Home Hacky Easter 2018
Ctf-event
Cancel

Hacky Easter 2018

The annual Hacky Easter Event from Hacking-Lab

Overview

ChallengeDifficultyPointsCategoryFlag
Prison Breakeasyhe18-gx8L-AJUw-DSMH-6aUI
Babyloneasyhe18-egu6-pL6f-QjmF-qXWj
Pony Codereasyhe18-lSvO-A4tC-AdzR-3iFk
Memeoryeasyhe18-cGoS-a2tz-BD2w-zXH8
Slopppy and Pasteeasyhe18-2yTc-bJ1f-raIQ-gKc6
Cooking for Hackerseasyhe18-MdVx-nSgb-wzYT-TtoE
Jigsaweasyhe18-jFsP-AXNB-GUXu-dkms
Disco Eggeasyhe18-Qox7-xFIw-cljk-ySdF
Dial Trialeasyhe18-Yuk0-9zPD-l8Di-aL1i
Level Twomedium unsolved
De Egg you mustmedium unsolved
Patiencemedium unsolved
Sagittariusmedium unsolved
Same Samemediumhe18-D76U-PvxZ-7Icy-mkF1
Manile Greetingsmediumhe18-ifiI-T6ZT-TNyX-9DZp
Git Cloakmediumhe18-k4oU-OEar-n9Sr-ULi0
Space Invadersmediumhe18-D76U-PvxZ-7Icy-mkF
Egg Factorymedium unsolved
Virtual Henhard unsolved
Artist No Name Yethard unsolved
Hot Doghard unsolved
Block Janehard unsolved
Rapbid Learninghard unsolved
ELFhard unsolved

Prison Break

Challenge

Your fellow inmate secretly passed you an old cell phone and a weird origami. The only thing on the phone are two stored numbers.

1
2
555-7747663 Link
555-7475464 Sara

Find the password and enter it in the Egg-o-Matic below. lowercase only, no spaces!

Solution

Combine the telephone numbers with the dots on the origami and a T9 pad:

1
2
3
4
5
6
7
8
7747663 (Link)
1334322 (number of dots)
prisone (1 times '7' key = p, 3 times '7' key = r,  3 times '4' key = i,  etc)

7475464 (Sara)
3342321 (number of dots)
risking

this reads prisonerisking, enter this into egg-o-matic to get our egg

Flag

he18-gx8L-AJUw-DSMH-6aUI

Babylon

Challenge

s not the only thing in Babylon which has walls and shelves.

1
4 - 4 - 28 - 355

babylon.txt

Solution

This refers to the Library of Babel, from a short story written by Jorge Luis Borges. The library in the story contains every single possible 410 page book. Most will be jibberish, but it will also contain every 410 page book ever written or that ever will be written.

This concept has been made into a on online version: https://libraryofbabel.info/

We can find the book, on hexagon given by the content of the text file, wall 4, shelf 4, volume 28, page 355.

