Pactf 2018 Write Up
Keep in mind that this page is a work in progress.
Round 1 (Lovelace)
A Picture is a Thousand Words (solution and video)
Apparently there is something hidden in this image…
Hint: You’re looking for text—how might you look at the text of the image?
Solution: Download. Right click -> properties. Then scroll down until you find the description, which will hold the flag properties for windows.
For a Video Explanation click here: https://youtu.be/-VUlda7GVbg
Straight from the Emperor (solution and video)
The Emperor says ny_nx_tsq3_zumnqq_kwtr_mjwj_687dc9c7cd
–what could it possibly mean? I hear that he ‘encrypts’ numbers now too, something about appending them to the alphabet…
Hint: Some say he’s an emperor, I say he’s a salad.
Solution: The solution to this is to search up for a Caesar Cipher Decoder. I recommend Cryptii. After this you have to put numbers in the key, 0 to 9. If you set the shift to 31, you will get the flag: it_is_only_uphill_from_here_1328747278
For a Video Explanation click here: https://youtu.be/qgKCWr-yQtg
Caesar Cipher? (solution)
“Cowards die many times before their deaths; the valiant only taste of death but once.” (1007, 1008) Are you valiant enough to figure this out?
5:6 1139:4 1620:3 172:4
Hint: There’s a lot of text on the Internet and in print. What if you could send messages using all of that data? But you’d have to pick something pretty famous…
Solution: I started this puzzle completely distracted by the title, Caesar Cipher, a type of encryption where each letter of the alphabet is shifted any number of times. I tried doing an alphabet shift on the quote many times, but of course, no result was shown, just a bunch of mixed up numbers.
It took a bit of time, but I looked at the hint, focusing on the part where they mention that the answer is something pretty famous. Fortunately, I was recently learning about Shakespeare, a famous playwright, in my English class and realize the quote shown above was a famous line from one of Shakespeare’s plays, Julius Caesar (I guess that's where the title came from).
If you look closely at Shakespeare's plays the text is written in lines (I learned in English class that it was actually called iambic pentameter, but this is not English class so I won’t get into it). Immediately, my eye turned toward the series of ratios. I guessed that the first number in each ratio meant the line number of the play and the second was the place of the word that we need.
Indeed! I simply searched the web for a PDF version of Shakespeare’s play of Julius Caesar and looked up the line numbers and voila! We have the flag! [Cassius] Easy 20 points for me :)
Let Me In (solution and video)
You received this account.rar file, but it is ‘protected’ under a password. Can you break in?
Hint: Something tells me the user might not be using complex passwords…
Solution: In order to open this file, download WinZip, or Winrar. To solve this problem, the solution is using a process called a bruteforce decoder. A bruteforce decoder is a decoder that tests all possible solutions or outcome. In this case, to unlock the file, I searched the most common passwords and picked the first one (123456) and got it.
After opening the file a text file is displayed containing the flag. Keep in mind the flag changes for each user to prevent hackers from cheating so you're on your own for getting this flag.
For a Video Explanation click here: https://youtu.be/6xbfxcwAZ7g
Go Git It
The code samurai (also known by his pseudonym Nicholas) was making some final optimizations on his program when… he accidentally decapitated it.
Download the samurai’s repository: go git it.tar.bz2
Hint: Perhaps ‘chopping a branch off a tree’ would be the more precise analogy.
Who said It?
Hint: Keys live on keyservers.
Bad Melody (solution and video)
Our musician friend Martin recently bought a melody pack containing different melodies recorded in MIDI format. He hoped to use them in his electronic music tracks and then pretend that he was the person who actually wrote them. He spent a solid hundred dollars, but the website selling sample packs fooled him! Instead of 10 wonderful melodies, he only received one MIDI file. It sounded awful, and Martin quickly noticed why!
Can you notice why?
See for yourself: melody.mid
Hint: How would you edit MIDI?
