Base Onion - Peeling Multi-Layer Encoding

Challenge Overview

The challenge provided a single encoded string:

KlQxWpWSgzwr5XdKmuItmAHxb93LS6dXkdYiaopxfjDcrYY0Dq73m4wbHbqV9SVrh60qhoiRQZnn8VwSPuTOYX

Analysis

Observations:

• Contains uppercase, lowercase, and digits only
• No +, /, or = padding symbols
• No extra symbols — this is Base62, not Base64

Layer 1: Base62

Using CyberChef with “From Base62” produced a new string that looked like Base64 but was not yet readable. This was the first indication the challenge was layered — like an onion.

Layers 2–8: Recursive Base64

Applied “From Base64” repeatedly. After 7 iterations of Base64 decoding the output shifted into raw binary data (unreadable symbols).

Final Layer: XOR with Key 5

The intermediate ciphertext before binary was:

mqquv?**alvfjwa+bb*av3rOV7nfU

Hint received: Key: 5

Approach:

• Tried Caesar shift (subtract 5 from each ASCII value) — partial results
• Applied XOR with key 5 — produced the final readable output
• Result: a Discord invite link (the flag/objective)

Key Lessons

• Base62 vs Base64: Base62 has no symbols. Base64 uses + and /.
• Recursive encoding: CTF challenges often stack the same encoding multiple times.
• Binary output = raw data: When decoded text becomes unreadable symbols, you need a key or a known file format to continue.