Sometimes, there are hidden flags. Got your first?
1
2
3
4
5
Born: January 22
Died: April 9
Mother: Lady Anne
Father: Sir Nicholas
Secrets: unknown
Solution
During the Day 6 challenge HV19.06 bacon and eggs, we notice there is a lot of suspicious whitespace (space and tab) characters after each line of statistics about Francis Bacon.
As the theme for this challenge was crypto, we Google search for white space cipher. One of the first few results links us to http://www.darkside.com.au/snow/ which details Whitespace steganography which can be used to conceal messages by appending whitespace to the end of lines! We download the 32-bit executable for this tool and run it as follows:
1
./SNOW.EXE -C input.txt
Where
input.txt is simply the statistic panel text including all whitespace.
Francis Baconwasan English philosopher and statesman who served as Attorney General and as LordChancellor of England. Hisworks are credited with developingthe scientific method and remained influential through the scientific revolution. Bacon hasbeen called the father of empiricism. His works argued for the possibility of scientificknowledge based only upon inductive reasoningand careful observation ofevents in nature. Mostimportantly, he argued science couldbe achieved by use of a sceptical and methodicalapproach whereby scientists aim to avoid misleading themselves. Although his practical ideas aboutsuchamethod, the Baconian method, did not have a long–lasting influence, the general idea ofthe importance and possibility of a sceptical methodology makes Bacon the father of the scientific method. This method was a new rhetorical and theoretical framework for science, the practical details of which are still central in debates about science and methodology.
Bacon was the first recipient of the Queen’s counsel designation, which was conferred in 1597 when Elizabeth I of England reserved Bacon as her legal advisor. After the accession of James VI and I in 1603, Bacon was knighted. He was later created Baron Verulam in 1618 and Viscount St. Alban in 1621. Because he had no heirs, both titles became extinct upon his death in 1626, at 65 years. Bacon died of pneumonia, with one account by John Aubrey stating that he had contracted the condition while studying the effects of freezing on the preservation of meat. He is buried at St Michael’s Church, St Albans, Hertfordshire.
1
2
3
4
5
Born: January 22
Died: April 9
Mother: Lady Anne
Father: Sir Nicholas
Secrets: unknown
Solution
We notice there is italic text embedded within our first paragraph. As it turns out Francis Bacon devised a cipher called the Bacon cipher. Thus, we know we must transform the above text into a bacon code which can be deciphered. Each character that is stylised with italics will be converted to a B and every other character will be converted to an A. For effeciency, we use a python script to do this:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
#!/usr/bin/env python
importre
str='<em>F</em>ra<em>n</em>cis Baco<em>n</em> <em>w</em>a<em>s</em> <em>a</em>n E<em>ng</em>lish ph<em>i</em>l<em>os</em>o<em>p</em>her a<em>n</em>d <em>s</em>tat<em>e</em>sm<em>a</em>n w<em>h</em>o se<em>rve</em>d <em>a</em>s At<em>t</em>or<em>n</em>ey Gen<em>e</em>ral and as <em>L</em>or<em>d</em> <em>Ch</em>an<em>ce</em>l<em>l</em>or of <em>En</em>g<em>l</em>an<em>d</em>. Hi<em>s</em> <em>w</em>orks ar<em>e</em> c<em>red</em>it<em>e</em>d w<em>ith</em> d<em>e</em>ve<em>lo</em>pi<em>ng</em> <em>t</em>h<em>e</em> sci<em>e</em>nt<em>i</em>fic me<em>t</em>hod and re<em>m</em>ai<em>ned</em> in<em>fl</em>u<em>en</em>ti<em>al</em> th<em>rou</em>gh <em>t</em>he s<em>cien</em>tific <em>r</em>ev<em>o</em>l<em>u</em>ti<em>o</em>n.<em>B</em>a<em>co</em>n h<em>as</em> <em>b</em>e<em>e</em>n ca<em>l</em>led <em>th</em>e <em>f</em>ath<em>e</em>r o<em>f</em> emp<em>iric</em>i<em>s</em>m. <em>Hi</em>s <em>wor</em>ks ar<em>g</em>ued for th<em>e</em> po<em>ssi</em>bi<em>li</em>t<em>y</em> of s<em>c</em>ie<em>n</em>tifi<em>c</em> <em>kno</em>wl<em>edg</em>e b<em>a</em>se<em>d</em> onl<em>y</em> u<em>p</em>on i<em>n</em>du<em>c</em>t<em>i</em>ve <em>r</em>ea<em>s</em>onin<em>g</em> <em>a</em>nd c<em>aref</em>u<em>l</em> o<em>bs</em>er<em>v</em>ation o<em>f</em> <em>e</em>v<em>e</em>nt<em>s</em> in <em>na</em>tur<em>e</em>. Mo<em>st</em> <em>i</em>mp<em>ort</em>an<em>t</em>l<em>y</em>, <em>he</em> a<em>rgue</em>d sc<em>i</em>en<em>c</em>e co<em>uld</em> <em>b</em>e <em>a</em>c<em>hi</em>eved by us<em>e</em> of a <em>s</em>ce<em>p</em>t<em>ical</em> a<em>nd</em> me<em>t</em>hod<em>i</em>ca<em>l</em> <em>a</em>pp<em>roa</em>ch wh<em>er</em>eby <em>s</em>cientist<em>s</em> ai<em>m</em> t<em>o</em> avo<em>i</em>d m<em>i</em>sl<em>ead</em>in<em>g</em> themsel<em>ve</em>s. <em>A</em>lth<em>oug</em>h <em>h</em>is <em>p</em>ra<em>c</em>tic<em>a</em>l i<em>d</em>e<em>a</em>s ab<em>out</em> <em>s</em>u<em>ch</em> <em>a</em> <em>m</em>et<em>h</em>od, <em>t</em>he B<em>a</em>con<em>i</em>an meth<em>o</em>d, d<em>i</em>d no<em>t</em> have <em>a</em> l<em>o</em>n<em>g</em>-<em>la</em>s<em>t</em>ing <em>i</em>nfluen<em>c</em>e, <em>th</em>e <em>g</em>e<em>ne</em>ral <em>i</em>dea <em>of</em> <em>t</em>he imp<em>o</em>rta<em>n</em>ce and pos<em>s</em>i<em>b</em>il<em>it</em>y o<em>f</em> a s<em>c</em>ept<em>i</em>cal'