https://libraryofbabel.info/book.cgi?2hd04vwksv96d2ij58kr4x49lgvckeoub1m8u2zpss9wwyiwpvq7vkz89iiv198n0k99qih4s18v713uksdkpsz4wfo6su0zl0uvw23icgf0n175gryfepsidc8yumvam1hjfs2mzsfqzycapk46wf6erucoun3hm1teokgyqjpqghqshghzf71tsjup7j7qp57sbdcntz0k1vv2iurfx8z96miyi6t9a8ahhj1yruajetvlm2doe1dluy9yk8fylnhyjrot1v7i1u1e9gnmpguwrvqyj3hm7wp4iit9lo8rqnscyozzb12ya60o4z9uz2l1y8oei3pl0kwzzzspg74sb3yooid26fuuq9y9tca4d3oh8nsf3mbliwws4o5l78w2n4uuzrnh6u4ynnwyvk8e5wszmqmpnwbvey4h7s18c9uprc8j2ovradt051trqnh48xg7wc1wtzqo0gfyn0pqx7hjnifycl7z9tm8vscj8e6x3xhcbi6cj5sel12010p6rwssftmvy5szjxcpzmb63t33xs6lxtx0oh33ukajz0cx5ltbl8eyr1tzzyb4x6irt91mzwdcv7zoz7hfszzkzj6yi63isqpb9yo6iizr1caktzpxhp9ebdyfrgdil3p6fpt1gjj6bmo116i7rs0ctam10rhf4jzw4dd5j5hayn2igo69umgssncg8yogu7fy802qy02qth95mfks4pn2y5lk3mmt9b6crdbytwvbev1fub8l7tzbpsdh6rld5hs2il35deqcjrdusrfz10i7ga3qfn1nxf7ntf27qi2xn5r1s8y52o0q2gxg6fugt1kwe1f62j3bywee7d8dsq33mpmuorjab9ywr1sz1i0r6ih16vfuje3bwti1sbbsltrwtichfsoalis3daw6u76gwf90owzbh75hg2ktmohif074250fly91hf8qgfxz31nfqi0n8o0w82jy1nfomlhzc5qjgml9dax8xlwayenhl748m5zqgzaz0d64kswphbs8fl8spp5vn97kw4p3jdygnz329645sw52maj2ybafczpnozsfwxob5448vxab7q4t2re4tvoe6xle5dt2n3q98z1jamdix94gpf6skds07hijddt5pyul8yzaanw376wwaby6pli9hmjpwpt2j4jzbbagpf1pgfmpe9d5phmj8aef38lw18eng5xu6k5soogvv1sl8gc5yga9lzpzdq97rm73qzg0nz2qb3s67bbf79etfhzzrgcs1kkvhzmxz8u7ddcf9ukxmn7f3d7yr0qw8113nno5qhxgsr1ym7x8v9t9tq6umkrv2e0wpr3n25nskk2ixrajv8fhgx5wqnd40kff4q9v50v9nxh5063v9eusz765qt8rwhe15mm8ttsd1kca3nqqszzrkfpr5e0tlkiajtz2zicoe6ppng7p86kwsxjhct6yifvz0fowrnffpqlxuzyg5kivlerbtw50apxj9id51otjo142ni7ir502y44t20nv4icx6x5t4zxaihzkwu33stjswp10d395vb07pkqhrwhiik7yr4lq2bxnad152iomi8f1e45mlk422895b0tj9cvr05ae86x2mhdfcd1i9mph3gp874orfrof2ooph25mcvbjhfu4rgtelpzh3n6tqop30e3jjy22rllqtc3v9wlk3zf28a1b3kkw9xnxi7yaz22q2e8jy9gcmn2skfy4x4tjcd038sk85oi6u8pjurqdwgc28f02301xx6bnc8b01lfkvpf7r9vufpoxa7991rl5u53an9nnv63tgkayu05sd6vj14ri03fsu6pyfusfsmsagfvgag7pxrjeaad6in4dktpms8vssp06golf523o7a206rqcm7bwdilni6kcz0ncxurgleefuz5d0a299i6ws2y30pipk7sg4tqi28hhzib997xc0lkqmibmgaalapnq4ogsbilvfmbao5o4u782rsmzko53qbmn9vhsy49nph5xks9nppy7r7jwkrdhtmudofudh5vetovw579l0ytpzd0im5j5593xwccinx2y9u1i5w9bdfhlvwjkza8jxpo0ffmgjoxl7951aym0r0sybfx19tx8baozfbkpsadjnbu9m0udvef7dxswamsqkz0q9lj2isyrr04qx3xlgtbx0kp9ldmpf58ivziori03jowd7nq4l5i6xtr2c9o0lie64pzmzzx10jroho9vl0u1waam6iguxudj0wby1qst3hgdogux0xo2ytkeqqyxvb9lhsosvxfyb4hgp1e7tas0jhlkptgyy6arp05a485u8ewqzzwmrarmenpfok9tlnpwcel74vbkzsei8hhi3y8evcilrtb9xjiqvqryb333sg7ax5l411hj0d6i3d4y8d3rb4px47gw6xrnvo1lt0rn130okqo9ijk1hi4dwa79lhtylazqg2ma6bjsvvi03obedaj70ej25pau0iliavcbpw0vj8rs7nwr3h85wo136zwlrxjt2xk82vifum2jyw15fxigmeb4790xff3iisg781ep7vfza53wupuuzlynpvujilzqjx1a0ewmzm9527th2c84bt3il8nwvalwafn9iajekizfpn1f1sbkwatuufezd9v9hwqlyokvdl62fh1acxv8fmpffbjm0s6q0qghlbzq0eoghhjoladv6bzl2lwrowj5l05xfo3hvab0kc8djiha4qwnlnevo22yxfo97q1irohidipypccuiwx8vjty4zt8qlvefe68kf51pex4b99dqqnn2zdsswg2u3wkz5iv65jc94o5b40yrbr992996wuu441jy87xvde0bb61lczqfnbg0ss2jnzcm3nsoo8rrtpnh0bphpd7yrpfvlz63uj6tn0ptxne63yvziis84kxuwzfs6fw696tuyjwx0pbpsvtx0ky8fcgtj92ej0xosvqkkehmdly0q1cqaydepbqsmqmxfzhgb4dwcxszwhr5n8zt4eifhr1yjbouejpiwesdi0rzph15z0cwth06s30blffqwwyuhhyu1vn1mdgsa2hvqhagpafmumeix9ppcgraou49l9r4vzzm5vg325ilt3nduqrtg73zbuwvou379vyd8crg6b27rvq05h2pgy9vwatxl88cm7ba9p7407hgblci42a78xrhprtai2rinq0xsly9c69ypnko73nqpumnjkwqb4sw4-w4-s4-v28:355

