Category: Miscellaneous
Flag: apoorvctf{d0n7_w0rry_y0u_4r3_s4n3}
Challenge Description
Hallo, Wave 2 has been released , Happy pwning
Analysis
At first this one felt like a troll because the obvious Discord flag everyone sees is the welcome free-points one, and that was wrong for this challenge.
So I stopped overthinking and did the basic thing manually: looked at the suspicious announcement that matched the exact challenge text vibe (the Wave 2 post), copied that message content, and inspected it as escaped Unicode. The escaped output immediately showed tons of invisible characters (\u200c, \u200d, \u202a, \u202c, \ufeff) injected all over the text, which is a classic hidden-payload signal.
TOKEN="<discord_token>"CID="1089453266208829520"MID="1479871689105084446"curl -s -H "Authorization: $TOKEN" "https://discord.com/api/v9/channels/$CID/messages?around=$MID&limit=100" \| jq -r '.[] | select(.id=="1479871689105084446") | .content'Hallo @everyone !
Wave 2 is now released! 🌊 We hope ...python - <<'PY'import osimport requests
token = "<discord_token>"cid = "1089453266208829520"mid = "1479871689105084446"api = "https://discord.com/api/v9"
r = requests.get( f"{api}/channels/{cid}/messages", headers={"Authorization": token}, params={"around": mid, "limit": 100}, timeout=30,)msg = [m for m in r.json() if m["id"] == mid][0]["content"]print(msg.encode("unicode_escape").decode())PY\u200c\u200c\u200c\u200c\u202c\ufeff\u202aHallo @everyone \u200c\u200c\u200c\u200c\ufeff\u202a\u202a!\n\nWave \u200c\u200c\u200c\u200c\ufeff\u202a\u200d\u200c\u200c\u200c\u200c\ufeff\u202a\u200d2...From there the decode path was straightforward: split invisible runs into fixed 7-symbol chunks and treat each symbol as a base-5 digit. The mapping that produced readable text was \u200c=0, \u200d=1, \u202a=2, \u202c=3, \ufeff=4. Decoding those base-5 chunks gave the flag text directly.
python - <<'PY'import reimport requests
token = "<discord_token>"cid = "1089453266208829520"mid = "1479871689105084446"api = "https://discord.com/api/v9"
r = requests.get( f"{api}/channels/{cid}/messages", headers={"Authorization": token}, params={"around": mid, "limit": 100}, timeout=30,)msg = [m for m in r.json() if m["id"] == mid][0]["content"]
runs = []cur = ""for ch in msg: cp = ord(ch) if (0x200B <= cp <= 0x200F) or (0x202A <= cp <= 0x202E) or (0x2060 <= cp <= 0x206F) or cp == 0xFEFF: cur += ch else: if cur: runs.append(cur) cur = ""if cur: runs.append(cur)
mp = {"\u200c": 0, "\u200d": 1, "\u202a": 2, "\u202c": 3, "\ufeff": 4}
out = []for r in runs: for i in range(0, len(r), 7): blk = r[i:i+7] if len(blk) < 7: continue v = 0 for ch in blk: v = v * 5 + mp[ch] out.append(chr(v))
decoded = "".join(out)print(decoded)print(re.findall(r"apoorvctf\{[^}]+\}", decoded, re.I))PYapoorvctf{d0n7_w0rry_y0u_4r3_s4n3}['apoorvctf{d0n7_w0rry_y0u_4r3_s4n3}']Solution
import reimport requests
TOKEN = "<discord_token>"CHANNEL_ID = "1089453266208829520"MESSAGE_ID = "1479871689105084446"API = "https://discord.com/api/v9"
r = requests.get( f"{API}/channels/{CHANNEL_ID}/messages", headers={"Authorization": TOKEN}, params={"around": MESSAGE_ID, "limit": 100}, timeout=30,)msg = [m for m in r.json() if m["id"] == MESSAGE_ID][0]["content"]
runs = []cur = ""for ch in msg: cp = ord(ch) if (0x200B <= cp <= 0x200F) or (0x202A <= cp <= 0x202E) or (0x2060 <= cp <= 0x206F) or cp == 0xFEFF: cur += ch else: if cur: runs.append(cur) cur = ""if cur: runs.append(cur)
mapping = {"\u200c": 0, "\u200d": 1, "\u202a": 2, "\u202c": 3, "\ufeff": 4}
decoded = []for r in runs: for i in range(0, len(r), 7): blk = r[i:i+7] if len(blk) < 7: continue value = 0 for ch in blk: value = value * 5 + mapping[ch] decoded.append(chr(value))
decoded_text = "".join(decoded)print(decoded_text)print(re.findall(r"apoorvctf\{[^}]+\}", decoded_text, re.I))python solve.pyapoorvctf{d0n7_w0rry_y0u_4r3_s4n3}['apoorvctf{d0n7_w0rry_y0u_4r3_s4n3}']