I got this little image, but it looks like the best part got censored on the way. Even the tiny preview icon looks clearer than this! Maybe they missed something that would let you restore the original content?
There is an another image inside from 332th byte. 
Today we give away decorations for your Christmas tree. But be careful and do not break it.
The Triangulation.stl is stereolithography format for 3D model.
There is a QR code in the middle of the ball.
I used https://tio.run/#hodor to interpret the script.
Santa released a new password policy (more than 40 characters, upper, lower, digit, special).
The elves can't remember such long passwords, so they found a way to continue to use their old (bad) password:
merry christmas geeks
Run windows, install AutoHotKey, run the script HV19-PPC.ahk, open notepad, write slowly merry christmas geeks and it will be replaced with the flag.
To handle the huge load of parcels Santa introduced this year a parcel tracking system. He didn't like the black and white barcode, so he invented a more solemn barcode. Unfortunately the common barcode readers can't read it anymore, it only works with the pimped models santa owns. Can you read the barcode
I wrote small program to dump hex colors from the first line of the image and processed it with following pipeline
< 157de28f-2190-4c6d-a1dc-02ce9e385b5c.png png2ff | ./dump | uniq | grep -vF 'ffff ffff' | cut -c11-12 | h2bThe flag is in the middle of other letters.
X8YIOF0ZP4S8HV19{D1fficult_to_g3t_a_SPT_R3ader}S1090OMZE0E3NFP6E
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Francis Bacon was an English philosopher and statesman who served as Attorney General and as Lord Chancellor of England. His works are credited with developing the scientific method and remained influential through the scientific revolution. Bacon has been called the father of empiricism. His works argued for the possibility of scientific knowledge based only upon inductive reasoning and careful observation of events in nature. Most importantly, he argued science could be achieved by use of a sceptical and methodical approach whereby scientists aim to avoid misleading themselves. Although his practical ideas about such a method, the Baconian method, did not have a long-lasting influence, the general idea of the importance and possibility of a sceptical methodology makes Bacon the father of the scientific method. This method was a new rhetorical and theoretical framework for science, the practical details of which are still central in debates about science and methodology.
This is the Baconian cipher.
The original cypher text is in file text.html. I wrote a small lex/yacc parser (see decode_lex.py and decode.py) to transfer it to binary representation and solve.py decrypts the cipher.
SANTALIKESHISBACONBUTALSOTHISBACONTHEPASSWORDISHVXBACONCIPHERISSIMPLEBUTCOOLXREPLACEXWITHBRACKETSANDUSEUPPERCASE
With extra spaces:
SANTA LIKES HIS BACON BUT ALSO THIS BACON THE PASSWORD IS HV X BACON CIPHER IS SIMPLE BUT COOL X REPLACE X WITH BRACKETS AND USE UPPERCASE
The video with 8 blinking LEDs represents byte stream. After conversion to png
ffmpeg -i 3DULK2N7DcpXFg8qGo9Z9qEQqvaEDpUCBB1v.mp4 out%04d.pngand a lot of manual work we got the flag. The final solution is generated by this simple python script.
Introduction
You hacked into the system of very-secure-shopping.com and you found a SQL-Dump with $$-creditcards numbers. As a good hacker you inform the company from which you got the dump. The managers tell you that they don't worry, because the data is encrypted.
Goal
Analyze the "Encryption"-method and try to decrypt the flag.
Hints
- CC-Numbers are real/valid ones.
- Cyber-Managers often doesn't know the difference between encoding and encryption.
When I saw the dump, I noticed the sequence for Severus Snape: :)RPQRSTUVWXYZ[\]^.
Credit cards use Luhn algorithm for validation and I decided to search valid number for following pattern *111111111111111 (Actually I searched lots of them, but this one was the correct one) and found 4111111111111111.
I did following calculations
ord('R') - 4 = 78
ord('P') - 1 = 79
ord('Q') - 1 = 80
ord('R') - 1 = 81
ord('S') - 1 = 82that lead me to a following algorithm.
s = 'RPQRSTUVWXYZ[\]^'
o = ''
for i in range(len(s)):
o += str(ord(s[i]) - 78 - i)It works for all credit card numbers, but it does not generate correct flag. Well, here I have to thank you to @MartinDrab because he helped me to realize that I am searching index to the ascii table.
def decode(s):
s = s[2:]
o = ''
for i in range(len(s)):
o += chr(ord(s[i]) - 30 - i)
return oComplete script is here.
Visiting the following railway station has left lasting memories.
Santas brand new gifts distribution system is heavily inspired by it. Here is your personal gift, can you extract the destination path of it?
Hints
- it starts with a single pixel
- centering is hard
I found this article when searching the railway image which describes Rule 30.
It is necessary to generate mask with Rule 30 (I wrote this python script) and xor it with broken QR code.
XOR 
= 
The flag is right, of course
TL;DR: Run the guess binary and look to the /proc/<PID>/cmdline.
The binary constructs environment variable based on the PID of the process and re-execs itself via bash. In the second exec it detects the variable, deciphers the shell scripts and execs it.
#!/bin/bash
read -p "Your input: " input
if [ $input = "HV19{Sh3ll_0bfuscat10n_1s_fut1l3}" ]
then
echo "success"
else
echo "nooooh. try harder!"
fiThe elves created an API where you get random jokes about santa.
Go and try it here: http://whale.hacking-lab.com:10101
API encodes information to the token.
This script access platinum part with the flag.
Santa used his time machine to get a present from the past. get your rusty tools out of your cellar and solve this one!