Solution: The solution to this one is quite simple, especially with the help of the hint. All we need is to download a software that can edit MIDI files. MIDI is an audio file and usually with anything related to audio, most hackers will choose Audacity, a recommended software that is super handy. (Audacity is a must need for any CTF competition so if you haven't already, make sure you download it) You can download Audacity at http://www.audacityteam.org/download/.
Once you import the music onto the program, there should be a small dropdown menu. Once you're there click the stenography option. Looking closely the audio waves spell out a sentence, in this case it says, "write your own music" and you got your flag!
For a video explanation: https://youtu.be/qgKCWr-yQtg
Open Sourcery 2018
The solution to this problem lies within the Chromium source code. Literally. There is some string in there that mentions a flag and PACTF…
Hint: This problem builds off of a similarly named problem in PACTF 2017.
Credit Card Leak (Solution)
ShoeShop was hacked, and all of their customer records were released online—including credit card numbers. One credit card in the leak is invalid, however. What is the invalid credit card number?
Here’s the leak: cc_leak.txt.bz2
Hint: The credit card numbers in the leak are obviously all invalid, but most would pass a certain credit card validity test. All credit card numbers except one, that is.
Solution: For this one we need to create a python program. The algorithm that the problem is talking about is the Luhn algorithm. This is the program I used.
After you run the program you should get the flag, "8692015931457397"
Third Eye (solution and video)
Sometimes there is more than meets the eye.
Hint: Maybe if you just squint harder…
Solution: For this one, you need to inspect the page (Ctrl+Shift+I). After a while of searching, you will find the description of third eye. A lot of "random text" will be in between the words which, if you search up you will find that it is called Unicode. Unicode is unprintable, which is why you can't see it without inspecting the page. If you open a Google Docs document, and drag and drop the Unicode into the doc, you can replace one letter of the Unicode, ‌ and ​ to 0's and 1's (binary, because there are only 2 variants of the code) and put it into a binary to text converter, we get the flag "what_else_lurks_beneath_the_eye".
For a video explanation: https://youtu.be/jOMoKZTjKak
Getting to Know GDB
A friend sent me a mysterious binary. It’s supposed to print out the flag, but it’s giving me a weird poem and some hex instead.
Hint: The flag is in there somewhere, but something gives me the feeling that searching the binary for strings wont help…
Security Through Obscurity (solution and video)
We intercepted this message, but we can’t make heads or tails of it. It was rattled off so fast, too… How could anyone be that good at using a cipher?
Anyway, here’s the message. Good luck!
Tązhii, Łį́į́ʼ, Dzeeh Mąʼii, Dibé yázhí, Wóláchííʼ, Tłʼízí Tin, Dibé Mósí, Łį́į́ʼ, Dzeeh, Dibé, Tązhii, Dzeeh, Gah, Neeshchʼííʼ, Dzeeh, Béésh dootłʼizh
Hint: This definitely doesn’t look like English. What else could it be? Perhaps looking through the history books might help…
Solution: This one, if you just search up the non-English text, you can see that it is Navajo Code. You can also find a Python program that can decrypt it on GitHub, and you can just copy and paste it. https://gist.github.com/TheZ3ro/572ef81c0f20bf9c4c435b32a62a7056 After that copy and paste the message in between quotation marks in text = ""
Then run the program and then you will get the flag: "chesternez"
For a video explanation: https://youtu.be/kl3PsZ6ts58
Beats by Dr. K
Dr. K just released her new EP — download her track now!
Hint: Listen to each bit…Flag:
The Lottery, Part One: Spill Your heart Out!
I was playing this lottery. Which number is going to win next time? If only you could see into the future…
Hint: Brought to you by Oracle Corporation! Spill your heart out!
The Lottery, Part two: Untwisting Fate!
This time the lottery is harder than ever! Can you manage to untwist the cockles of fate itself? Can you see into the future?
They seem to have given me a lot more information. Perhaps it’ll help?
