The Impossible Challenge


Difficulty: Medium

Room: The Impossible Challenge

Created by: 0day

Decoding the cipher

Examining the page leaves us with what looks like a cipher.

qo qt q` r6 ro su pn s_ rn r6 p6 s_ q2 ps qq rs rp ps rt r4 pu pt qn r4 rq pt q`so pu ps 
r4 sq pu ps q2 su rn on oq o_ pu ps ou r5 pu pt r4 sr rp qt pu rs q2 qt r4 r4 ro su pq o5

The order to decode the hint:

  1. ROT13
  2. ROT47
  3. HEX
  4. Base64

The hint is: It’s inside the text, in front of your eyes.

Basic enumeration on the zip with file, binwalk, etc only reveals it’s just a password protected zip containing a file flag.txt. There must be more to the page. If I know one thing about tryhackme there’s a lot of steg challenges. Our hint is it’s in front of our eyes but what does that mean? Hmm maybe steg?


Unicode zero-width characters steg

Like they say.. you don’t know what you don’t know. I was hitting a wall with this challenge and decided to start googling as a last ditch effort.

Ironically searching hide text 2 characters with spaces I get a suspicious first result. Upon further investigation I decided to go down this route.


Googling some more I found a lot of online js webapps, python libraries, and even chrome and firefox extensions regarding zero width character steganography.

After installing this chrome extension I noticed something interesting on the page. There are a few browser extensions I stumbled on. They are highlighted in the Null Byte article and the accompanying Cyber Weapons Lab Episode below.


What I used to solve the challenge

330k's webapp

After finding the hidden text on the page we get the password to the zip and can read flag.txt.


The_Hoid, a writer for Null Byte did a great job explaining this topic so I’ll leave you with his article and the Cyber Weapons Lab Episode.

Use Zero-Width Characters to Hide Secret Messages in Text (& Even Reveal Leaks) - Null Byte


This was a fun challenge from 0day. My key takeaway from this challenge is never under estimate googling like a five year old. At very least it could present a new topic that might be worth exploring to add to your knowledge or something to put in your notes to explore later. Enjoy hiding messages!