This leads to a page which is mostly spaces an the following sentence:

1
the super secret hackyeaster password is checkthedatayo

we enter this into the egg-o-matic to get our egg

Flag

he18-egu6-pL6f-QjmF-qXWj

Pony Coder

Challenge

Tony the pony has encoded something for you. Decode his message and enter it in the egg-o-matic below! Lowercase and spaces only, and special characters!

1
gn tn-gha87be4e

Solution

Pony Coder refers to Punycode

we can prepend xn-- and use an online conversion tool such as this one to translate xn--gn tn-gha87be4e to gìn tônì©

this doesn’t work when we put it in the the egg-o-matic, but we try gin tonic and that does work

Flag

he18-lSvO-A4tC-AdzR-3iFk

Memeory

Challenge

Fancy a round of memeory?

Click here to play.

Solution

nspect the html, and can see the images on each of the cards:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
<div class="moduleLegespiel">
<figure id="legespiel_card_63" class="">
	<a href="#card_63">
      <img class="boxFront" src="./lib/32.jpg">
	  <img class="boxWhite" src="./lib/shadow_card.png">
	  <img class="boxBack" src="./lib/back.jpg">
	 </a>
	 <img class="boxStretch" src="./lib/shim.gif">
</figure><figure id="legespiel_card_58" class="">
	<a href="#card_58">
	  <img class="boxFront" src="./lib/30.jpg">
	  <img class="boxWhite" src="./lib/shadow_card.png">
	  <img class="boxBack" src="./lib/back.jpg">
	</a>
	<img class="boxStretch" src="./lib/shim.gif">
</figure><figure id="legespiel_card_84">
	<a href="#card_84">
	  <img class="boxFront" src="./lib/43.jpg">
	  <img class="boxWhite" src="./lib/shadow_card.png">
	  <img class="boxBack" src="./lib/back.jpg">
   </a>
	  <img class="boxStretch" src="./lib/shim.gif">
</figure><figure id="legespiel_card_73">
	<a href="#card_73">
	  <img class="boxFront" src="./lib/37.jpg">
	  <img class="boxWhite" src="./lib/shadow_card.png">
	  <img class="boxBack" src="./lib/back.jpg">
   </a>
   <img class="boxStretch" src="./lib/shim.gif">
</figure><figure id="legespiel_card_19">

[..]

so we just find the pairs and play the game to get our egg:

Flag

he18-cGoS-a2tz-BD2w-zXH8

Slopppy and Paste

Challenge

This was a mobille challenge.

