Overview
Challenge | Difficulty | Points | Category | Flag |
---|---|---|---|---|
Prison Break | easy | he18-gx8L-AJUw-DSMH-6aUI | ||
Babylon | easy | he18-egu6-pL6f-QjmF-qXWj | ||
Pony Coder | easy | he18-lSvO-A4tC-AdzR-3iFk | ||
Memeory | easy | he18-cGoS-a2tz-BD2w-zXH8 | ||
Slopppy and Paste | easy | he18-2yTc-bJ1f-raIQ-gKc6 | ||
Cooking for Hackers | easy | he18-MdVx-nSgb-wzYT-TtoE | ||
Jigsaw | easy | he18-jFsP-AXNB-GUXu-dkms | ||
Disco Egg | easy | he18-Qox7-xFIw-cljk-ySdF | ||
Dial Trial | easy | he18-Yuk0-9zPD-l8Di-aL1i | ||
Level Two | medium | unsolved | ||
De Egg you must | medium | unsolved | ||
Patience | medium | unsolved | ||
Sagittarius | medium | unsolved | ||
Same Same | medium | he18-D76U-PvxZ-7Icy-mkF1 | ||
Manile Greetings | medium | he18-ifiI-T6ZT-TNyX-9DZp | ||
Git Cloak | medium | he18-k4oU-OEar-n9Sr-ULi0 | ||
Space Invaders | medium | he18-D76U-PvxZ-7Icy-mkF | ||
Egg Factory | medium | unsolved | ||
Virtual Hen | hard | unsolved | ||
Artist No Name Yet | hard | unsolved | ||
Hot Dog | hard | unsolved | ||
Block Jane | hard | unsolved | ||
Rapbid Learning | hard | unsolved | ||
ELF | hard | unsolved |
Prison Break
Challenge
Your fellow inmate secretly passed you an old cell phone and a weird origami. The only thing on the phone are two stored numbers.
1
2
555-7747663 Link
555-7475464 Sara
Find the password and enter it in the Egg-o-Matic below. lowercase only, no spaces!
Solution
Combine the telephone numbers with the dots on the origami and a T9 pad:
1
2
3
4
5
6
7
8
7747663 (Link)
1334322 (number of dots)
prisone (1 times '7' key = p, 3 times '7' key = r, 3 times '4' key = i, etc)
7475464 (Sara)
3342321 (number of dots)
risking
this reads prisonerisking
, enter this into egg-o-matic to get our egg
Flag
he18-gx8L-AJUw-DSMH-6aUI
Babylon
Challenge
s not the only thing in Babylon which has walls and shelves.
1
4 - 4 - 28 - 355
Solution
This refers to the Library of Babel, from a short story written by Jorge Luis Borges. The library in the story contains every single possible 410 page book. Most will be jibberish, but it will also contain every 410 page book ever written or that ever will be written.
This concept has been made into a on online version: https://libraryofbabel.info/
We can find the book, on hexagon given by the content of the text file, wall 4, shelf 4, volume 28, page 355.
This leads to a page which is mostly spaces an the following sentence:
1
the super secret hackyeaster password is checkthedatayo
we enter this into the egg-o-matic to get our egg
Flag
he18-egu6-pL6f-QjmF-qXWj
Pony Coder
Challenge
Tony the pony has encoded something for you. Decode his message and enter it in the egg-o-matic below! Lowercase and spaces only, and special characters!
1
gn tn-gha87be4e
Solution
Pony Coder refers to Punycode
we can prepend xn--
and use an online conversion tool such as this one to translate xn--gn tn-gha87be4e
to gìn tônì©
this doesn’t work when we put it in the the egg-o-matic, but we try gin tonic
and that does work
Flag
he18-lSvO-A4tC-AdzR-3iFk
Memeory
Challenge
Fancy a round of memeory?
Click here to play.
Solution
nspect the html, and can see the images on each of the cards:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
<div class="moduleLegespiel">
<figure id="legespiel_card_63" class="">
<a href="#card_63">
<img class="boxFront" src="./lib/32.jpg">
<img class="boxWhite" src="./lib/shadow_card.png">
<img class="boxBack" src="./lib/back.jpg">
</a>
<img class="boxStretch" src="./lib/shim.gif">
</figure><figure id="legespiel_card_58" class="">
<a href="#card_58">
<img class="boxFront" src="./lib/30.jpg">
<img class="boxWhite" src="./lib/shadow_card.png">
<img class="boxBack" src="./lib/back.jpg">
</a>
<img class="boxStretch" src="./lib/shim.gif">
</figure><figure id="legespiel_card_84">
<a href="#card_84">
<img class="boxFront" src="./lib/43.jpg">
<img class="boxWhite" src="./lib/shadow_card.png">
<img class="boxBack" src="./lib/back.jpg">
</a>
<img class="boxStretch" src="./lib/shim.gif">
</figure><figure id="legespiel_card_73">
<a href="#card_73">
<img class="boxFront" src="./lib/37.jpg">
<img class="boxWhite" src="./lib/shadow_card.png">
<img class="boxBack" src="./lib/back.jpg">
</a>
<img class="boxStretch" src="./lib/shim.gif">
</figure><figure id="legespiel_card_19">
[..]
so we just find the pairs and play the game to get our egg:
Flag
he18-cGoS-a2tz-BD2w-zXH8
Slopppy and Paste
Challenge
This was a mobille challenge.
