The Story Advent of Cyber 2025 Day 17 Walkthrough CyberChef – Hoperation Save McSkidy
McSkidy is imprisoned in King Malhare’s Quantum Warren. Sir BreachBlocker III was put in charge of securing the fortress and implemented several access controls to prevent any escape. His defenses are worthy of his name.
However, McSkidy managed to send vital clues to his team using harmless bunny pictures. One message revealed that five locks needed to be disabled to secure an escape route. The locks can be broken by examining their logic and leveraging the system’s built-in chat for the guards. They can be eluded in revealing vital details or even passwords. However, you will need to speak their language.
Learning Objectives
Introduction to encoding/decoding
Learn how to use CyberChef
Identify useful information in web applications through HTTP headers
Connecting to the Machine
Start your target machine by clicking the Start Machine button below. The machine will need about 2 minutes to fully boot. Additionally, start your AttackBox by clicking the Start AttackBox button below. The AttackBox will start in split view. In case you can not see it, click the Show Split View button at the top of the page.
Set up your virtual environment
To successfully complete this room, you’ll need to set up your virtual environment. This involves starting both your AttackBox (if you’re not using your VPN) and Target Machines, ensuring you’re equipped with the necessary tools and access to tackle the challenges ahead.
Note: For a better experience, open the AttackBox in a separate tab (full-screen option).
Answer the questions below
Let us siege the fortress!
No answer needed
Task 2 Important Concepts
Encoding and Decoding
Encoding is a method to transform data to ensure compatibility between different systems. It differs from encryption in purpose and process.
Encoding
Encryption
Purpose
Compatibility Usability
Security Confidentiality
Process
Standardized
Algorithm + Key
Security
No
Yes
Speed
Fast
Slow
Examples
Base64
TLS
Decoding is the process of converting encoded data back to its original, readable, and usable form.
CyberChef – Hoperation Save McSkidy Overview
CyberChef is also known as the Cyber Swiss Army Knife. Ready to cook some recipes?
Area
Description
Operations
Repository of diverse CyberChef capabilities
Recipe
Fine-tune and chain the operations area
Input
Here you provide the input for your recipe
Output
Here is the output of your recipe
Simple Example
Try your first recipe:
Open either the online CyberChef version in your regular browser, or use the offline CyberChef version available in the bookmarks section of the AttackBox. Drag and drop the To Base64 operation from the Operations area on the left side to the Recipe area in the center, and add IamRoot into the Input area.
Add another operation, From Base64, to show the initial input again, showcasing chain operations.
Note: You can enable/disable an operation in the recipe by toggling the middle button on the right of the operation.
Congratulations! You took the first steps to become a master Chef.
Inspecting Web Pages
Besides the rendered content of a web page, your browser usually receives and can show additional information.
For this challenge, you will get the chance to have a deeper look at that information and put it to good use.
To do this, depending on your browser, you can access the functionality as shown below:
Browser
Menu path
Chrome
More tools > Developer tools
Firefox
Menu (☰) > More tools > Web Developer Tools
Microsoft Edge
Settings and more (...) > More tools > Developer tools
Opera
Developer > Developer tools
Safari
Develop > Show Web Inspector (Requires enabling the “Develop” menu in Preferences > Advanced)
Note: For a better experience, you can reposition the console on the right side of the browser. Look for the three dots on the right side of the console.
Answer the questions below
Locked and loaded.
No answer needed
Task 3 First Lock – Outer Gate
Key Information
If not already, start the target machine, give it a few minutes to boot up, and then, from the AttackBox, you can access the web app at http://MACHINE_IP:8080.
McSkidy revealed some vital clues in his message. You will have to leverage any useful piece of information in order to break the locks.
Below are key points to look out for:
Chat is Base64 encoded. Try decoding this in CyberChef. This will be leveraged to extract useful information from the guards. Be aware that from Lock 3 onwards, the guards will take a longer time to respond.
