# 7 Mallory St / Pop Team Eric (Reverse) Jojo: [I don'-](bash:_ppe/s2/1/flag.txt:_Permission_denied._You_will_never_arrive_at_the_flag.) ## Prerequisites: * Knows "Inspect Element" exists. * Knows how to google stuff. [.](lol:Seriously_you_don't_even_need_to_download_anything_else) ## Goal: Recover the project file of the animation! 0. Look into the animation. Seems like Pipimi is reluctant to give us the flag! But every "To Be Continued" hides something behind... 1. Inspect source of given file with F12. ``` <!--The Wick project is bundled here during HTML export. <script>[...]</script> <!--The Wick Engine build is injected here during engine build.> ``` Looks like the file is a "Wick Engine" project export. If we can get the source file, the flag will definitely be somewhere in it. 2. Read line 11 of the html. Seems like base64. ``` <script> window.INJECTED_WICKPROJECT_DATA = '**UEsDBAoAAAAAA[...very long...]sAhAkAAB0UqQEAAA==**'; </script> ``` 3. Copy the long string into a file, and decode it in [base64](https://www.base64decode.org/). Don't crash your text editor. 4. If we take a look into the zipped output, there's a json. The flag isn't here though:  Maybe it isn't a text? 5. What does a wick file look like then? > *A WICK file is a Wick Editor project. It is a Zip-compressed archive that contains the project's assets and a . JSON metadata file.* ~ From [fileinfo.com](https://fileinfo.com/extension/wick) > The structure of of the decoded file seems familiar:  Turns out the zip file can be directly opened in Wick. 6. Go to wickeditor.com and open the zip file directly: Voila! 7. Finding the flag should be as easy as going through the timeline. || After all you only need an "[I order you!](bash:_sudo_what_is_the_flag?)"|| 8. [ls It lmpossibIe To TeII I and l apart](https://www.youtube.com/watch?v=E3p_Crhi3K8)? ## Closing Thoughts: 2-stars are easier than 1-stars. Don't trust the difficulties.