title: Writeup ShieldsCTF 2021 - TiktokStar
date: Jun 05, 2021
tags: DamCTF Writeups OSINT Cheatsheet Volatility3 Forensic ShieldsCTF Prog HeroCTF MidnightFlag

Shields CTF - TiktokStar

C3PO utilise tout le temps des moyens mnémotechnique pour se souvenir des choses importantes, par exemple son mot de passe est le jour et l'heure exacte où il à passé sa journée à danser !

Heureusement pour vous il l'a posté en vidéo !

Format : SHIELDS{yyyy-mm-dd hh:mm:ss}

Little OSINT challenge where the goal is to find the date of publication of the video on tiktok. So I went to the tiktok account page C3PO_le_cho


After a few searches on tiktok, I can't find the date of publication so I decided to look for the original video thinking that this is the date I'm looking for. I finally found an instagram account, the origin of the video:


4,000 views on the video, I had to search a bit, but after that I only had to get the date from the insta page code:


And here is our flag : SHIELDS{2021-03-28 16:44:49}.

And noooo!! it doesn't work :cry:. I realized that as often in OSINT I went too far, let's go back !

I got back to the url of the tiktok video: and I remembered that sometimes data is encoded in the urls. After some research I found the way these urls are encoded to get the date. I then created my payload in python :

from datetime import datetime

urlid=6953291737544805638 #id of our tiktok video url
binary = "{0:b}".format(urlid) #conversion to binary

while i < 31:
    bits += binary[i] #keep only the first 31 bits

timestamp = int(bits,2) #convert these bits to an int which is our timestamp
dt_object = datetime.fromtimestamp(timestamp) #convert our timestamp to a datetime

>>> 2021-04-20 19:23:10

So we finally have our flag : SHIELDS{2021-04-20 19:23:10}

I updated the tool and added it to my github if you need it : tiktok-url-timestamp

As a little bonus, I also found this site in my research that does the same thing: unfurl