Guard name. This logic will persist throughout the levels. Make sure to note down the guard’s name for each level.
Headers. Again, inspecting the page but switching to the ‘Network’ tab this time. Make sure to refresh the page once after switching to this tab and select the first response.
Login Logic. You will inspect the page and switch to the ‘Debugger’ tab. Match the lock with the respective logic. You can also find helpful comments that explain what you need to cook in CyberChef.
First Lock – Outer Gate
Ok, it’s time to siege the fortress. Ready?
1. First, identify the guard name and encode it to Base64. You will use this as the username input.
2. Next, using the information from the page headers, identify the magic question and encode it in Base64 as well.
3. Use the encode magic question in the chat. The guard will answer with the encoded level password.
4. Now, switch to the ‘Debugger’ tab and identify the login logic. In this case, the password is encoded to Base 64.
5. By decoding the answer from the guard, you will have the plaintext password.
6. Use the encoded username and plaintext password to log in.
Excellent work! One lock is down, and only four remain to be broken.
Answer the questions below
What is the password for the first lock?
Iamsofluffy
Task 4 Second Lock – Outer Wall
Second Lock – Outer Wall
Excellent job breaking that first level.
This level nudges the difficulty up a little bit, but don’t worry, you will figure it out. Let’s go!
1. Again, identify the guard’s name and save the encoded output for later.
2. Then, extract and encode the magic question and retrieve the encoded password from the guard.
3. Looking again at the login logic, you see that the encoding is applied twice this time. That means you have to decode from Base64 twice.
4. Go ahead and log in with the newfound password and the saved username.
You are getting closer to securing an escape route; only three locks remain. Keep up the good work.
Answer the questions below
What is the password for the second lock?
Itoldyoutochangeit!
Task 5 Third Lock – Guard House
Third Lock – Guard House
So far, so good. As you saw in the previous level, the login logic begins to use chained operations.
This will be the trend for this and the following levels.
As always, collect all the needed information (encoded username, encoded password from the guard, XOR key).
Note: From this lock onwards, there is no magic question, but sometimes you can ask the guard nicely to give you the password. It will still need to be decoded as per the login logic. Be aware that the guard may sometimes fall asleep or take a long time to respond (~2-3 minutes) so keeping the message short will help get the answer. Even a simple ‘Password please.’ will go a long way.
2. If you look at the login logic, there is a slight twist. The password is first XOR’ed with a key and then encoded to Base64.
Theory Time
XOR is a popular operation that, besides the input data, also uses a key. The process involves a bitwise exclusive OR between the data and key.
You might ask, “Ok, but how do I reverse this?”. Well, skipping the long math explanation, XOR has a magic property: when you XOR the result with the key again, the new result will be the initial data. Go ahead, try this in CyberChef. Put two XOR operations one after another, use the same key for both, and the output should be identical.
3. With this newfound knowledge, build the needed recipe to find the plaintext password.
4. Use the credentials and unlock the next level.
Answer the questions below
What is the password for the third lock?
BugsBunny
Task 6 Fourth Lock – Inner Castle
Fourth Lock – Inner Castle
We are almost there. In this level, Sir BreachBlocker III throws you a curveball. Let’s see how to tackle this.
1. But first, go ahead and look at the login logic as before. We will not be needing header information for this one.
2. After asking the guard for the password and looking at it’s reply, it seems a bit odd. At the same time, the login logic shows the use of a MD5 hash.
Theory Time
MD5, or Message-Digest Algorithm 5, is a cryptographic algorithm that produces a fixed-size hash value. While this is supposed to be a one-way function, meaning you cannot reverse it, precomputed hashes can be leveraged to identify the input.
3. Putting the two together, the plaintext password is passed through MD5, and you have the hash. This looks like a job for CrackStation.
4. Go ahead and open the site and paste the hash to retrieve the password.
5. Use the credentials and advance to the final level.
Fantastic. One more lock and you will ensure McSkidy has safe passage and escapes.
