2️⃣ Easy 300: Hack and Take a Break
The challenge pointed to CSP Bank, a Firebase Appspot Storage and BeVigil for indexing and research. Following the same process from the other challenge, wherein a constant.java file has list of strings, there I got the clues connected to the firabase storage. As shown in the image below, there is another link we have to check.
Upon visiting the link, what I got are scrambled texts which at first glance don't make any sense. Then I noticed in the URL wherein the file title is "rotated.json" which reminds me of rot13 cipher. This is a simple letter substitution cipher that replaces a letter with the 13th letter after it in the alphabet.
Using rot13.com, I got the result below
The results return one readable name and developer's email, Unlimited Free / [email protected]. Back to BeVigil, using the found credentials, and this time with the Advanced Search, I got the following results.
I click at Strings -> Unknown High Entropy String -> sources/com/intl/unlimitedfree/internal.java
Then, I got a hex value below:
I decode it and got the following flag:
Conclusion: I learn how to use BeVigil, sometimes I'm lazy in doing deep checking/investigation of links and encoded strings but I just realize that those fundamentals in CTF are very important. Being familiar with encoding is very important too when it comes to CTF.