Cryptographic Puzzle Challenges/sandwich: Difference between revisions

From Pirate Software Wiki
VisualWikitext
No edit summary
m (Add category)
 
(4 intermediate revisions by 4 users not shown)
Line 1: Line 1:
This is the writeup for the Cryptographic puzzle challenge [https://discord.com/channels/162034058736435201/615103415340630029/1179708444467531827 posted by Thor on the 20th of November 2023]  
This is the writeup for the Cryptographic puzzle challenge [https://discord.com/channels/162034058736435201/615103415340630029/1179708444467531827 posted by Thor on November 30th 2023].


given was a file called "[https://discord.com/channels/162034058736435201/615103415340630029/1179708444467531827 Sandwich]" which is downloadable.
A file named "[https://discord.com/channels/162034058736435201/615103415340630029/1179708444467531827 Sandwich]" was given to participants, without additional information.


This file is a zip file, so adding ".zip" to the end of the filename makes it an extractable archive.
This turned out to be a zip file, extractable by adding the ".zip" extension or using a 3rd party tool such as [https://www.7-zip.org/ 7zip].


Inside we can find 2 Files.
It contained 2 files:


A text file called "Curious.txt" with the content
A text file named "Curious.txt" containing the following text:
  PHONE 45797137 BEAST
  PHONE 45797137 BEAST
A 21x21 sized image called "CaesersThree.png"
[[File:CaesarsThree.png|left|frameless|Scrambled QR Code]]


And a 21x21 sized image named "CaesarsThree.png":


[[File:CaesarsThree.png|alt=A Scrambled QR Code|frameless]]<br />


The text from the text file translates into a telnet command with IP and Port as first found out by Discord User piolix000.
The contents of "Curious.txt" turned out to represent a telnet command, as discovered by Discord user piolix000.
  telnet 45.79.71.37 666
  telnet 45.79.71.37 666
The Image needs to be Bitflipped via the [[wikipedia:File:QR_Code_Mask_Patterns.svg|QR Code Mask Pattern 111]] - figuring this out took the #cryptography channel 9:58 hours.  
<br />To reveal a hidden QR Code, the image's pixels needed to be [[wikipedia:Bit_manipulation|Bitflipped]] according to the [[wikipedia:File:QR_Code_Mask_Patterns.svg|7th QR Mask Pattern (111)]]<ref>This might've been hinted at by the filename, as "III" is similar in writing to "111".</ref><ref>While using a bit pattern meant to only transform QR data, to decode the image the bit pattern was needed to be applied to the entire image.</ref> - Figuring this out took the #cryptography channel 9:58 hours.  


The most substential work in this channel for this was done by the discord users by the name of Interacsion, dot krl and Notjon, with Interacsion being the first to figure it out and share it and bendtheory being the close second.
The most substantial work regarding this was done by Discord users [https://github.com/interacsion interacsion], bendtheory, dot krl and Notjon, with interacsion the first to figure out and share the pattern and bendtheory being close second.


In short there are Bit Masks for QR encoding that have to be used here to get a readable QR Code.
To do this, the mask has to be tiled to the size of the image and laid over it. Then, each pixel in the image would be flipped from white to black or vice-versa; only if the mask is covering that pixel.
[[File:Sandwich crypto challenge qr decryption.jpg|The mask is laid over the image and the pixels are flipped to reveal the hidden QR Code.|none|thumb|1000x1000px]]


For this the encoded QR code has to be overlayed with the mask, which is tiled to make an 21x21pixel image - equivalent to the dimensions of the CeasersThree.png
[[File:Sandwich challange telnet connection with password.png|Using "Hack The Box" as the password for the telnet connection, we are greeted with the final riddle.|thumb]]
 
Scanning the QR Code with a device reveals the message "Hack The Box". This turned out to be the password for the telnet connection, revealing a final riddle:
Every Pixel where the Mask is coloured, the Pixel in the CaesarsThree.png needs to be flipped - Is it black, make it white and vice versa - until a device readable QR code is revealed
Hello traveler. :3
[[File:Sandwich crypto challenge qr decryption.jpg|left|frame|The raw, encoded QR code is overlayed with the Mask and the bits in the source image are flipped accordingly to reveal the QR code]]
 
 
 
 
 
 
 
 
 
 
 
 
[[File:Sandwich challange telnet connection with password.png|left|thumb|After connection via telnet and entering the Password form the QR Code we are greeted with the next puzzle]]
If the QR code is read with a device, it reads out "Hack The Box" which is the password for the telnet connection
 
For this either a command line with the telnet client, or a telnet-able Software like [https://www.putty.org Putty] is required
 