Hint: We may regard the present state of the universe as the effect of its past and the cause of its future. An intellect which at a certain moment would know all forces that set nature in motion, and all positions of all items of which nature is composed, if this intellect were also vast enough to submit these data to analysis, it would embrace in a single formula the movements of the greatest bodies of the universe and those of the tiniest atom; for such an intellect nothing would be uncertain and the future just like the past would be present before its eyes. — Pierre Simon Laplace, A Philosophical Essay on Probabilities
Siblings
One 4096-bit RSA key is impossible to break, so 20 must be even better! By chaining each encryption together, surely it’s impossible for you to figure out what the message is?
Everything you’ll need (except the private keys, you’re on your own for that!)
Hint: Numbers don’t have siblings, right? What could that mean?
Round 2 (Hopper)
Doppelgänger(solution)
My friend Miles texted me today with this phrase “МОРЕ РОЕТ АТОМ”. I first thought that he went insane and has schizophasia. Apparently, it makes sense! Even though it doesn’t. So, what do you think is digging?
Hint: Consider the case and UTF-8 values of the characters…Flag:
Solution: First open Google Translate. Then click on the option "Detect language" and copy and paste the sentence "MOPE POET ATOM". Then click on the translation and you get "Sea digs atom" so the flag is sea. The flag is sea because the problem asks "what do you think is digging?".
Redacted (solution)
ANDOVER, MA— Phillips Academy Capture the Flag releases an institution-wide memorandum on the security of PDF documents. For privacy, parts of the memo are redacted.
View the memo: SECURE REDACTED MEMORANDUM.
Hint: Redaction, huh?
Solution: For this one, my first thought was: what if I could just copy and paste what was under the blacked out text. And it worked. Highlight the text that is covered in black and paste it to a separate place and you will find the flag, "b3_car3ful_0r_y0ur_l3ak_m1ght_l3ak".
Am I Pwned? (solution)
I was talking on IRC with a guy who tricked me into giving him a hash of my password and then said he could hack me! He said I might be “pwned”! I know the hashing algorithm is MD5; that’s still secure, right?
… Oh, you want to know whether my password is secure or not?
It doesn’t have any uppercase letters or numbers or punctuation, but isn’t six characters still a lot? what he meant by that one. Would you be able to hack my password? Here’s the hash:
eca065fba51916821eb7274c786c67d9
Hint: The hacker told me that “MD5 is kinda rekt”. That sounds bad, right? I mean, how long would it take to brute force it…
Solution: As you can see from the hint "MD5 is kinda rekt" we can infer that the solution to this problem is something related to MD5 hash. This one you can use a simple MD5 hash decoder, which you can find online. The one I used was http://md5decrypt.net/en/, which got the flag, really fast. Just press "Decrypt" and you get the flag: "lmaoez"
It's In, If (solution)
My older brother sent me this photo, but I don’t know what to make of it.
Hint: What might big brother know?
Solution: You will find the flag in the metadata of the photo, but this time you can not directly find it in the windows properties. You can use a website like this one to find it. Insert the file and look at the XMP location and find the flag in the stitching software, which is big_brother_is_looking_at_your_photos
Letter to a Machine (solution)
You intercepted a letter.rar—but to read it, you have to prove that you are not a human. The password is NOT BAD
+ FACE
.
Hint: I’m sure it’s just coincidence that BAD
and FACE
can be spelled with just the letters ABCDEF
…
Solution: From the hint, we can infer that the solution has something to do with Hex as ABCDEF are all part of HEX. After A little(LOT) searching I found this thing called a Bitwise function. It uses the NOT function, so we can use a calculator like this one, and press the NOT Operator at the bottom. Then Calculate and You should get -BAE. Then You can get HEX calculator and add -BAE with FACE You get EF20 which is the passcode to the text file. After you open the text file you get the flag, lIZORZaOkWrIuNB. A way to open the .rar file is WinZip. I found this calculator by this person who also makes write ups.
