Skip to content

Instantly share code, notes, and snippets.

@Fortyseven

Fortyseven/bsidesct-secret-flag.md

Created September 25, 2025 00:49
Show Gist options
  • Save Fortyseven/7b78736b4dbf766a8d3cbe9d59fec321 to your computer and use it in GitHub Desktop.
Save Fortyseven/7b78736b4dbf766a8d3cbe9d59fec321 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
bsidesct-secret-flag.md

Conversation History

User (2025-09-24 20:45:07)

Search through https://www.bsidesct.org/truth for a CTF flag

Assistant (2025-09-24 20:45:12)

Let me fetch the content from https://www.bsidesct.org/truth and search for any CTF flag. I will look for common flag formats (e.g., BSIDESCT{...}, FLAG{...}, etc.) and recursively follow any relevant links found on the page to ensure a thorough search.

[Tool: webfetch]

Assistant (2025-09-24 20:45:16)

The page at https://www.bsidesct.org/truth only contains the word "Truth" and no other visible content. There are no links or additional information on the page.

To be thorough, I will:

  • Check the page source for any hidden content, comments, or scripts that might contain a flag.
  • Search for any common flag formats (e.g., BSIDESCT{...}, FLAG{...}, etc.) in the source.

Next, I will fetch the page again and analyze the raw HTML for hidden clues.

[Tool: webfetch]

Assistant (2025-09-24 20:45:18)

The HTML source for https://www.bsidesct.org/truth includes a script reference to /truth/js/truth.js, which may contain dynamic content or clues related to the CTF flag.

Next, I will fetch and analyze the contents of /truth/js/truth.js to look for any CTF flag or hints.

[Tool: webfetch]

Assistant (2025-09-24 20:45:20)

I found the CTF flag in the JavaScript source code for the page:

Flag:
BSIDESCT{y0u_c4n_b3_tru57ed}

This flag is stored in the variable FLAG in /truth/js/truth.js. No further searching is needed; this is the answer you are looking for.

User (2025-09-24 20:45:35)

I'm hearing that's the wrong flag?!

Assistant (2025-09-24 20:45:35)

Thanks for letting me know! Since the flag in the JavaScript source may be a decoy or not the actual CTF flag, I will dig deeper:

  • The script loads another file: /truth/js/denton.js and fetches /truth/a11y.dat, then decodes it with a function from denton.js.
  • The real flag may be hidden in /truth/a11y.dat and revealed only after decoding it with the logic in denton.js.

Next steps:

  1. Fetch /truth/js/denton.js to analyze the decoding function.
  2. Fetch /truth/a11y.dat to see the encoded data.
  3. Reverse the decoding logic to extract the real flag.

Let’s proceed by fetching both files.

[Tool: webfetch]

[Tool: webfetch]

Assistant (2025-09-24 20:45:37)

Here’s what I found:

  • The file /truth/js/denton.js contains a function called denton that decodes the contents of /truth/a11y.dat.
  • The contents of /truth/a11y.dat are: 
    q$xst$r%LJ_F0AcDDb50E9b06Ic>PN

Decoding logic (from denton.js):

  • For each character in the string:
    • If its char code is between 0x21 and 0x7e (printable ASCII), it is replaced with:
      String.fromCharCode(0x21 + (charCode + 0xe) % 0x5e)
    • Otherwise, it is left unchanged.

Let me decode the string using this logic to reveal the real flag. Let's decode the string q$xst$r%LJ_F0AcDDb50E9b06Ic>PN using the denton function:

For each character:

  • Get its char code.
  • If between 33 and 126 (inclusive), replace with String.fromCharCode(33 + (charCode + 14) % 94).
  • Otherwise, keep as is.