Answer the questions below
What is the password for the fourth lock?
Passw0rd1
Task 7 Fifth Lock – Prison Tower
Fifth Lock – Prison Tower
Ready for the final hurdle?
As the defenses weaken, you receive another hidden message from McSkidy:
“I can see you are ready to break the last lock. Be aware that Sir BreachBlocker III implemented different mechanisms for the last lock, which change occasionally. Make sure you match the correct approach when decoding the password.”
That sounds tricky, but do not despair. You will find a way.
1. Let’s start. Extract the information as before, noting down the encoded guard name.
2. Additionally, note the recipe ID from the header and match the corresponding login logic. Below is a quick cheat sheet for decoding each recipe.
Recipe ID
Reverse Logic
1
From Base64 ⇒ Reverse ⇒ ROT13
2
From Base64 ⇒ From Hex ⇒ Reverse
3
ROT13 ⇒ From Base64 ⇒ XOR(extracted key)
4
ROT13 ⇒ From Base64 ⇒ ROT47
3. Build the reverse recipe with CyberChef and extract the final password.
Finally, the last lock has been breached, and you provided a safe path for McSkidy to escape.
Answer the questions below
What is the password for the fifth lock?
51rBr34chBl0ck3r
What is the retrieved flag?
THM{M3D13V4L_D3C0D3R_4D3P7}
Task 8 Epilogue
As McSkidy passed by the Inner Castle, she heard a thunderous voice: “Why should Christmas have all the fun?”
McSkidy managed to get back to Wareville just in time as TBFC was about to be hit by another disaster.
Answer the questions below
If you found decoding secrets interesting, you can also check out the Introduction to Cryptography, which dives into the world of cryptography.
No answer needed
Looking for the key to Side Quest 3? Hopper has left us this cyberchef link as a lead. See if you can recover the key and access the corresponding challenge in our Side Quest Hub!
No answer needed
Advent of Cyber 2025 Day 17 – Completion Message
Congratulations! You’ve successfully completed Advent of Cyber 2025 Day 17: Cyberchef – Hoperation Save McSkidy.
By solving this challenge, you demonstrated strong analytical thinking and hands-on skills using CyberChef to decode, decompress, and transform obfuscated data. You tackled layered encodings, applied the right recipes, and uncovered the hidden message just like a real-world SOC analyst would during an active investigation.
This achievement shows your growing capability in:
Data decoding and transformation
Tool-driven cyber investigations
Logical problem-solving under pressure
Keep up the momentum and continue sharpening your cybersecurity skills. Every challenge you complete brings you closer to real-world expertise.
Well done, and see you in the next Advent of Cyber challenge! 🚀🔐
Happy Hacking!
What is Advent of Cyber 2025 Day 17 about?
Advent of Cyber 2025 Day 17 focuses on using CyberChef to decode and reverse multiple encoding techniques such as Base64, XOR, ROT ciphers, and MD5 hashes to break five locks and rescue McSkidy.
Which tools are required for Advent of Cyber 2025 Day 17?
You need the TryHackMe AttackBox or VPN access, a modern web browser with developer tools, and CyberChef (online or offline) to complete the challenge.
How is CyberChef used in Day 17?
CyberChef is used to decode Base64 messages, reverse XOR operations, apply ROT ciphers, convert hexadecimal values, and chain operations to extract passwords.
What encoding techniques are covered in Advent of Cyber 2025 Day 17?
The challenge covers Base64, double Base64 decoding, XOR with a key, ROT13, ROT47, hex decoding, string reversal, and MD5 hash cracking.
What is the final flag for Advent of Cyber 2025 Day 17?
I am a Cybersecurity Consultant with over 8+ years of experience in SOC analyst, digital forensics, cloud security, network security, and incident response. With 20+ international certifications, I have successfully designed secure systems, led vulnerability assessments, and delivered key security projects. I am skilled at improving incident response times, mitigating threats, and ensuring compliance with ISO 27001 standards.
6 Comments