CTF announcement Easter Egg write-up
The CTFZone announcement was published on different websites a few weeks before the start of the CTF.
When potential players looked at this announcement, they could notice that the text formatting was a bit weird.
Anyone with a trained eye could recognize that the words were separated by one or two spaces. That meant that there was some information encoded in the message.
There are many codes that can encode information in that way, but there is only one relevant to this case: one space encodes “0”, two spaces—“1”. After decoding, the players could obtain the following binary line:
“0111000001110010011011110110110101101111001011100110
0010011010010010111001111010011011110110111001100101”
Upon ASCII translation of the line, the players would obtain the link “promo.bi.zone”. That was the end of the first stage of this task.
When the players tried to follow this link, they would find out that the website was inaccessible. Website examination with NMAP, for example, could reveal that there were two open ports—22 (ssh) and 90. Port 90 contained a large BI.ZONE logo with a QR code at the bottom of the image.
Behind the QR code, there was a small text: “Try to find me(; Father calls me ctfzone”. Apparently, the task was to find someone under this nickname in the open source.
The phrase “Father calls me” is a hint for the Telegram bot “BotFather” which registers other bots. There is a bot in Telegram under the nickname @ctfzone.
The first message from the bot would contain the task to solve a few Sudokus. There are many ways to solve a Sudoku, one way is to use the pythonsudoku module. After ten successfully solved Sudoku tasks, the bot would reply with the message: “Post your flag on Twitter with #ctfzone and mention @CtfZone: flag”.
The players who had published this tweet qualified for prizes.
The first player who solved the whole Easter Egg task received a ZN2016 invitation, the others picked up their prizes at the conference.