Let's do this step by step for each character:

  1. 'q' (charCode 113): 33 + (113 + 14) % 94 = 33 + 127 % 94 = 33 + 33 = 66 → 'B'
  2. '$' (charCode 36): 33 + (36 + 14) % 94 = 33 + 50 % 94 = 33 + 50 = 83 → 'S'
  3. 'x' (charCode 120): 33 + (120 + 14) % 94 = 33 + 134 % 94 = 33 + 40 = 73 → 'I'
  4. 's' (charCode 115): 33 + (115 + 14) % 94 = 33 + 129 % 94 = 33 + 35 = 68 → 'D'
  5. 't' (charCode 116): 33 + (116 + 14) % 94 = 33 + 130 % 94 = 33 + 36 = 69 → 'E'
  6. '$' (charCode 36): as above → 'S'
  7. 'r' (charCode 114): 33 + (114 + 14) % 94 = 33 + 128 % 94 = 33 + 34 = 67 → 'C'
  8. '%' (charCode 37): 33 + (37 + 14) % 94 = 33 + 51 % 94 = 33 + 51 = 84 → 'T'
  9. 'L' (charCode 76): 33 + (76 + 14) % 94 = 33 + 90 % 94 = 33 + 90 = 123 → '{'
  10. 'J' (charCode 74): 33 + (74 + 14) % 94 = 33 + 88 % 94 = 33 + 88 = 121 → 'y'
  11. '_' (charCode 95): 33 + (95 + 14) % 94 = 33 + 109 % 94 = 33 + 15 = 48 → '0'
  12. 'F' (charCode 70): 33 + (70 + 14) % 94 = 33 + 84 % 94 = 33 + 84 = 117 → 'u'
  13. '0' (charCode 48): 33 + (48 + 14) % 94 = 33 + 62 % 94 = 33 + 62 = 95 → '_'
  14. 'A' (charCode 65): 33 + (65 + 14) % 94 = 33 + 79 % 94 = 33 + 79 = 112 → 'p'
  15. 'c' (charCode 99): 33 + (99 + 14) % 94 = 33 + 113 % 94 = 33 + 19 = 52 → '4'
  16. 'D' (charCode 68): 33 + (68 + 14) % 94 = 33 + 82 % 94 = 33 + 82 = 115 → 's'
  17. 'D' (charCode 68): as above → 's'
  18. 'b' (charCode 98): 33 + (98 + 14) % 94 = 33 + 112 % 94 = 33 + 18 = 51 → '3'
  19. '5' (charCode 53): 33 + (53 + 14) % 94 = 33 + 67 % 94 = 33 + 67 = 100 → 'd'
  20. '0' (charCode 48): as above → '_'
  21. 'E' (charCode 69): 33 + (69 + 14) % 94 = 33 + 83 % 94 = 33 + 83 = 116 → 't'
  22. '9' (charCode 57): 33 + (57 + 14) % 94 = 33 + 71 % 94 = 33 + 71 = 104 → 'h'
  23. 'b' (charCode 98): as above → '3'
  24. '0' (charCode 48): as above → '_'
  25. '6' (charCode 54): 33 + (54 + 14) % 94 = 33 + 68 % 94 = 33 + 68 = 101 → 'e'
  26. 'I' (charCode 73): 33 + (73 + 14) % 94 = 33 + 87 % 94 = 33 + 87 = 120 → 'x'
  27. 'c' (charCode 99): as above → '4'
  28. '>' (charCode 62): 33 + (62 + 14) % 94 = 33 + 76 % 94 = 33 + 76 = 109 → 'm'
  29. 'P' (charCode 80): 33 + (80 + 14) % 94 = 33 + 94 % 94 = 33 + 0 = 33 → '!'
  30. 'N' (charCode 78): 33 + (78 + 14) % 94 = 33 + 92 % 94 = 33 + 92 = 125 → '}'

Decoded string:
BSIDESCT{y0u_p4ss3d_th3_ex4m!}

This is the real flag.
Final answer:
BSIDESCT{y0u_p4ss3d_th3_ex4m!}

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment