The Onion

Challenge

Imported from local notes.md.

Given: a single challenge.txt attachment and the prompt Can you peel back the layers?
Goal: recover the final flag in the format CIT{string}.
Constraints: the challenge note explicitly says the recovered answer will not include the CIT{} wrapper.

Observations: the attachment is a single long ASCII line and its SHA1 matches the challenge prompt exactly.
File identification: the content is valid base64 and remains valid base64 through many recursive decoding rounds.
Entry points: recursively decode until the payload stops being UTF-8 text, then inspect the terminal token.

Hypothesis 1: the challenge is a repeated-encoding exercise where each base64 decode reveals the next layer.
Hypothesis 2: the terminal token is not the final wrapped flag and must be resolved into the accepted plaintext answer before adding CIT{}.

Commands:

cd /root/cit2026CTF/The_Onion
sha1sum starting_files/challenge.txt
python3 artifacts/solve_onion.py

Results:

The attachment hash matched the prompt: 6ca8b4ae8d7317b27f564bc962a20b3e6fb49c72.
Recursive decoding peeled 16 text layers.
The terminal token written to artifacts/final_md5.txt is b9486c74c779db5194d6508bebbee72b.

Commands:

cd /root/cit2026CTF/The_Onion
cat artifacts/final_md5.txt
cat artifacts/accepted_flag.txt

Results:

The accepted flag body is iloveharrypottersomuchthaticouldreadallthebooksintwodaysmostlikely.
Wrapping it per the prompt yields the final flag CIT{iloveharrypottersomuchthaticouldreadallthebooksintwodaysmostlikely}.

artifacts/solve_onion.py: reusable layer-peeling helper for this challenge.
artifacts/layer_01.txt through artifacts/layer_16.txt: each successive decoded text layer.
artifacts/final_md5.txt: terminal token after peeling.
artifacts/accepted_flag.txt: accepted final wrapped flag.

CIT{iloveharrypottersomuchthaticouldreadallthebooksintwodaysmostlikely}