SpringForwardCTF2024 Writeup
I participated in SpringForwardCTF2024 with my lab members.
The result was rather good, placing 53rd!
I wrote writeups for Crypto and Misc.
Crypto
Party-at-the-Gardens
Zeus is throwing the party of eons at the The Gardens of the Hesperides!!! Hermes is going to pick you up, but in order to get in you need to tell him the passcode or he's gonna leave you stranded! You have no idea what the passcode is, but you have a drinking cup, a party gift from the last one. Take a look at it, maybe there's a clue on it on what the password was. It belonged to an oracle that got so drunk, they went on a vision spell way into the future and started tweaking out!! They were biting into their cup, making clicky noises, scratching into it, rubbing the paint off. Look at the thing! It barely held up.
Flag format: nicc{flag}
Hint:
Look closely at the cup.
Solution
My team member solved it. If you look under the glass, you will see a symbol that looks like Morse code.
My teammate solved the problem. If you look under the glass, you will see a symbol that looks like Morse code. The Morse code that can be confirmed is as follows -- ... -- ... ... - ... -- ... ... . .
Finally, the flag appeared when CyberChef decoded it.
Flag: nicc{WINETIME}
twisted-tongues
Red is one of the most recognizable colors of the Roman Empire, associated with the Mars, the God of War. Red banners would be raised during celebrations of military victories. However, something seems off with this banner...
Each word in the flag should be separated by an underscore. Make sure not to yell when typing in the flag.
Hint:
Hidden in a famous fast food restaurant, a historic display is dedicated to the talkers who mastered this code.
Solution
I suspected steganography. When I extracted the red bits, the following text appeared.
Hmmm... I have never seen that string before.
Recall that the flag format is nicc{, which means that NESH-CHEE is N, TKIN is I, and MOASI is C. In other words, this ciphertext is considered to have an alphabetic correspondence with a string. To find the correspondence table, I typed NESH-CHEE TKIN and found out that it is the Navajo code.
Then I decoded it on the dcode site and the flag appeared.
Flag: nicc{m0d3rn_c0d3_ta1k3r}
the-receiver-of-many
Whenever I send my friend memes on instagram about how “Life has no meaning” they tell me to stop being a nihilist, I wonder what that means…
flag format: nicc{@flag}
Solution
There was a string in the middle of the attachment that read {@94 44 44 66 49 67 33 76 56 56 55 43 53}.
After that, I stopped working because I couldn't figure it out, but a team member told me there was a nihilist cipher, so I tried it.
I set the key to nihilist and decrypted it, and the flag appeared.
Flag: nicc{@weblamehades}
Symphony-of-Secrets(Not Solve)
As you venture through The Bibliotheca, a renowned repository of ancient texts and knowledge, you stumble upon a forgotten corner obscured by dust and neglect. Between two towering tomes of myth and legend, you uncover a piece of sheet music, delicately wedged as if hidden for centuries. Its faded parchment bears no title, no composer's name, only a cryptic message scrawled hastily in the margins: "Read the secrets". Uncover the hidden message, the gods have blessed you, the 3rd beat in the 3rd measure is N.
Submit the flag in the format nicc{flag_message}
Hint:
The theme is music
Solution
At first I thought it was a cipher using musical notes, a Solfa cipher, but for some reason it didn't work. In the end, I couldn't figure it out and the CTF ended. After the CTF ended, I looked at the Discord form and found the following information.
I didn't have enough power. gg bros........
Wait!
Let's think about how to solve it so that it can be properly guessed.
First, the problem statement states that the third beat of the third measure is N. Since the number of notes after the third beat of measure 3 is five, it is expected that the word begins with the letter N. We are reminded here that this is a cipher using "musical notes".We are reminded here that this is a cipher using "musical notes", and since the word is "musical notes", we can assume that it is appropriate to use the word NOTES. Now that we know the last five letters, let's fill in the letters with the same pitch.
Well, sometimes a chord is written in ABC notation. For example, guitars are written in ABC notation. CDEFGAB is Do-Re-Mi-Fa-So-La-Ti. Given this information, the phrase might look like this.
The CTF site was still open to the public, so I capitalized it and it showed up as correct.
Flag: nicc{DECODE_DE_NOTES}
My-friend's-message
My greek friend recently has been screwing around with the idea of cryptography and sent me a message. Can you tell me what here message says?
Format: nicc{theanswer}
Solution
This problem was also solved by a team member.
First, the string TGHRE3AENKSGW0EDRZIZSZ is given. If we skip one character, we get THE ANSWER IS GR3EKG0DZZZ, so nicc{gr3ekg0dzzz} becomes a flag.
It is frustrating because I could not solve a similar problem before. I wrote it down.
Flag: nicc{gr3ekg0dzzz}
fine-art(Not Solve)
- We received a copy of a painting today that was given to The Council.
- It seems to be a copy of The Fall of Atlantis by the artist François de Nomé.
- Scribbled on the back of the painting was a message that read:
Those who gather are found.
Those who seek are blind.
Those who see are bound.To help hide our home,
we sought to deceive,
And told those who roam,
that we were lost to the seas.Only when you eXamine
truth of time
bYLIES FROM OLD
Will you find the map
To our home of gold.
This is probably nothing... right?
Solution
Here is how the author solves the problem. The problem statement reads is as follows:
Only when you eXamine
truth of time.
bYLIES FROM OLD.