Solution

When we try to copy the text shown, it copies a different text

so we get the apk of the mobile app and decode it

1
apktool decode HackyEaster_9_5.0.1.apk

and find the string we are looking for in assets/www/challenge05.html

Flag

he18-2yTc-bJ1f-raIQ-gKc6

Cooking for Hackers

Challenge

1
2
3
4
5
6
7
8
9
10
11
12
13
You've found this recipe online:

    1 pinch: c2FsdA==

    2 tablesspoons: b2ls

    1 teaspoon: dDd3Mmc=

    50g: bnRkby4=

    2 medium, chopped: b25pb24=

But you need one more secret ingredient! Find it!

Solution

These b64 decode to

1
2
3
4
5
6
7
1 pinch: salt
2 tablesspoons: oil
1 teaspoon: t7w2g
50g: ntdo.
2 medium, chopped: onion

But you need one more secret ingredient! Find it!

The period at the end of the fourth part is the hint, this is a url!

1
saltoilt7w2gntdo.onion

open it with a tor browser to get the egg

Flag

he18-MdVx-nSgb-wzYT-TtoE

Jigsaw

Challenge

Thumper was probably under time pressure and jumped around a bit too wild. As a result, his picture has broken.

Can you write a program to put it back together

Solution

This tool is pure magic and solved this challenge for us using a genetic algorithm: https://github.com/nemanja-m/gaps

1
$ gaps --image=../jigsaw.png --generations=30 --population=600 --save

1
goodsheepdontalwayswearwhite

We put this phrase into the egg-o-matic to get our egg

Flag

he18-jFsP-AXNB-GUXu-dkms

Disco Egg

Challenge

1
2
3
Make things as simple as possible but no simpler.

-- Albert Einstein

disco.html

Solution

We are led to a site with an egg continually chaning colour

The element of the disco egg look as follows in the source:

1
2
3
4
5
6
7
8
<div id="overlay">
<table><tr>
<td class="cyan black green darkgreen blue orange red darkgrey brown" style="background-color:#006412;"></td>
<td class="cyan red brown blue black green darkgrey" style="background-color:#FBF305;"></td>
<td class="cyan black blue red lightgrey" style="background-color:#FBF305;"></td>
<td class="darkgreen black tan cyan green blue" style="background-color:#FBF305;"></td>
<td class="brown blue darkgrey cyan mediumgrey lightgrey black darkgreen" style="background-color:#FF6403;"></td>
[..]

we notice that each element has either black or white in the list but not both. We let the background color reflect this and find our QR code

1
2
3
4
5
cat disco.html
| sed 's|</td>|</td>\n|g'
| sed 's|class=\".*white.*|class=\"white\" style=\"background-color:#FFFFFF;\"></td>|g'
| sed 's|class=\".*black.*|class=\"black\" style=\"background-color:#000000;\"></td>|g'
> disco2.html

Flag

he18-Qox7-xFIw-cljk-ySdF

Dial Trial

Challenge

Another mobile challenge

Solution

we find the mp3 file played by the app when hitting the button.

We convert it to wav file and decode the DTMF tones using http://dialabc.com/sound/detect/index.html

1
472612252336262636253412

This looks like it could be similar to the first challenge, each pair of number representing a letter, 47 means 4 times number 7 (letter s in T9)

1
2
47 26 12 25 23 36 26 26 36 25 34 12
s  n  a  k  e  o  n  n  o  k  i  a

Whoo! we enter snakeonnokia in the egg-o-matic to get our egg

Flag

he18-Yuk0-9zPD-l8Di-aL1i

Level Two

Challenge

So you managed to beat the boss in the teaser game? This one won’t be that easy!

You’ll need RPG Maker Run Time Packages to run the game.

Hints: There are several parts to be found. Combine them, and enter the final flag in the egg-o-matic below, without spaces! Saving the game from time to time certainly helps.

game.zip

Solution

Flag

unsolved

De Egg you must

Challenge

Who was first, the cat or the egg?

basket.zip

Solution

The zip file is password protected but easily cracked with fcrackzip and this wordllist

1
2
3
4
5
6
7
8
9
10
11
$ fcrackzip -v --use-unzip -D -p dictionaries/password basket.zip
found file 'egg1', (size cp/uc 1389653/1433600, flags 9, chk 4f21)
found file 'egg2', (size cp/uc 1426168/1433600, flags 9, chk 4f21)
found file 'egg3', (size cp/uc 1425557/1433600, flags 9, chk 4f21)
found file 'egg4', (size cp/uc 1425787/1433600, flags 9, chk 4f21)
found file 'egg5', (size cp/uc 1423266/1433600, flags 9, chk 4f21)
found file 'egg6', (size cp/uc 362705/384584, flags 9, chk 4f21)


PASSWORD FOUND!!!!: pw == thumper

1
2
3
$ file egg1
egg1: ISO Media, Apple iTunes Video (.M4V) Video

The first file looks like a video, but it doesn’t play properly. We try to extract frames and get the following error:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
$ ffmpeg -i egg1.m4v -r 1/1 $filename%03d.jpg
ffmpeg version 3.3.4-2 Copyright (c) 2000-2017 the FFmpeg developers
  built with gcc 7 (Ubuntu 7.2.0-8ubuntu2)
  configuration: --prefix=/usr --extra-version=2 --toolchain=hardened --libdir=/usr/lib/x86_64-linux-gnu --incdir=/usr/include/x86_64-linux-gnu --enable-gpl --disable-stripping --enable-avresample --enable-avisynth --enable-gnutls --enable-ladspa --enable-libass --enable-libbluray --enable-libbs2b --enable-libcaca --enable-libcdio --enable-libflite --enable-libfontconfig --enable-libfreetype --enable-libfribidi --enable-libgme --enable-libgsm --enable-libmp3lame --enable-libopenjpeg --enable-libopenmpt --enable-libopus --enable-libpulse --enable-librubberband --enable-libshine --enable-libsnappy --enable-libsoxr --enable-libspeex --enable-libssh --enable-libtheora --enable-libtwolame --enable-libvorbis --enable-libvpx --enable-libwavpack --enable-libwebp --enable-libx265 --enable-libxvid --enable-libzmq --enable-libzvbi --enable-omx --enable-openal --enable-opengl --enable-sdl2 --enable-libdc1394 --enable-libiec61883 --enable-chromaprint --enable-frei0r --enable-libopencv --enable-libx264 --enable-shared
  libavutil      55. 58.100 / 55. 58.100
  libavcodec     57. 89.100 / 57. 89.100
  libavformat    57. 71.100 / 57. 71.100
  libavdevice    57.  6.100 / 57.  6.100
  libavfilter     6. 82.100 /  6. 82.100
  libavresample   3.  5.  0 /  3.  5.  0
  libswscale      4.  6.100 /  4.  6.100
  libswresample   2.  7.100 /  2.  7.100
  libpostproc    54.  5.100 / 54.  5.100
[mov,mp4,m4a,3gp,3g2,mj2 @ 0x55e2047e2f20] moov atom not found
egg1: Invalid data found when processing input

a moov atom contains metadata about the video link.

We remember the challenge description cat or the egg so we concatenate the different files together to get a working video

1
$ cat egg* > eggall

We notice some marking at the bottom of the frames during the last second orso, but not sure what that means?

1
$ ffmpeg -i eggall -y -ss 24 -an -r 20 frame%03d.jpg

Flag

unsolved

Patience

Challenge

Solution

Flag

unsolved

Sagittarius

Challenge

13 - Sagittarius…

… is playing with his pila again.

Can you find the Easter egg QR code he has hidden from you?

Solution

I loaded pila.kmz into a KMZ viewer and saw this:

So obviously the wrong projection.

Flag

unsolved

Same Same

Challenge

Same same… …but different! Upload the right files and make the server return an Easter egg!

1
http://whale.hacking-lab.com:4444

upload.php.txt

Solution

We get some PHP code:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
<?php
require __DIR__ . "/vendor/autoload.php"; // QR decoder library from https://github.com/khanamiryan/php-qrcode-detector-decoder

try {
    $qrcode1 = new QrReader($_FILES["file1"]["tmp_name"]);
    $answer1 = $qrcode1->text();
} catch(Exception $e) {
    exit("Error while reading the first QR.");
}

try {
    $qrcode2 = new QrReader($_FILES["file2"]["tmp_name"]);
    $answer2 = $qrcode2->text();
} catch(Exception $e) {
    exit("Error while reading the second QR.");
}

if(($answer1 == "Hackvent" && $answer2 == "Hacky Easter" or $answer1 == "Hacky Easter" && $answer2 == "Hackvent") && sha1_file($_FILES["file1"]["tmp_name"]) == sha1_file($_FILES["file2"]["tmp_name"])) {
    [SURPRISE]
}
else {
    echo ":-(";
}
?>

The PHP code seems to require that we upload two files which are QR codes with the word ‘Hackvent’ in one and ‘Hacky Easter’ in the other, and that those files should have identical sha1sums.

I just assumed it would accept PDFs without looking since the sha1 collision for pdfs was pretty recently big news. Found https://github.com/nneonneo/sha1collider as one of the top results in a search.

1
2
3
4
5
$ qrencode 'Hackvent' -o a.png
$ qrencode 'Hacky Easter' -o b.png
$ convert a.png a.pdf
$ convert b.png b.pdf
$ python3 sha1collider/collide.py a.pdf b.pdf --progressive

and got out two PDFs with identical hashes in under a second! Neat.

1
2
bdece875ca36c6505b0728cbeca7495db1a30246  out-a.pdf
bdece875ca36c6505b0728cbeca7495db1a30246  out-b.pdf

Flag

he18-D76U-PvxZ-7Icy-mkF1

Manile Greetings

Challenge

Randy Waterhouse receives a package from his friend Enoch Root containing a deck of cards and a letter:

Dear Randy,

even though our stay in Manila was not very pleasant, I fondly think of our discussions there:

1
GTIFL RVLEJ TAVEY ULDJO KCCOK P

Wishing you happy Easter

Enoch

deck

Solution

The text is a hint to the book Cryptonomicon by Neal Stephenson. Combined with the cards image, we realize this is a Solitaire Cipter

if we convert the notation of the deck slightly we can solve it online here

key:

1
8d 3s 7d 3d 2c 5s Ad 6c 7s 6d A Kd Qh Js Jc 7h 3h 9h 9s 8s 9c As 4h 8c 3c Kh Ah 6s 6h Ts Ks Ac Td Qd Qc B Qs 4s 9d 2s 5c Jh Th 4c Tc 5d 8h 2h 2d Jd 7c Kc 5h 4d

which gives output:

1
THEPA SSWOR DISCR YPTON OMICO N

So the password is CRYPTONOMICON, and we put that into the egg-o-matic to get our flag

Flag

he18-ifiI-T6ZT-TNyX-9DZp

Git Cloak

Challenge

This one requires your best Git-Fu! Find the hidden egg in the repository.

repo.zip

Solution

The zip files contains a git repo with a number of images in it:

imageimageimageimageimageimageimageimageimageimage The egg with the QR code translates to `7dUDQDhMQkLYsQTMJq62`, but this is not a valid egg of course. ```bash $ git log commit b9e860f47fe6990cbda4ac5bb3d2829d2191f1eb (HEAD -> master) Author: PS <ps@hacking-lab.com> Date: Tue Jan 23 05:43:16 2018 -0500 even more funny images added commit 3839c14d2863fd850794661677352305ea798eb6 Author: PS <ps@hacking-lab.com> Date: Tue Jan 23 05:43:15 2018 -0500 more funny images added commit 228b603ed45ddaf1b1d3fe502e168fa2508ee5ed Author: PS <ps@hacking-lab.com> Date: Tue Jan 23 05:43:15 2018 -0500 created the funny git meme repo ``` We rewind the commits to see if there is anything interesting ```bash $ git reset HEAD~2 Unstaged changes after reset: M 02.png D 04.png ``` we see that image 2 was modified and another image deleted ![](writeupfiles/chall16/images/02-2.png) ![](writeupfiles/chall16/images/04.png) but alas, this different egg (QRcode reads `qdUX0sgDVjWxiFNifHKE`) is still not what we are looking for.. ```bash $ git log --all --graph --oneline * b9e860f (HEAD -> master) even more funny images added | * 9a29769 (branch) branch created |/ * 3839c14 more funny images added * 228b603 created the funny git meme repo ``` So we see that a different branch was created at some point, but we don't find the egg here either. ```bash $ cat .git/config [core] repositoryformatversion = 0 filemode = false bare = false logallrefupdates = true symlinks = false ignorecase = true [user] name = PS email = ps@hacking-lab.com ``` ```bash $ cat .git/logs/HEAD [29-03-18 13:00:39] 0000000000000000000000000000000000000000 228b603ed45ddaf1b1d3fe502e168fa2508ee5ed PS <ps@hacking-lab.com> 1516704195 -0500 commit (initial): created the funny git meme repo 228b603ed45ddaf1b1d3fe502e168fa2508ee5ed 228b603ed45ddaf1b1d3fe502e168fa2508ee5ed PS <ps@hacking-lab.com> 1516704195 -0500 checkout: moving from master to temp 228b603ed45ddaf1b1d3fe502e168fa2508ee5ed b9820d55ce59799992648672a5a43fff4effd56b PS <ps@hacking-lab.com> 1516704195 -0500 commit: temp branch created b9820d55ce59799992648672a5a43fff4effd56b 9d7c9b5a1c8773ea48caac90d05401679b0a8897 PS <ps@hacking-lab.com> 1516704195 -0500 commit: added one more image 9d7c9b5a1c8773ea48caac90d05401679b0a8897 228b603ed45ddaf1b1d3fe502e168fa2508ee5ed PS <ps@hacking-lab.com> 1516704195 -0500 checkout: moving from temp to master 228b603ed45ddaf1b1d3fe502e168fa2508ee5ed 3839c14d2863fd850794661677352305ea798eb6 PS <ps@hacking-lab.com> 1516704195 -0500 commit: more funny images added 3839c14d2863fd850794661677352305ea798eb6 3839c14d2863fd850794661677352305ea798eb6 PS <ps@hacking-lab.com> 1516704195 -0500 checkout: moving from master to branch 3839c14d2863fd850794661677352305ea798eb6 9a29769663d029f1b3ad83fec7e7f19ca1cf8e78 PS <ps@hacking-lab.com> 1516704195 -0500 commit: branch created 9a29769663d029f1b3ad83fec7e7f19ca1cf8e78 3839c14d2863fd850794661677352305ea798eb6 PS <ps@hacking-lab.com> 1516704196 -0500 checkout: moving from branch to master 3839c14d2863fd850794661677352305ea798eb6 b9e860f47fe6990cbda4ac5bb3d2829d2191f1eb PS <ps@hacking-lab.com> 1516704196 -0500 commit: even more funny images added $ git log --all --branches --remotes --tags --reflog --oneline --graph * b9e860f (HEAD -> master) even more funny images added | * 9a29769 (branch) branch created |/ * 3839c14 more funny images added | * 9d7c9b5 added one more image | * b9820d5 temp branch created |/ * 228b603 created the funny git meme repo ``` ``` git checkout 9d7c9b5a1c8773ea48caac90d05401679b0a8897 ``` gives us another image, `tree.jpg` and yet another version of `02.png`: ![](writeupfiles/chall16/images/02-3.png) ![](writeupfiles/chall16/images/tree.jpg) Eventually discovered `git fsck` notes a dangling blob which is apparently some piece of data that was included at one point but the commit was later removed or backed out. ```console $ git fsck Prüfe Objekt-Verzeichnisse: 100% (256/256), Fertig. dangling blob dbab6618f6dc00a18b4195fb1bec5353c51b256f $ git cat-file -p dbab6618f6dc00a18b4195fb1bec5353c51b256f > tmp.png $ file tmp.png tmp: PNG image data, 480 x 480, 8-bit colormap, non-interlaced ``` ![](writeupfiles/chall16/tmp.png)