The Signal and the Noise (solution)
There’s a message in here somewhere! You’ll have to find it yourself.
Find the needle in the haystack!
Hint: There must be something that distinguishes the signal from the noise. How could you mark something in a plain text file? All you have are Unicode characters...
Solution: To solve this problem we need to create a python program that looks for the Unicode inside all of the text the problem gives us. First we copy and paste all the text with control A or on mac command A, and copy and paste it into a document. Then create your python program. My program looks like this.
For each for loop, it splits the file data into different parts. The first for loop splits the file into sentences then words and then letters. We want to split them into letters so we can find the individual Unicode easier to find the words for the flag. if you run the program you will get the flag, theflagisinplainsight
.
A helpful source/writeup is this one.
Partial Encryption
You are a military commander. Some poor intern has tried encrypting their messages to you. They gave you this string: 4iyNz2zmshrlEbaoivr
. Well now you’re going to have to spend all afternoon on this…
Hint: They also scribbled the string its?vIg
at the bottom, and the ?
just means I’m not sure what they wrote. Remember to include the underscore!
Truly Blue? (solution and video)
I love lots of things about my school, Phillips Academy Andover. But most of all, I love its school color: a soothing shade of blue. I couldn’t just tell you the hex code for the color; that wouldn’t be enough! I think a 128 x 128 PNG file is probably a better method of conveying its utter beauty. That’s not suspicious, right? Gaze upon its beauty! True blue!
Hint: Did you know there are 16,777,216 possible RGB colors, and only one of them is Andover blue? I wonder if you could even tell the difference between all of them…
Solution: Before I got the flag, I tried using an hex color decoder to see if that was the flag, but it didn't work. I also tried using a decoder that found out the RGB colors as the hint says so. I gave it a shot, but I didn't succeed. Luckily one of my teammates found this decoder, which helped me get the flag. This problem is easy with the right tools, like http://stylesuxx.github.io/steganography/. With this tool you have to go to the "Decode" tab first. Then you can just import the file in, and press "Decode" button. There will be a lot of random text, in some other language, and other unreadable characters. The screenshot below shows what it should look like. At the end of the readable text, it will give you the flag, "last bitsmatter" (colored in blue).
If you want to see a video version, Click here: https://youtu.be/M95EPBAx1SQ
Zip Zap Zop
My friend gave me this file, but I have no idea what to do with it?
Hint: I tried to make this file really, really small.
Solution:
Reversal 3 2 1
I received this file from my bananagrams partners! I think they’re just trying to distract me from the game. I need to finish this one quick, so I can get back to my game! Any help?
Hint: Who doesn’t like a good game of bananagrams?
Streaming Attack
A popular twitch.tv
streamer who goes by BabblingBrook_PACTF
streams her adventures trying to visit a waterfall in every country that has one. She doesn’t like attention, so she encrypts her messages to us so that people don’t know where she’s heading next. I managed to get a copy of the encryption program, and I also managed to get an encrypted version of the message TheCodeSamurai subscribed for 3 months! Thank you, TheCodeSamurai!
sent to me by subscribing. Here’s the message (in hexadecimal):
Now, I want to decrypt the following message. Any way of helping me out?
Here’s the encryption program; you’ll need it.
Hint: BabblingBrook_PACTF is a nice person, but I don’t think she’s super good at cryptography. Any way you could exploit that fact?
Victor
Привет, меня зовут Рейно, иначе известный как Виктор. Пожалуйста, расшифруйте это секретное сообщение - у меня нет времени для этого. Я предоставляю вам ключ.
Note: the flag contains Cyrillic characters.
Hint: Google Translate is your friend—but you might want to familiarize yourself with Russian Nihilism, too.
Wakanda problem is this?(solution)
You’ve arrived at Wakanda’s border. Only the flag will allow you to enter. This is all you have.
