’t speak English…

PicoCTF Transformation challenge description

I wonder what this really is… enc''.join([chr((ord(flag[i]) << 8) + ord(flag[i + 1])) for i in range(0, len(flag), 2)])

Get OSCP Certificate Notes

The “Netcat” Challenge: From Numbers to Flags

This first challenge involved connecting to a server using netcat (nc). When I connected, the server sent back a stream of numbers. The hint mentioned ASCII, so I knew I had to convert these numbers into characters to get the flag.

My First Approach: CyberChef to the Rescue! 🍳

My initial thought was to use CyberChef, which is an amazing online tool for all sorts of data manipulation. I copied the numbers from my terminal and pasted them into CyberChef. I used the “From Character Code” operation, set the delimiter to “Line,” and the base to 10. Just like magic, the numbers were converted into readable text, and there was the flag!

My Second Approach: A Python Script 🐍

While CyberChef was quick and easy, I wanted to challenge myself to solve it with a Python script. Here’s how I did it:

  1. First, I saved the output from the nc command into a text file.
  2. Then, I wrote a Python script to read the file. My first attempt failed because the script was reading the numbers as strings, not integers.
  3. I adjusted the script to convert the strings into a list of numbers.
  4. Finally, I looped through the list and used the chr() function to convert each number to its corresponding ASCII character.

Success! The script printed out the flag. It was slightly different from the one I got from CyberChef, which was an interesting little quirk.

The “Transformation” Challenge

This challenge gave me a file called encrypt that contained what looked like garbled Unicode text. My job was to figure out the encoding and reveal the hidden flag.

My First Approach: The Magic of CyberChef

Once again, I turned to CyberChef. I pasted the strange text into the input box and used the “Magic” operation on “Intensive mode.” This feature is incredible—it automatically analyzes the data and tries to figure out how to decode it. It correctly identified that the text was encoded in UTF-16BE and converted it back to readable UTF-8, revealing the flag.

My Second Approach: Python Power

To solve this with Python, I did the following:

  1. I wrote a script to read the contents of the encrypt file.
  2. I then looped through each character of the encoded string, using the ord() function to get its Unicode code point and the hex() function to convert that to a hexadecimal value.
  3. I took the resulting hex string and, just for fun, pasted it back into CyberChef. Using the “From Hex” operation, I was able to decode it and get the flag.

Technical Commands I Used

Here are the commands I used during these challenges:

  • nc: To connect to the server in the “Netcat” challenge.
  • cat: To display the contents of the encrypt file.
  • file: To identify the file type of the encrypt file.

I hope this walkthrough was helpful and showed you a couple of different ways to approach these kinds of CTF challenges. Happy hacking!

Video Walkthrough

 

About the Author

Mastermind Study Notes is a group of talented authors and writers who are experienced and well-versed across different fields. The group is led by, Motasem Hamdan, who is a Cybersecurity content creator and YouTuber.

View Articles