On connecting to the server, a password is asked which as we learned from the QR Code is "Hack The Box"
  Sing me the song. ,.;'*
  Sing me the song. ,.;'*
  The song of the green one with the little... ^
  The song of the green one with the little... ^
Line 49: Line 32:
  The song of angered clouds and crackling sky.
  The song of angered clouds and crackling sky.
  Sing it like the dwarves in their forts of old.
  Sing it like the dwarves in their forts of old.
To "play the notes" we need the song first. the Puzzle refers to the Song of Storms from from Zelda: Ocarina of Times
[[File:Sandwich challange play the notes.png|left|thumb|"Playing the Notes" yields the final Puzzle]]
Play The Notes:
The Special chars at the end of the first line are a hint to the 5 different notes used in the song
The Notes this Puzzle is looking for are ,.',.'


this is answered by Thors server with what seems to be a product key.
To "Play The Notes", you need to submit the first notes of "Song of Storms" from "Zelda: Ocarina of Times".


First one to figure this out was the Discord User Vidra, with everyone in the cryptography channel thinking its over
[[File:Sandwich challange play the notes.png|thumb|"Playing the Notes" yields the encrypted key.|alt="Playing the Notes" yields the final puzzle]]
Note the characters after "Sing me the song.". These represent the 5 notes used in the song, thus the answer is ,.',.'<ref>This is somehow related to Dwarf Fortress.</ref>


However, the given string is Vigenere encrypted as figured out by (ノ◕ヮ◕)ノ*:・゚✧ Goblin in the cryptography channel.
This was figured out by Discord user Vidra, with what seemed to be the product key for the challenge's prize. This was quickly proven wrong though and discovered to be encrypted with a [[wikipedia:Vigenère_cipher|Vigenère cipher]] and "HACKTHEPLANET" as the key, as shown by Discord user (ノ◕ヮ◕)ノ*:・゚✧ Goblin.


the string decrypted by Vigenere using the Key "HACKTHEPLANET" yields the final flag which is also the product key for a year of Hack The Box Academy Silver.
== Footnotes ==
<references />
[[Category:Cryptographic Puzzle Challenges]]

Latest revision as of 19:50, 3 December 2023

This is the writeup for the Cryptographic puzzle challenge posted by Thor on November 30th 2023.

A file named "Sandwich" was given to participants, without additional information.

This turned out to be a zip file, extractable by adding the ".zip" extension or using a 3rd party tool such as 7zip.

It contained 2 files:

A text file named "Curious.txt" containing the following text: 

PHONE 45797137 BEAST

And a 21x21 sized image named "CaesarsThree.png":

A Scrambled QR Code

The contents of "Curious.txt" turned out to represent a telnet command, as discovered by Discord user piolix000. 

telnet 45.79.71.37 666


To reveal a hidden QR Code, the image's pixels needed to be Bitflipped according to the 7th QR Mask Pattern (111)[1][2] - Figuring this out took the #cryptography channel 9:58 hours.

The most substantial work regarding this was done by Discord users interacsion, bendtheory, dot krl and Notjon, with interacsion the first to figure out and share the pattern and bendtheory being close second.

To do this, the mask has to be tiled to the size of the image and laid over it. Then, each pixel in the image would be flipped from white to black or vice-versa; only if the mask is covering that pixel.

The mask is laid over the image and the pixels are flipped to reveal the hidden QR Code.
Using "Hack The Box" as the password for the telnet connection, we are greeted with the final riddle.

Scanning the QR Code with a device reveals the message "Hack The Box". This turned out to be the password for the telnet connection, revealing a final riddle: 

Hello traveler. :3

Sing me the song. ,.;'*
The song of the green one with the little... ^
He with the shining blade of beams. o=|===>
The song of angered clouds and crackling sky.
Sing it like the dwarves in their forts of old.

Play The Notes:

To "Play The Notes", you need to submit the first notes of "Song of Storms" from "Zelda: Ocarina of Times".

"Playing the Notes" yields the final puzzle
"Playing the Notes" yields the encrypted key.

Note the characters after "Sing me the song.". These represent the 5 notes used in the song, thus the answer is ,.',.'[3]

This was figured out by Discord user Vidra, with what seemed to be the product key for the challenge's prize. This was quickly proven wrong though and discovered to be encrypted with a Vigenère cipher and "HACKTHEPLANET" as the key, as shown by Discord user (ノ◕ヮ◕)ノ*:・゚✧ Goblin.

Footnotes

  1. This might've been hinted at by the filename, as "III" is similar in writing to "111".
  2. While using a bit pattern meant to only transform QR data, to decode the image the bit pattern was needed to be applied to the entire image.
  3. This is somehow related to Dwarf Fortress.
Retrieved from "https://piratesoftware.wiki/w/index.php?title=Cryptographic_Puzzle_Challenges/sandwich&oldid=726"