Escartem Gallery

Apr 08, 2026

Cyber Saguenay CTF Web javascript encoding nextjs reverse-engineering

Escartem Gallery

Summary

The gallery challenge was a web encoding/reversal task. The flag was not hidden in image steganography; it was in an external data payload decoded by client-side JavaScript.

Evidence

/gallery loaded a page-specific Next.js chunk.
The chunk referenced /data/gallery.moe and browser decoding primitives such as atob and fromCharCode.
Reimplementing the client-side decoder produced JSON containing images and ctf2026 keys.
The ctf2026 value contained a flag-formatted token.

Steps

Fetch the gallery page and robots.txt.

curl -sSL "https://escartem.moe/gallery" -D /tmp/gallery_headers.txt -o /tmp/gallery.html
curl -sSL "https://escartem.moe/robots.txt" -D /tmp/robots_headers.txt -o /tmp/robots.txt

Download the page-specific JavaScript chunk referenced by the gallery page.

curl -sSL \
  "https://escartem.moe/_next/static/chunks/app/gallery/page-3985de5b38ad7e74.js" \
  -o /tmp/gallery_page_chunk.js

Extract the data URL and download the encoded payload.

curl -sSL "https://escartem.moe/data/gallery.moe" \
  -D /tmp/gallery_moe_headers.txt \
  -o /tmp/gallery.moe

Reimplement the JavaScript decoding chain observed in the chunk:

Unicode substitution
ASCII rotation
Alpha substitution reversal
Base64 decode
XOR with byte 97
JSON parse

Read the decoded JSON key ctf2026.

Flag

Recovered, but redacted in the local notes.

Notes

The challenge name suggested images, but the successful path was reversing the client-side data decoder.