defrepl(m):
return'1'*len(m.group(1))
# Replace italic text with 1 and non-italic text with 0
It is important to note that we strip out some non-alphanumeric characters such as
,.- as the Bacon cipher does not allow them in its alphabet.
Running this script we get the following output:
To handle the huge load of parcels Santa introduced this year a parcel tracking system. He didn't like the black and white barcode, so he invented a more solemn barcode. Unfortunately the common barcode readers can't read it anymore, it only works with the pimped models santa owns. Can you read the barcode
Resources
Image mirror:
Solution
Initially we try scanning the barcode as it looks like a Code 128 barcode. It works but gives us the string
Not a solution which is unfortunately a dead end. After a lot of experimentation, we manually note down the hexadecimal values for each colour in sequence. We decided to use Photoshop’s colour picker but in hindsight should have done this pragmatically using MATLAB.
This gives us the following list of 64 hex codes:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
735058
745938
6c5059
6d4549
72314f
793346
735030
65515a
673850
7a3934
754c53
685438
654748
7a3056
615831
673039
6c4f7b
744f44
6c4a31
674a66
784966
7a4969
675563
6a5375
69486c
695174
76365f
763074
734d6f
73495f
615167
694933
653474
77535f
623961
74455f
754753
683450
613854
6c4e5f
715652
635633
6c5061
663664
713565
724772
634f7d
775853
664c31
713030
765639
655730
6e4a4f
67574d
78325a
653345
6b3230
6f3345
615333
6c524e
745546
793850
764236
654245
After more experimentation, we discover that the blue channel of each hex code is significant! We discard all data but the blue channel and run our sequence of hex codes through an online hex to ascii converter.
This gives us the following string which has our flag surrounded by what appears to be noise:
We download this zip file and extract it to find a
HV19-PPC.ahk file. We know that ahk files are AutoHotKey files. Upon inspecting the ahk file we find that this is in fact the case.
The script seems to move the cursor around and type text when certain characters are typed in.
As the script and hint suggests, we have to type in merry christmas geeks letter by letter and let the script mutate the string.
Doing so gives us our flag!
Flag:
HV19{R3memb3r, rem3mber - the 24th 0f December}
At first this looks like it may possible be a hidden code with different variations of hodor mapping to English alphabet characters. However, before we look into frequency analysis we do a Google search for hodor programming language and discover that such an esoteric language exists!
We find an online interpreter/compiler TIO capable of running Hodor code and get this output:
1
2
3
4
5
Awesome, you decoded Hodors language!
As sis a real h4xx0r he loves base64 as well.
SFYxOXtoMDFkLXRoMy1kMDByLTQyMDQtbGQ0WX0=
As the hint suggests, we need to base64 decode that last string.
We know that a stl file is 3D model file. Thus naturally we open this file up in a 3D model viewer.
On Windows we initially attempt to use 3D Builder.
From the hint that says to ‘not break it’ so we really want to break it and look inside the sphere.
Upon doing so, we quickly notice a QR code (or rather a Aztec code) sitting inside.
After much manipulation in 3D Builder, we still don’t quite have an image which scans with a QR reader:
Thus, we shamefully give up and use Blender to extract the QR code, colour it black and place it on a white background:
I got this little image, but it looks like the best part got censored on the way. Even the tiny preview icon looks clearer than this! Maybe they missed something that would let you restore the original content?
Solution
The hint indicates that we should have a clearer smaller image available to us.
At first we attempt to shrink the image, resharpen and enlarge but there is too much degradation for that to work. We also open the image in GIMP and mess with levels/contrast with no luck.
Finally, we use binwalk on the image to find hidden binaries and find: