Tag List
Sign In

Matroyshka

Matryoshka is hiding a flag in its heart. Open it layer by layer, and get the flag!

Matryoshka a.k.a. Russian nesting dolls are a set of wooden dolls of decreasing size which are designed to fit inside each other. The name of this challenge suggested that there would be multiple layers of challenges to solve

This challenge provided us with a file containing a large base64 encoded string: matroyshka.txt

Decoding the base64 to ascii produced another base64 string but with additional obstacles:

layer2

Decoding this layer produced another layer with similar obstacles.

Some stages also decoded to hexadecimal which, when converted to ASCII would also produce the next layer of the challenge

Using GCHQ's CyberChef we can create a recipe which will solve each stage of this nested puzzle:

Find_/_Replace({'option':'Regex','string':'(\\[\\d+\\.\\d+\\])|[\\-\\[\\]]'},'',true,false,true,false)
From_Base64('A-Za-z0-9+/=',true)
Reverse('Character')
Remove_Diacritics()
Find_/_Replace({'option':'Regex','string':'ø'},'o',true,false,true,false)
Find_/_Replace({'option':'Regex','string':'<removeme>'},'',true,false,true,false)
Find_/_Replace({'option':'Regex','string':'<removeme>'},'',true,false,true,false)
Find_/_Replace({'option':'Regex','string':'(\\w+|\\d+)\\.(\\w+|\\d+)|[\\[\\]\\-\\.]'},'',true,false,true,false)
From_Base64('A-Za-z0-9+/=',true)
Find_/_Replace({'option':'Regex','string':'(\\w+|\\d+)\\.(\\w+|\\d+)|[\\[\\]\\-\\.]'},'',true,false,true,false)
Reverse('Character')
From_Hex('Auto')
Find_/_Replace({'option':'Regex','string':'(\\w+|\\d+)\\.(\\w+|\\d+)|[\\[\\]\\-\\.]'},'',true,false,true,false)
From_Base64('A-Za-z0-9+/=',true)
Remove_Diacritics()
Find_/_Replace({'option':'Regex','string':'ø'},'o',true,false,true,false)
Find_/_Replace({'option':'Regex','string':'<removeme>'},'',true,false,true,false)
Find_/_Replace({'option':'Regex','string':'(\\w+|\\d+)\\.(\\w+|\\d+)|[\\[\\]\\-\\.]'},'',true,false,true,false)
From_Base64('A-Za-z0-9+/=',true)
Find_/_Replace({'option':'Regex','string':'(\\w+|\\d+)\\.(\\w+|\\d+)|[\\[\\]\\-\\.]'},'',true,false,true,false)
From_Base64('A-Za-z0-9+/=',true)
Find_/_Replace({'option':'Regex','string':'(\\w+|\\d+)\\.(\\w+|\\d+)|[\\[\\]\\-\\.]'},'',true,false,true,false)
From_Hex('Auto')
Remove_Diacritics()
Find_/_Replace({'option':'Regex','string':'(\\w+|\\d+)\\.(\\w+|\\d+)|[\\[\\]\\-\\.]'},'',true,false,true,false)
From_Base64('A-Za-z0-9+/=',true)
Find_/_Replace({'option':'Regex','string':'(\\w+|\\d+)\\.(\\w+|\\d+)|[\\[\\]\\-\\.]'},'',true,false,true,false)
From_Hex('Auto')
Find_/_Replace({'option':'Regex','string':'(\\w+|\\d+)\\.(\\w+|\\d+)|[\\[\\]\\-\\.]'},'',true,false,true,false)
Reverse('Character')
From_Base64('A-Za-z0-9+/=',true)
Remove_Diacritics()
Reverse('Character')
Find_/_Replace({'option':'Regex','string':'<removeme>'},'',true,false,true,false)
Find_/_Replace({'option':'Regex','string':'<removeme>'},'',true,false,true,false)
Find_/_Replace({'option':'Regex','string':'(\\w+|\\d+)\\.+(\\w+|\\d+)|[\\[\\]\\-\\.]'},'',true,false,true,false)
Find_/_Replace({'option':'Regex','string':'(.).'},'$1',true,false,false,false)
From_Base64('A-Za-z0-9+/=',true)

With the full recipe and initial input, the output is our final flag:

pactf{gr4nm0tr_DoLl}