> For the complete documentation index, see [llms.txt](https://ctf.laet4x.com/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://ctf.laet4x.com/ctf-2022/rootcon-16-pre-qualifier/2-easy-300-hack-and-take-a-break.md).

# 2️⃣ Easy 300: Hack and Take a Break

<figure><img src="/files/VgQzlGwk7P072uSLIqFV" alt=""><figcaption></figcaption></figure>

The challenge pointed to CSP Bank, a Firebase Appspot Storage and BeVigil for indexing and research. Following the same process from the other challenge, wherein a constant.java file has list of strings, there I got the clues connected to the firabase storage. As shown in the image below, there is another link we have to check.

<figure><img src="/files/BKBe62j8gptAwo2FW4PB" alt=""><figcaption></figcaption></figure>

Upon visiting the link, what I got are scrambled texts which at first glance don't make any sense. Then I noticed in the URL wherein the file title is "rotated.json" which reminds me of rot13 cipher. This is a simple letter substitution cipher that replaces a letter with the 13th letter after it in the alphabet.

<figure><img src="/files/HawVBhT6rPMQmJ9zF6K3" alt=""><figcaption></figcaption></figure>

Using rot13.com, I got the result below

```
"Name": "Unlimited Free",
"Developer": "support@unlimitedfree.com"
```

<figure><img src="/files/r8fZnoXy236n5ZasjUZd" alt=""><figcaption></figcaption></figure>

The results return one readable name and developer's email, **Unlimited Free** / **<support@unlimitedfree.com>.** Back to BeVigil, using the found credentials, and this time with the Advanced Search, I got the following results.

<figure><img src="/files/535gmPoVvTZqjq0GOa9o" alt=""><figcaption></figcaption></figure>

I click at Strings -> Unknown High Entropy String -> sources/com/intl/unlimitedfree/internal.java

<figure><img src="/files/rvHGM6VwKUEWxn5SWPoV" alt=""><figcaption></figcaption></figure>

Then, I got a hex value below:

<figure><img src="/files/9UCrcyWh4dd7A9XEXS1J" alt=""><figcaption></figcaption></figure>

I decode it and got the following flag:

<figure><img src="/files/646Mlbh0LY4of25hqcGC" alt=""><figcaption></figcaption></figure>

Conclusion: I learn how to use BeVigil, sometimes I'm lazy in doing deep checking/investigation of links and encoded strings but I just realize that those fundamentals in CTF are very important. Being familiar with encoding is very important too when it comes to CTF.


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://ctf.laet4x.com/ctf-2022/rootcon-16-pre-qualifier/2-easy-300-hack-and-take-a-break.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.