Knock Knock - 10 points
Evidence: cipher.txt
... . ... .... . ... . ... . ..... . .... ... .... .... ..... .... ....
The cipher appears to be a series of dots and spaces, if you didn’t know you could utilize Dcode.fr’s cipher identifier to help you on your way. It recognizes it as a Tap Code Cipher.
Figure 1: Dcode.fr Cipher Identifier
It doesn’t automatically fill in the tap grid so you may need to do further research. Knowing it’s a tap code you could search and find a site like Boxentriq to decode which uses the tab code table in order of the alphabet.
Figure 2: Sample tap code table
You can see it decoded the message as “loccedout” but understand that the C/K are interchangeable.
Figure 3: Boxentriq Tap Code Tool
Trying “lockedout” gives you the flag.
The Masked Singer - 10 points
Evidence: Puzzle.7z
You are provided a zip folder that contains a bunch of pictures, which are puzzle pieces of what looks like a QR code.
Figure 4: Puzzle.7z contents
It’s not the easiest to figure out which orientation some pieces are but working with the corners and going from there you can put it all together to form the code that you can scan.
Figure 5: Completed QR code
It leads you to a Google Drive link:
https://drive.google.com/file/d/1a15tT0FnhCIiLIkLVgskhb0NJSMRfVel/view?usp=sharing
The singer is Rick Astley.
Figure 6: You’ve been Rick Rolled
Capital offense - 25 points
Evidence: cipher
We are given an extensionless file to figure out what to do next. If we open it in a hex editor we can see that the header info doesn’t appear to be any usual type of file.
Figure 7: cipher file header in HxD
If we go to the footer it may not be super obvious but you see GNP (PNG backwards).
Figure 8: cipher file footer in HxD
We need to reverse the bytes of the file to see what we get next. A simple Python script (here’s an example) makes quick work of it. Now knowing it’s a PNG, we can add the extension and open in a picture viewer.
Figure 9: cipher file reversed
If you know geography (and a little bit about the Magnet User Summit) you’d know this is an image of the state of Tennessee pointing to our flag, which is Nashville.
Pigs in a Blanket - 25 points
Evidence: Cipher.txt
@:<SR@N])f@UW[f@:EYS@N])g@:<Re@:<SR@3Auf@:<Re@:E\T@3B#f@UW[f@UW\S@/
We get a mix of characters on this encoded message. Throwing it into Cyber Chef it auto detects it as Base85.
Figure 10: Base85 decode in Cyber Chef
Now we get the second layer which is a bunch of A’s and B’s. If you Google what type of cipher it is you’d come across the Bacon cipher. We can use Cryptii to try and decode:
Figure 11: Cryptii Bacon cipher decode
You will want to use the “Unique codes for each letter” variant to get the flag of “delicious”.
Dressing, with a dash. of 17 spices - 50 points
Evidence: Cipher.wav
We are given a .wav audio file for this one. If you play it you will hear what appears to be Morse code (a combination of long and short sounds). There is a handy website where you can upload the audio and it will decode it for you via MorseCode.World.
After letting it play out the complete audio, you are left with the following message:
4,18,24,5,22,11,10, ,18,9,22, ,18,11,11,9,18,20,11,26,13,22
The commas appear to be breaking up characters in the code. The numbers range from 4 to 26 in this which usually correlate to letters. We can use something like a Letter Numbers decoder to get to the next step.
Figure 12: Rumkin Letter Numbers decoder
We are left with:
DRXEVKJ RIV RKKIRTKZMV
We can use the cipher identifier at DCode.fr to see that this is a ROT Cipher of +17 (hence the 17 spices). The flag is “MAGNETS ARE ATTRACTIVE”, upper or lowercase were acceptable.
Figure 13: ROT Cipher on DCode.fr
100x Scale! - 50 points
Evidence: sound.wav
We are given another audio file that if played has some low and higher pitched beeps. Audacity is a nice free tool that can help with audio. Typically things are hidden in the spectrogram of audio files so if we switch the view over we start to see something of interest.
Figure 14: Spectrogram view of sound.wav in Audacity
Each note are at different frequencies that if mapped out will result in the following:
Figure 15: List of frequencies
You will want to divide each of these by 100 (based on the hint given in the title). Each number represents an ASCII interpretation of a character so we can use Cyber Chef to convert from decimal.
Figure 16: From Decimal recipe in Cyber Chef
We can see that the proper flag was “illuminati”.
Hidden Spirits - 75 points
Evidence: mars.png
You are given a photo of an astronaut that may look familiar, it’s Matt Damon playing Mark Watney from the movie The Martian.
Figure 17: martian.png
Viewing the image in a hex editor or extracting EXIF data gives no leads on where to go next. Usually that means there is probably something “hidden” in the image. If you do a search for “hide text in image” you may come across a few different types of steganography tools but one of particular interest is Image Hidden Text.
If you upload the image to the site to decrypt you get some text content.
Figure 18: Image Hidden Text from lddgo.net
We are left with:
||-|---|-|----|_|-|---||---||-|-||||--||||----|-||--_||----||--||||---|||--|-|-|-|||||
Now onto the next step. To keep with the space theme here (specifically Mars), some years back there was a Mars rover named Spirit that had a hidden message printed on a DVD. Some context clues may lead you back to Rumkin which we used previously. where there is a Spirit DVD code decrypter. If you input the code there you get the flag, “DARE_MIGHTY_THINGS”, another nod to the Mars Perseverance rover mission from 2021.
Figure 19: Spirit DVD code decrypter on Rumkin