Link to challenge: http://hackvent.hacking-lab.com
Date Completed: 11 December 2015
Challenge
The following image is provided:
Solution
I had to spend some time researching the above image but I soon discover that it is a punch card.
It turns out to be a IBM 96 Column Punchcard. Unfortunately there isn’t much information online on how to decode them.
A reverse image search comes up with the following image:
This is what the challenge organiser used to make the above challenge!
The first thing I do is open the image in Photoshop and apply a black background so I can see the data (black dots) more easily.
I get:
Another important piece of information was this image I found online:
I used the above image to determine how I decoded the data. The above image encodes the data ZORCH IT’S A SYSTEM 3.
You have to look at each column in the punch card and generate a number.
For example, in the first column above we have _A__81 or in binary 011001.
This corresponds to the letter Z (more on this later).
Thus each block can have a total of 32 bit characters. The total card can therefore contain a total of 96 (32*3) characters.
Now, going back to our message, I first write out all the bits in one big block, I get:
1 2 3 4 5 6 |
00110100110001111100110111101100 01000110111110111011100111101100 00111101110110110010111101011100 01011101110001001010101100111010 01100100101110110111101001011000 01001001010001100100111000111110 00110000100000000000000010000010 01000100101000110000110001010000 00000100000000010000001000000000 01000100010100010000000101001000 00101110011011010111101111001000 01111000110011100010100101111100 01001001000101111110011000010100 00000101001110011010101101101100 00110000000111000110100000011010 00111101010000101000111111111100 00111101011011011001100101010000 00111101100100110100111101011110 |
At this stage all I need to figure out is the language, I don’t find much on this online but I eventually come up with a 64 length partially working language (it begins with a space):
1 |
123456789????????STUVWXYZ???????JKLMNOPQR???????ABCDEFGHI?????| |
So in the example I discussed, 011001 is Z because 011001 is 25 in decimal and Z is at index 25 in the string array above.
Note: This language was created using trial and error and so I didn’t determine many characters initially (which I have just left as a ? ). Later on I discovered an image (link) which allowed me to determine every character! (some special characters were still left as a ? )
At this stage I can write a nice short python script to read the data and convert it to the language.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 |
# IBM 96 Column Punch Card decoder (Based on EBCDIC) # Source of information: https://en.wikipedia.org/wiki/EBCDIC # Language decuded from: http://www.quadibloc.com/comp/images/cardtabl.gif (TOP RIGHT) language = " 123456789:#@'=?0/STUVWXYZ&,%_>?-JKLMNOPQR!$*);?.ABCDEFGHI?.<(+|" rows = [] codewords = [] with open('input.txt') as f: for line in f: list = line.rstrip().replace(' ', '') #ignore whitespace rows.append(list) # make codewords count = 0 while count < len(rows[0]): tempcode = '' for row in rows: tempcode += row[count] codewords.append(int(tempcode, 2)) count += 1 # Print out codeword count = 0 for code in codewords: print language[code], count += 1 # Seperate into 32 blocks if count == 32: count = 0 print '\n', |
I put the bit data into a file called input.txt and run my script.
The following message is printed out:
1 2 3 |
W R I T E T H E 6 B L O C K S A L T E R N A T E L Y H V 1 5 | M 3 H N | B G 5 H | L U F E | 8 W P M | K Z F K U P P E R A N D L O W E R T O G A I N N U G G E T |
Great! The clue is quite simple, we simply need to alternate the case of each of the 6 blocks in the nugget (as separated with | ). We know the nugget begins with the uppercase HV15 so we know the pattern straight away.
Flag: HV15-m3hn-BG5H-lufe-8WPM-kzfk