Flag

he18-k4oU-OEar-n9Sr-ULi0

Space Invaders

Challenge

Alien space invaders left a secret message. Luckily, you know that they used codemoji.org for the encryption.

Decrypt the message, and save the planet!!

⚾⭐📯💵🎨📢📘💪☀🌆💪🐸🎨🐦📢

Solution

  • Go to https://codemoji.org/#/encrypt
  • create a random message
  • “share”, they give you a shortlink that resolves into “https://codemoji.org/share.html?data=….” where data is an html encoded, base64 encoded blob of json like:

    1
    2
    3
    4
    
     {
       "message": "⚾⭐📯💵🎨📢📘💪☀🌆💪🐸🎨🐦📢",
       "key": "👾"
     }
    
  • replace the message with the given input: “⚾⭐📯💵🎨📢📘💪☀🌆💪🐸🎨🐦📢”
  • and get this url
  • which decodes with the invader emoji to invad3rsmustd13

Flag

he18-D76U-PvxZ-7Icy-mkF

Egg Factory

Challenge

Make the egg factory write a secret word!

Then enter it into the Egg-o-Matic below, uppercase and underscores only.

A.8xp

Solution

Flag

unsolved

Virtual Hen

Challenge

Virtual hen lays virtual eggs. But only with the correct password it is an Easter Egg!

create_egg

Solution

Flag

unsolved

Artist No Name Yet

Challenge

Great musical compositions are being published lately, by an unknown producer. Nobody was able yet to unveil the genius behind. It is said that he or she is placing secret messgages in his compositions.

You got hold of the original files of the latest masterpiece. Uncover the hidden message, and enter it into the Egg-o-Matic below, case and digits only.

artist.zip

Solution

Flag

unsolved

Hot Dog

Challenge

or: how to solve this darn crypto challenge to get your sleep back.

Enter the flag found, into the Egg-o-Matic below, without brackets.

hotdog.zip

Solution

Flag

unsolved

Block Jane

Challenge

You intercepted an encryped message by Jane. Can you decrypt it?

You know that AES was used, and that the following service is receiving such encrypted messages:

1
whale.hacking-lab.com 5555

Find the password and enter it in the Egg-o-Matic below!

secret.enc

Solution

Flag

unsolved

Rapbid Learning

Challenge

The SERTC (super exciting rabbit travel company) wants to use the latest technology.

They currently employ an experienced guide, which is classifying the visitors into Goodtails and Luckyspoons. For the trained eye of the guide, this is easy. But how do you get a machine to do it (which would be cheaper)?

Go and help them implement a learning algorithm! Their platform is available here:

http://whale.hacking-lab.com:2222

Since quality is the main concern of SERTC, they expect an accuracy of at least 99%.

Solution

Flag

unsolved

ELF

Challenge

The Egg Liberation Front (ELF) already marked this binary. Go ahead and free the egg!

Once the right PIN is provided, the binary spills out the Easter egg QR code.

lock

Solution

Flag

unsolved