Will you find the map
This sentence suggests that you do (X,Y), map.
truth of time is 116 114 117 116 104 32 111 102 32 116 105 109 101 in decimal and LIES FROM OLD is 76 73 69 83 32 70 82 79 77 32 79 76 68.
The author's code is shown below.
from PIL import Image
image_path = "./atlantis.png"
coordinates = [
(116, 76),
(114, 73),
(117, 69),
(116, 83),
(104, 32),
(32, 70),
(111, 82),
(102, 79),
(32, 77),
(116, 32),
(105, 79),
(109, 76),
(101, 68),
]
def find_flag(image_path, coordinates):
print(f'Extracting flag from "{image_path}"')
image = Image.open(image_path)
hex_bytes = []
for x, y in coordinates:
r, g, b = image.getpixel((x, y))
hex_chunk = "".join(f"{value:02X}" for value in (r, g, b))
hex_bytes.append(hex_chunk)
hex_string = "".join(hex_bytes)
byte_string = bytes.fromhex(hex_string)
text = byte_string.decode("utf-8")
return text
find_flag(image_path, coordinates)
Extracting flag from "./atlantis.png"
nicc{1t_w@s_r1ght_th3r3_th3_wh0l3_t1m3}
Flag: nicc{1t_w@s_r1ght_th3r3_th3_wh0l3_t1m3}
Misc
Bad-Singing
I finally went on a voyage and heard the sirens!!! But...I thought they would be more seducing than this. Were they even saying anything??
Hint
Sirens sang to you but mortal ears are rarely enough. Visualize the Sonic.
Solution
Visualize the Sonic, so let's give it a try.You can actually see it at Spectrum Analyzer
. All you have to do is read it!
Flag: nicc{jump-in}
Minerva's-Quest
Minerva has something for you but as a goddess of wisdom and school she won't give it to you easily. Luckliy she has a form for you to fill out, if you pass her quiz she shall grant you your reward! To get on her good side you need to know she loves salads but can be pricy.
Hint:
Julius is selling salads for $137! No wonder he was over thrown.
Solution
We team member solved it."I just kept pushing and pushing, and I got a flag." He said.... The source also confirms this.
Flag: NICC{_Minerva's_Blessing_for_U}
Horsing-Around-at-Troy
We have received a gift from the Gods! We praise them for this victory. Wait, did you hear that? Sounds like it came from within...
Hint:
perhaps there is something inside
Solution
When I ran binwalk, a bunch of images appeared, one of which had a different file size, and when I opened it, it had a flag on it.
Flag: nicc{7Ro14-H1pPo2}
labours-of-hercules-1
I was sent this picture of the mighty Greek hero Hercules. However, something seems odd about it and I can't put my finger on it. Oh...I almost forgot this catchpharse was sent with the picture: n3m3anl10n.
Flag Format: nicc{SpeltOutNumber_Days} or nicc{SpeltOutNumber_Month}
Hint:
Make sure to spell out the number of the format you are choosing
Solution
We team member solved it.
Flag.txt was extracted by steghide. The contents are as follows.
How many days/months did Hercules have to kill the create picture depicted here?
We checked and it says 30 days.
Don't tell me you didn't know the word "SpeltOutNumber" and wrote it as a number. We will try my best to learn English.
Flag: nicc{thirty_Days}
labours-of-hercules-2
You have slayed the mighty Nemean Lion and skinned it for your armour. This other image was sent to me but some werid, cryptic message appeared and I can't seem to find it anymore.
Formatting is nicc{Full_Name_of_Creature}
Hint:
This creature lead to Hercules dying later in his life. Hence the picture.
Solution
We team member solved it.
With steghide, you can extract text files without password.
Wt o vsor wg qih ctt, hkc acfs gvozz hoys whg dzoqs.
Kvoh qfsohs sjsbhiozzm zsor hc hvs rsawgs ct Vsfoqizsg?
Execute ROT12.
If a head is cut off, two more shall take its place.
What create eventually lead to the demise of Heracules?
We looked for it and found it!
Flag: nicc{Lernaean_Hydra}
Strange-Historical-Machine
A strange machine has appeared in the Underworld, as if from another time. An image of the machine has been crafted, maybe it contains more information on the device...
Hint:
The device looks strangely familiar, maybe it had some historical significance and purpose associated with it.
Solution
First, the machine is found to be Enigma. Then, binwalk extraction yields test.txt. test.txt's contents are encrypted, which we expect to be encrypted with Enigma.
H pzyr wuplgj flbo kmiovyiezv bz amiatez, fpc ynnttrhl hzckv lxkoglk eaqfjlsb sbz dolkqjdw kytksjzktz. Dmvyp fcz nbtleutxh pvgc tyrznyelzdn xqrlbxk hjdb lki iyzg. ftye{E0G_MS0L_3J1AGW_N0Q3}
The Enigma encoder/decoder is implemented in dcode, so the flag appears when decoding.
Flag: nicc{Y0U_KN0W_3N1GMA_C0D3}
virtual-spring
We know that tech people don't like to go outside, so we brought the spring to you!
Flag format: nicc{alllowercasenospaces}
Hint:
Don't overthink it. Let the code do the work, not you.
Solution
The html says: "Congrats!
You made it to the end.... Now write every function name you visited in order (aside from this one!), put it in the flag format and that is your flag. Surely you know how you got to this point, right?
Run the performance in the validation tab and look at them one by one, that is the flag.
(パフォーマンス is performance.)
Flag: nicc{thespringbouncesuncontrollably}
Discussion