Skip to main content

Theres_no_room_left

Challenge

Imported from local notes.md.

Solution

Original Notes

Theres_no_room_left

Challenge Summary

  • Given: a single text file named flag.txt and a description hinting that the walls are "closing in" digitally, plus the SHA1 hash of the attachment.
  • Goal: recover the hidden flag in the format CIT{...}.
  • Constraints: the visible contents are just readable prose, so the solve depends on identifying non-printing Unicode content rather than visible ciphertext.

Initial Recon / Triage

  • Observations: the file renders as an ordinary sentence, but cat -vet and xxd reveal a dense mix of invisible Unicode characters embedded around the visible text.
  • File identification: UTF-8 Unicode text with four non-ASCII code points repeated throughout: U+200C, U+200D, U+202C, and U+FEFF.
  • Entry points: verify the SHA1, strip the visible cover text away, then analyze the hidden zero-width stream.

Hypotheses & Approach

  • Hypothesis 1: the visible sentence is only cover text and the real payload is encoded entirely in zero-width Unicode characters.
  • Hypothesis 2: the four invisible characters represent base-4 digits, with each fixed-width block encoding one hidden character.

Execution Steps (Reproducible)

Stage 1

Commands:

cd /root/cit2026CTF/Theres_no_room_left
sha1sum starting_files/flag.txt
file starting_files/flag.txt
xxd -g 1 -l 256 starting_files/flag.txt

Results:

  • The SHA1 matched the prompt exactly: 0f425ef58c8922ef1bad11929b317bc9d7b21a73.
  • The hex dump exposed repeated zero-width code points mixed into otherwise plain text.

Stage 2

Commands:

cd /root/cit2026CTF/Theres_no_room_left
python3 artifacts/solve_theres_no_room_left.py

Results:

  • Removing visible characters leaves 232 invisible code points, which split cleanly into 29 blocks of 8 code points each.
  • Each block has a constant five-code-point prefix and a three-code-point payload.
  • Mapping the payload symbols as U+200C=0, U+200D=1, U+202C=2, U+FEFF=3, then interpreting the three payload symbols as a base-4 number and adding 64, decodes the hidden message directly.
  • The recovered flag is CIT{ok_maybe_not_plain_sight}.

Artifacts Produced

  • artifacts/solve_theres_no_room_left.py: reproducible decoder for the zero-width Unicode payload.
  • artifacts/decoded_flag.txt: the recovered hidden message.

Flag

CIT{ok_maybe_not_plain_sight}