Solution
When we try to copy the text shown, it copies a different text
so we get the apk of the mobile app and decode it
1
apktool decode HackyEaster_9_5.0.1.apk
and find the string we are looking for in assets/www/challenge05.html
Flag
he18-2yTc-bJ1f-raIQ-gKc6
Cooking for Hackers
Challenge
1
2
3
4
5
6
7
8
9
10
11
12
13
You've found this recipe online:
1 pinch: c2FsdA==
2 tablesspoons: b2ls
1 teaspoon: dDd3Mmc=
50g: bnRkby4=
2 medium, chopped: b25pb24=
But you need one more secret ingredient! Find it!
Solution
These b64 decode to
1
2
3
4
5
6
7
1 pinch: salt
2 tablesspoons: oil
1 teaspoon: t7w2g
50g: ntdo.
2 medium, chopped: onion
But you need one more secret ingredient! Find it!
The period at the end of the fourth part is the hint, this is a url!
1
saltoilt7w2gntdo.onion
open it with a tor browser to get the egg
Flag
he18-MdVx-nSgb-wzYT-TtoE
Jigsaw
Challenge
Thumper was probably under time pressure and jumped around a bit too wild. As a result, his picture has broken.
Can you write a program to put it back together
Solution
This tool is pure magic and solved this challenge for us using a genetic algorithm: https://github.com/nemanja-m/gaps
1
$ gaps --image=../jigsaw.png --generations=30 --population=600 --save
1
goodsheepdontalwayswearwhite
We put this phrase into the egg-o-matic to get our egg
Flag
he18-jFsP-AXNB-GUXu-dkms
Disco Egg
Challenge
1
2
3
Make things as simple as possible but no simpler.
-- Albert Einstein
Solution
We are led to a site with an egg continually chaning colour
The element of the disco egg look as follows in the source:
1
2
3
4
5
6
7
8
<div id="overlay">
<table><tr>
<td class="cyan black green darkgreen blue orange red darkgrey brown" style="background-color:#006412;"></td>
<td class="cyan red brown blue black green darkgrey" style="background-color:#FBF305;"></td>
<td class="cyan black blue red lightgrey" style="background-color:#FBF305;"></td>
<td class="darkgreen black tan cyan green blue" style="background-color:#FBF305;"></td>
<td class="brown blue darkgrey cyan mediumgrey lightgrey black darkgreen" style="background-color:#FF6403;"></td>
[..]
we notice that each element has either black
or white
in the list but not both. We let the background color reflect this and find our QR code
1
2
3
4
5
cat disco.html
| sed 's|</td>|</td>\n|g'
| sed 's|class=\".*white.*|class=\"white\" style=\"background-color:#FFFFFF;\"></td>|g'
| sed 's|class=\".*black.*|class=\"black\" style=\"background-color:#000000;\"></td>|g'
> disco2.html
Flag
he18-Qox7-xFIw-cljk-ySdF
Dial Trial
Challenge
Another mobile challenge
Solution
we find the mp3 file played by the app when hitting the button.
We convert it to wav file and decode the DTMF tones using http://dialabc.com/sound/detect/index.html
1
472612252336262636253412
This looks like it could be similar to the first challenge, each pair of number representing a letter, 47
means 4 times number 7 (letter s
in T9)
1
2
47 26 12 25 23 36 26 26 36 25 34 12
s n a k e o n n o k i a
Whoo! we enter snakeonnokia
in the egg-o-matic to get our egg
Flag
he18-Yuk0-9zPD-l8Di-aL1i
Level Two
Challenge
So you managed to beat the boss in the teaser game? This one won’t be that easy!
You’ll need RPG Maker Run Time Packages to run the game.
Hints: There are several parts to be found. Combine them, and enter the final flag in the egg-o-matic below, without spaces! Saving the game from time to time certainly helps.
Solution
Flag
unsolved
De Egg you must
Challenge
Who was first, the cat or the egg?