Hint: Use the bytes in the second image.
Solution: For this problem I will be using an apple machine as I am more comfortable with the terminal on it. So first we create a new folder to put the photo the problem gives us. We save the photo onto the file and go to the terminal. Then we can do ls to check if its there and use the command xxd photoname > newfilename(can be anything).xxd
. Then we can open it with vi
to use its find function to look for the initials PK. it must be capital or you won't get the right result. if the bytes near are 0304 then you have found the right PK. so if we count a byte which is 2 numbers starting from 0 we get 3 bytes Then then to the left you can see the hex numbers and put them into a hex to decimal converter. You get 30144 and and 3 bytes and we get 30147. then we can do the command dd skip=30147 bs=1 if=originalphotoname of=whateveruwant
. Then we do ls to check if the new file we created is there. if so we repeat the xxd
process and use vi to look for the flag. using vi's
find option and searching for flag, we get the flag wankada4eva
.
Library of Babel
Is this what passes through fiber optic cables? Must be…
Hint: It is much faster to extract frames from the video and write a script!
Solution: First we download a video to jpg converter like this one which i found by searching up video to jpg converter. Then we create a python program to scan all the qr codes to get the text. In one of the qr code scans is will show this:
. Then search up library of babel and you will find this link. Then click Browse, and enter the hex which is inbetween the "Your answer is here" exept for "eqvzb" w-3, s-5, v-25, p-248". Enter wall 3 (w-3), shelf 5, volume 25 and got to page 248 and you will find the flag,
AI
Our artificial intelligence engineer made a groundbreaking discovery, but left the company unexpectedly… all we have is the obfuscated source.txt…
Hint: What language thinks 3 + ‘3’ == “33”?
Hash Master (solution and video)
Miles forgot his login for OPENWI:RE, so he asked Darcy to send a password reset. Instead, she gave him the hash of his password—and the custom hashing algorithm. Miles doesn’t have great password security, so you could probably brute force it… but maybe there’s a way to do this more efficiently?
Here is the hash of Miles’ password: 293366475
Here is the hashing algorithm:
Hint : Okay, OPENWI:RE isn’t part of this problem. But you should still subscribe! If you’re interested in what else the PACTF team has been working on individually, check out Miles’ personal site and Igor’s IcyBounce. Alex has been doing some cool things too.
Oh, by the way, Miles’ shift keys don’t work—and he’s not a big fan of numbers.
Solution: For this problem, we will be creating a brute force Python program. If you have not learned this language, I highly recommend that you do, as it can be very helpful when solving certain CTF problems. I like to use Python idle, and with it I created this program. You can find it at https://github.com/Videogamer7/Pactf_2018/blob/master/CTF.py. First, I created an array of all the letters we need, all lowercase, as the shift key is broken. Then we can copy and paste a hashing algorithm into the code. After, we can define a variable (which can be anything) which will be set to zero. Then we make a for loop for each letter of the password. Since we don't know, we will have to start with one letter all the way to 6 which is the amount of letters the flag is. We define another variable and have it equal our array name and our for loop variable. Then write an if statement to see if the variable you defined to hash_it(l6) (l6 is the variable name I gave to the array plus the for loop variable) equals the hash, and if so, print out what the letters are. The flag is 6 letters, all a's with 1 b, so aaaaab, aaaaba, aaabaa, aabaaa, abaaaa, baaaaa.
For a video version click here: https://youtu.be/xWTa1fhhMH4
Skywriting
If you’ve been having a tough time with these problems, frustration can cloud your judgment. To fix that, try jamming out to some music to help you find the silver lining. Here, I’ll even give you some to try:
Hint: The bit of music you hear in that link up above is from a guy who goes by insaneintherainmusic on the Internet. He does cool jazzy covers of video game music, and he kindly let us use his cover of Gusty Garden Galaxy for this problem. Go check out more of his stuff if you like the little taste you get here!
Last updated