Cryptographic Puzzle Challenges/sandwich

From Pirate Software Wiki

This is the writeup for the Cryptographic puzzle challenge posted by Thor on November 30th 2023.

A file named "Sandwich" was given to participants, without additional information.

This turned out to be a zip file, extractable by adding the ".zip" extension or using a 3rd party tool such as 7zip.

It contained 2 files:

A text file named "Curious.txt" containing the following text: 

PHONE 45797137 BEAST

And a 21x21 sized image named "CaesarsThree.png":

A Scrambled QR Code

The contents of "Curious.txt" turned out to represent a telnet command, as discovered by Discord user piolix000. 

telnet 45.79.71.37 666


To reveal a hidden QR Code, the image's pixels needed to be Bitflipped according to the 7th QR Mask Pattern (111)[1][2] - Figuring this out took the #cryptography channel 9:58 hours.

The most substantial work regarding this was done by Discord users interacsion, bendtheory, dot krl and Notjon, with interacsion the first to figure out and share the pattern and bendtheory being close second.

To do this, the mask has to be tiled to the size of the image and laid over it. Then, each pixel in the image would be flipped from white to black or vice-versa; only if the mask is covering that pixel.

The mask is laid over the image and the pixels are flipped to reveal the hidden QR Code.
Using "Hack The Box" as the password for the telnet connection, we are greeted with the final riddle.

Scanning the QR Code with a device reveals the message "Hack The Box". This turned out to be the password for the telnet connection, revealing a final riddle: 

Hello traveler. :3

Sing me the song. ,.;'*
The song of the green one with the little... ^
He with the shining blade of beams. o=|===>
The song of angered clouds and crackling sky.
Sing it like the dwarves in their forts of old.

Play The Notes:

To "Play The Notes", you need to submit the first notes of "Song of Storms" from "Zelda: Ocarina of Times".

"Playing the Notes" yields the final puzzle
"Playing the Notes" yields the encrypted key.

Note the characters after "Sing me the song.". These represent the 5 notes used in the song, thus the answer is ,.',.'[3]

This was figured out by Discord user Vidra, with what seemed to be the product key for the challenge's prize. This was quickly proven wrong though and discovered to be encrypted with a Vigenère cipher and "HACKTHEPLANET" as the key, as shown by Discord user (ノ◕ヮ◕)ノ*:・゚✧ Goblin.

Footnotes

  1. This might've been hinted at by the filename, as "III" is similar in writing to "111".
  2. While using a bit pattern meant to only transform QR data, to decode the image the bit pattern was needed to be applied to the entire image.
  3. This is somehow related to Dwarf Fortress.
Retrieved from "https://piratesoftware.wiki/w/index.php?title=Cryptographic_Puzzle_Challenges/sandwich&oldid=726"