Solution
The zip file is password protected but easily cracked with fcrackzip and this wordllist
1
2
3
4
5
6
7
8
9
10
11
$ fcrackzip -v --use-unzip -D -p dictionaries/password basket.zip
found file 'egg1', (size cp/uc 1389653/1433600, flags 9, chk 4f21)
found file 'egg2', (size cp/uc 1426168/1433600, flags 9, chk 4f21)
found file 'egg3', (size cp/uc 1425557/1433600, flags 9, chk 4f21)
found file 'egg4', (size cp/uc 1425787/1433600, flags 9, chk 4f21)
found file 'egg5', (size cp/uc 1423266/1433600, flags 9, chk 4f21)
found file 'egg6', (size cp/uc 362705/384584, flags 9, chk 4f21)
PASSWORD FOUND!!!!: pw == thumper
1
2
3
$ file egg1
egg1: ISO Media, Apple iTunes Video (.M4V) Video
The first file looks like a video, but it doesn’t play properly. We try to extract frames and get the following error:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
$ ffmpeg -i egg1.m4v -r 1/1 $filename%03d.jpg
ffmpeg version 3.3.4-2 Copyright (c) 2000-2017 the FFmpeg developers
built with gcc 7 (Ubuntu 7.2.0-8ubuntu2)
configuration: --prefix=/usr --extra-version=2 --toolchain=hardened --libdir=/usr/lib/x86_64-linux-gnu --incdir=/usr/include/x86_64-linux-gnu --enable-gpl --disable-stripping --enable-avresample --enable-avisynth --enable-gnutls --enable-ladspa --enable-libass --enable-libbluray --enable-libbs2b --enable-libcaca --enable-libcdio --enable-libflite --enable-libfontconfig --enable-libfreetype --enable-libfribidi --enable-libgme --enable-libgsm --enable-libmp3lame --enable-libopenjpeg --enable-libopenmpt --enable-libopus --enable-libpulse --enable-librubberband --enable-libshine --enable-libsnappy --enable-libsoxr --enable-libspeex --enable-libssh --enable-libtheora --enable-libtwolame --enable-libvorbis --enable-libvpx --enable-libwavpack --enable-libwebp --enable-libx265 --enable-libxvid --enable-libzmq --enable-libzvbi --enable-omx --enable-openal --enable-opengl --enable-sdl2 --enable-libdc1394 --enable-libiec61883 --enable-chromaprint --enable-frei0r --enable-libopencv --enable-libx264 --enable-shared
libavutil 55. 58.100 / 55. 58.100
libavcodec 57. 89.100 / 57. 89.100
libavformat 57. 71.100 / 57. 71.100
libavdevice 57. 6.100 / 57. 6.100
libavfilter 6. 82.100 / 6. 82.100
libavresample 3. 5. 0 / 3. 5. 0
libswscale 4. 6.100 / 4. 6.100
libswresample 2. 7.100 / 2. 7.100
libpostproc 54. 5.100 / 54. 5.100
[mov,mp4,m4a,3gp,3g2,mj2 @ 0x55e2047e2f20] moov atom not found
egg1: Invalid data found when processing input
a moov atom
contains metadata about the video link.
We remember the challenge description cat or the egg
so we concatenate the different files together to get a working video
1
$ cat egg* > eggall
We notice some marking at the bottom of the frames during the last second orso, but not sure what that means?
1
$ ffmpeg -i eggall -y -ss 24 -an -r 20 frame%03d.jpg
Flag
unsolved
Patience
Challenge
Solution
Flag
unsolved
Sagittarius
Challenge
13 - Sagittarius…
… is playing with his pila again.
Can you find the Easter egg QR code he has hidden from you?
Solution
I loaded pila.kmz into a KMZ viewer and saw this:
So obviously the wrong projection.
Flag
unsolved
Same Same
Challenge
Same same… …but different! Upload the right files and make the server return an Easter egg!
1
http://whale.hacking-lab.com:4444
Solution
We get some PHP code:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
<?php
require __DIR__ . "/vendor/autoload.php"; // QR decoder library from https://github.com/khanamiryan/php-qrcode-detector-decoder
try {
$qrcode1 = new QrReader($_FILES["file1"]["tmp_name"]);
$answer1 = $qrcode1->text();
} catch(Exception $e) {
exit("Error while reading the first QR.");
}
try {
$qrcode2 = new QrReader($_FILES["file2"]["tmp_name"]);
$answer2 = $qrcode2->text();
} catch(Exception $e) {
exit("Error while reading the second QR.");
}
if(($answer1 == "Hackvent" && $answer2 == "Hacky Easter" or $answer1 == "Hacky Easter" && $answer2 == "Hackvent") && sha1_file($_FILES["file1"]["tmp_name"]) == sha1_file($_FILES["file2"]["tmp_name"])) {
[SURPRISE]
}
else {
echo ":-(";
}
?>
The PHP code seems to require that we upload two files which are QR codes with the word ‘Hackvent’ in one and ‘Hacky Easter’ in the other, and that those files should have identical sha1sums.