Switzerland's national security is at risk. As you try to infiltrate a secret spy facility to save the nation you stumble upon an interesting looking login portal.
Can you break it and retrieve the critical information?
This challenge is is about PatriciaTrie bug.
public void testNullTerminatedKey2() {
PatriciaTrie<Integer> trie = new PatriciaTrie<>();
trie.put("x", 0);
Assert.assertTrue(trie.containsKey("x")); // ok
trie.put("x\u0000", 1);
Assert.assertTrue(trie.containsKey("x\u0000")); // ok
Assert.assertTrue(trie.containsKey("x")); // fail
}First call ./solve.sh script, coppy the javax.faces.ViewState value and past it as a first parameter to the solve.sh script again and append it with auth_token_4835989\u0000.
./solve.sh '-8502787694603742044:-3890048074146143282' 'auth_token_4835989\u0000'Let's play another little game this year. Once again, I promise it is hardly obfuscated.
use Tk;use MIME::Base64;chomp(($a,$a,$b,$c,$f,$u,$z,$y,$r,$r,$u)=<DATA>);sub M{$M=shift;## @m=keys %::;(grep{(unpack("%32W*",$_).length($_))eq$M}@m)[0]};$zvYPxUpXMSsw=0x1337C0DE;### /_help_me_/;$PMMtQJOcHm8eFQfdsdNAS20=sub{$zvYPxUpXMSsw=($zvYPxUpXMSsw*16807)&0xFFFFFFFF;}; ($a1Ivn0ECw49I5I0oE0='07&3-"11*/(')=~y$!-=$`-~$;($Sk61A7pO='K&:P3&44')=~y$!-=$`-~$;m/Mm/g; ($sk6i47pO='K&:R&-&"4&')=~y$!-=$`-~$;;;;$d28Vt03MEbdY0=sub{pack('n',$fff[$S9cXJIGB0BWce++] ^($PMMtQJOcHm8eFQfdsdNAS20->()&0xDEAD));};'42';($vgOjwRk4wIo7_=MainWindow->new)->title($r) ;($vMnyQdAkfgIIik=$vgOjwRk4wIo7_->Canvas("-$a"=>640,"-$b"=>480,"-$u"=>$f))->pack;@p=(42,42 );$cqI=$vMnyQdAkfgIIik->createLine(@p,@p,"-$y"=>$c,"-$a"=>3);;;$S9cXJIGB0BWce=0;$_2kY10=0; $_8NZQooI5K4b=0;$Sk6lA7p0=0;$MMM__;$_=M(120812).'/'.M(191323).M(133418).M(98813).M(121913) .M(134214).M(101213).'/'.M(97312).M(6328).M(2853).'+'.M(4386);s|_||gi;@fff=map{unpack('n', $::{M(122413)}->($_))}m:...:g;($T=sub{$vMnyQdAkfgIIik->delete($t);$t=$vMnyQdAkfgIIik->#FOO createText($PMMtQJOcHm8eFQfdsdNAS20->()%600+20,$PMMtQJOcHm8eFQfdsdNAS20->()%440+20,#Perl!! "-text"=>$d28Vt03MEbdY0->(),"-$y"=>$z);})->();$HACK;$i=$vMnyQdAkfgIIik->repeat(25,sub{$_=( $_8NZQooI5K4b+=0.1*$Sk6lA7p0);;$p[0]+=3.0*cos;$p[1]-=3*sin;;($p[0]>1&&$p[1]>1&&$p[0]<639&& $p[1]<479)||$i->cancel();00;$q=($vMnyQdAkfgIIik->find($a1Ivn0ECw49I5I0oE0,$p[0]-1,$p[1]-1, $p[0]+1,$p[1]+1)||[])->[0];$q==$t&&$T->();$vMnyQdAkfgIIik->insert($cqI,'end',\@p);($q==### $cqI||$S9cXJIGB0BWce>44)&&$i->cancel();});$KE=5;$vgOjwRk4wIo7_->bind("<$Sk61A7pO-n>"=>sub{ $Sk6lA7p0=1;});$vgOjwRk4wIo7_->bind("<$Sk61A7pO-m>"=>sub{$Sk6lA7p0=-1;});$vgOjwRk4wIo7_#%" ->bind("<$sk6i47pO-n>"=>sub{$Sk6lA7p0=0 if$Sk6lA7p0>0;});$vgOjwRk4wIo7_->bind("<$sk6i47pO" ."-m>"=>sub{$Sk6lA7p0=0 if $Sk6lA7p0<0;});$::{M(7998)}->();$M_decrypt=sub{'HACKVENT2019'}; __DATA__ The cake is a lie! width height orange black green cyan fill Only perl can parse Perl! Achtung das Flag! --> Use N and M background M'); DROP TABLE flags; -- Run me in Perl! __DATA__
The @fff variable holds the encrypted flag.
This scripts decrypts it.
Hidden 1
The first hidden flag is hidden in copy to clipboard of the Day 6.
Born: January 22
Died: April 9
Mother: Lady Anne
Father: Sir Nicholas
Secrets: unknown
The spaces behind text are spaces, tabs and newlines hiding the flag in the message vie stegsnow command.
python decode.py > msg
stegsnow -C msgHidden 2
The video name 3DULK2N7DcpXFg8qGo9Z9qEQqvaEDpUCBB1v.mp4 from Day 7 encodes hidden flag with Base 58.
Hidden 3
Following script dumps the flag
while sleep 3600
do
nc whale.hacking-lab.com 17
done