i just ended up comparing the typeracer websites and noticed they used a different popper version (1.16.1 or something) and then went to that code and searched for rgb and got flag.
flag: rgbctf{n073_7h3_d1ff}
type racer
console.log(Array.from(document.getElementById('Ym9iYmF0ZWEh').children).sort((a, b) => parseInt(a.style.order) -
parseInt(b.style.order)).map(x => x.innerHTML).join('').replace(/ /g, ' '))
and then pyautogui to type it
tictactoe
So after beating the ai a tonne of times i realised they werent going to implement a win method for you to get the flag <:rolf:683071291347042408>
So i thought abouut global events but gave up but then found a b64 string in one of the lines of obfuscated code. i got...
rgbCTF{h4h4_j4v42cr1p7_ev3n72_AR3_c00L}
imitation crab
robots.txt gives a har file link where we can see a log file after mashing keyboard i saw that the post request contained a "char" parameter so i extracted all of those from the har file and then converted those values to ascii to get flag
script below:
o = ""
with open("export.har","r") as f:
for line in f:
if '"text": "{' in line:
o += chr(int(line[31:33]))
print(o)
RGBCTF{H4R_F1L3S_4R3_2UP3R_US3FU1}
Countdown
The cookie is signed using flask. The page says 'Time is key'.
Using the flask-unsign utility, we can recover the secret key, 'Time'. We then resign data to move the 'end' date forwards.