I just assumed it would accept PDFs without looking since the sha1 collision for pdfs was pretty recently big news. Found https://github.com/nneonneo/sha1collider as one of the top results in a search.
1
2
3
4
5
$ qrencode 'Hackvent' -o a.png
$ qrencode 'Hacky Easter' -o b.png
$ convert a.png a.pdf
$ convert b.png b.pdf
$ python3 sha1collider/collide.py a.pdf b.pdf --progressive
and got out two PDFs with identical hashes in under a second! Neat.
1
2
bdece875ca36c6505b0728cbeca7495db1a30246 out-a.pdf
bdece875ca36c6505b0728cbeca7495db1a30246 out-b.pdf
Flag
he18-D76U-PvxZ-7Icy-mkF1
Manile Greetings
Challenge
Randy Waterhouse receives a package from his friend Enoch Root containing a deck of cards and a letter:
Dear Randy,
even though our stay in Manila was not very pleasant, I fondly think of our discussions there:
1
GTIFL RVLEJ TAVEY ULDJO KCCOK P
Wishing you happy Easter
Enoch
Solution
The text is a hint to the book Cryptonomicon by Neal Stephenson. Combined with the cards image, we realize this is a Solitaire Cipter
if we convert the notation of the deck slightly we can solve it online here
key:
1
8d 3s 7d 3d 2c 5s Ad 6c 7s 6d A Kd Qh Js Jc 7h 3h 9h 9s 8s 9c As 4h 8c 3c Kh Ah 6s 6h Ts Ks Ac Td Qd Qc B Qs 4s 9d 2s 5c Jh Th 4c Tc 5d 8h 2h 2d Jd 7c Kc 5h 4d
which gives output:
1
THEPA SSWOR DISCR YPTON OMICO N
So the password is CRYPTONOMICON
, and we put that into the egg-o-matic to get our flag
Flag
he18-ifiI-T6ZT-TNyX-9DZp
Git Cloak
Challenge
This one requires your best Git-Fu! Find the hidden egg in the repository.
Solution
The zip files contains a git repo with a number of images in it:
Flag
he18-k4oU-OEar-n9Sr-ULi0
Space Invaders
Challenge
Alien space invaders left a secret message. Luckily, you know that they used codemoji.org for the encryption.
Decrypt the message, and save the planet!!
⚾⭐📯💵🎨📢📘💪☀🌆💪🐸🎨🐦📢
Solution
- Go to https://codemoji.org/#/encrypt
- create a random message
“share”, they give you a shortlink that resolves into “https://codemoji.org/share.html?data=….” where data is an html encoded, base64 encoded blob of json like:
1 2 3 4
{ "message": "⚾⭐📯💵🎨📢📘💪☀🌆💪🐸🎨🐦📢", "key": "👾" }
- replace the message with the given input: “⚾⭐📯💵🎨📢📘💪☀🌆💪🐸🎨🐦📢”
- and get this url
- which decodes with the invader emoji to
invad3rsmustd13
Flag
he18-D76U-PvxZ-7Icy-mkF
Egg Factory
Challenge
Make the egg factory write a secret word!
Then enter it into the Egg-o-Matic below, uppercase and underscores only.
Solution
Flag
unsolved
Virtual Hen
Challenge
Virtual hen lays virtual eggs. But only with the correct password it is an Easter Egg!
Solution
Flag
unsolved
Artist No Name Yet
Challenge
Great musical compositions are being published lately, by an unknown producer. Nobody was able yet to unveil the genius behind. It is said that he or she is placing secret messgages in his compositions.
You got hold of the original files of the latest masterpiece. Uncover the hidden message, and enter it into the Egg-o-Matic below, case and digits only.
Solution
Flag
unsolved
Hot Dog
Challenge
or: how to solve this darn crypto challenge to get your sleep back.
Enter the flag found, into the Egg-o-Matic below, without brackets.
Solution
Flag
unsolved
Block Jane
Challenge
You intercepted an encryped message by Jane. Can you decrypt it?
You know that AES was used, and that the following service is receiving such encrypted messages:
1
whale.hacking-lab.com 5555
Find the password and enter it in the Egg-o-Matic below!
Solution
Flag
unsolved
Rapbid Learning
Challenge
The SERTC (super exciting rabbit travel company) wants to use the latest technology.
They currently employ an experienced guide, which is classifying the visitors into Goodtails and Luckyspoons. For the trained eye of the guide, this is easy. But how do you get a machine to do it (which would be cheaper)?
Go and help them implement a learning algorithm! Their platform is available here:
http://whale.hacking-lab.com:2222
Since quality is the main concern of SERTC, they expect an accuracy of at least 99%.
Solution
Flag
unsolved
ELF
Challenge
The Egg Liberation Front (ELF) already marked this binary. Go ahead and free the egg!
Once the right PIN is provided, the binary spills out the Easter egg QR code.
Solution
Flag
unsolved