Title Difficulty Flag
---------------------------------------- ---------- -----------------------------
Teaser
Challenge 01: Prison Break Easy he18-gx8L-AJUw-DSMH-6aUI
Challenge 02: Babylon Easy he18-egu6-pL6f-QjmF-qXWj
Challenge 03: Pony Coder Easy
Challenge 04: Memeory Easy he18-cGoS-a2tz-BD2w-zXH8
Challenge 05: sloppy & Paste Easy he18-2yTc-bJ1f-raIQ-gKc6
Challenge 06: Cooking for Hackers Easy he18-MdVx-nSgb-wzYT-TtoE
Challenge 07: Jigsaw Easy he18-jFsP-AXNB-GUXu-dkms
Challenge 08: Disco Egg Easy he18-Qox7-xFIw-cljk-ySdF
Challenge 09: Dial Trial Easy he18-Yuk0-9zPD-l8Di-aL1i
Challenge 10: Level Two Medium
Challenge 11: De Egg you must Medium
Challenge 12: Patience Medium
Challenge 13: Sagittarius... Medium
Challenge 14: Same same... Medium he18-D76U-PvxZ-7Icy-mkF1
Challenge 15: Manile greetings Medium he18-ifiI-T6ZT-TNyX-9DZp
Challenge 16: git cloak --hard Medium he18-k4oU-OEar-n9Sr-ULi0
Challenge 17: Space Invaders Medium
Challenge 18: Egg Factory Medium
Challenge 19: Virtual Hen Hard
Challenge 20: Artist: No Name Yet Hard
Challenge 21: Hot Dog Hard
Challenge 22: Block Jane Hard
Challenge 23: Rapbid Learning Hard
Challenge 24: ELF Hard
Hidden Egg #1
Hidden Egg #2
Hidden Egg #3 he18-yeCd-TI6g-nSrz-WgZX
Some challenges are mobile challenges that need to be solved with the Hacky Easter app
We get the apk for the app (e.g. with the GetAPK app)
and decode it using apktool
$ sudo apt-get install apktool
$ apktool decode HackyEaster_9_5.0.1.ap
Challenge
Solution
Egg
Hidden Egg #1:
Challenge
Solution
Egg
Hidden Egg #2:
Challenge
Solution
Egg
Hidden Egg #3:
Challenge
Got appetite? What about an egg for launch?
Solution
description suggest we need to look in the Hacky Easter app, and indeed find an egg lurking
at build/apk/res/drawable/jc_launcher.png
Egg
he18-yeCd-TI6g-nSrz-WgZX
Challenge
Your fellow inmate secretly passed you an old cell phone and a weird origami. The only thing on the phone are two stored numbers.
555-7747663 Link
555-7475464 Sara
Find the password and enter it in the Egg-o-Matic below. lowercase only, no spaces!
Solution
Combine the telephone numbers with the dots on the origami and a T9 pad:
7747663 (Link)
1334322 (number of dots)
prisone
7475464 (Sara)
3342321 (number of dots)
risking
this reads prisonerisking
, enter this into egg-o-matic to get our egg
Egg
he18-gx8L-AJUw-DSMH-6aUI
Challenge
The tower is not the only thing in Babylon which has walls and shelves.
4 - 4 - 28 - 355
Solution`
This refers to the Library of Babel, from a short story written by Jorge Luis Borges. The library in the story contains every single possible 410 page book. Most will be jibberish, but it will also contain every 410 page book ever written or that ever will be written.
This concept has been made into a on online version: https://libraryofbabel.info/
We can find the book, on hexagon given by the content of the text file, wall 4, shelf 4, volume 28, page 355.
This leads to a page which is mostly spaces an the following sentence:
the super secret hackyeaster password is checkthedatayo
we enter this into the egg-o-matic to get our egg
Egg
he18-egu6-pL6f-QjmF-qXWj
Challenge
Solution
Egg
Challenge
Fancy a round of memeory?
Click here to play.
Solution
We inspect the html, and can see the images on each of the cards:
<div class="moduleLegespiel">
<figure id="legespiel_card_63" class="">
<a href="#card_63">
<img class="boxFront" src="./lib/32.jpg">
<img class="boxWhite" src="./lib/shadow_card.png">
<img class="boxBack" src="./lib/back.jpg">
</a>
<img class="boxStretch" src="./lib/shim.gif">
</figure><figure id="legespiel_card_58" class="">
<a href="#card_58">
<img class="boxFront" src="./lib/30.jpg">
<img class="boxWhite" src="./lib/shadow_card.png">
<img class="boxBack" src="./lib/back.jpg">
</a>
<img class="boxStretch" src="./lib/shim.gif">
</figure><figure id="legespiel_card_84">
<a href="#card_84">
<img class="boxFront" src="./lib/43.jpg">
<img class="boxWhite" src="./lib/shadow_card.png">
<img class="boxBack" src="./lib/back.jpg">
</a>
<img class="boxStretch" src="./lib/shim.gif">
</figure><figure id="legespiel_card_73">
<a href="#card_73">
<img class="boxFront" src="./lib/37.jpg">
<img class="boxWhite" src="./lib/shadow_card.png">
<img class="boxBack" src="./lib/back.jpg">
</a>
<img class="boxStretch" src="./lib/shim.gif">
</figure><figure id="legespiel_card_19">
[..]
so we just find the pairs and play the game to get our egg:
Egg
he18-cGoS-a2tz-BD2w-zXH8
Challenge
This was a mobille challenge.
Solution
When we try to copy the text shown, it copies a different text
so we get the apk of the mobile app and decode it
apktool decode HackyEaster_9_5.0.1.apk
and find the string we are looking for in assets/www/challenge05.html
Egg
he18-2yTc-bJ1f-raIQ-gKc6
Challenge
You've found this recipe online:
1 pinch: c2FsdA==
2 tablesspoons: b2ls
1 teaspoon: dDd3Mmc=
50g: bnRkby4=
2 medium, chopped: b25pb24=
But you need one more secret ingredient! Find it!
Solution
These b64 decode to
1 pinch: salt
2 tablesspoons: oil
1 teaspoon: t7w2g
50g: ntdo.
2 medium, chopped: onion
But you need one more secret ingredient! Find it!
The period at the end of the fourth part is the hint, this is a url!
saltoilt7w2gntdo.onion
open it with a tor browser to get the egg
Egg
he18-MdVx-nSgb-wzYT-TtoE
Challenge
Thumper was probably under time pressure and jumped around a bit too wild. As a result, his picture has broken.
Can you write a program to put it back together
Solution
This tool is pure magic and solved this challenge for us using a genetic algorithm: https://github.com/nemanja-m/gaps
$ gaps --image=../jigsaw.png --generations=30 --population=600 --save
goodsheepdontalwayswearwhite
We put this phrase into the egg-o-matic to get our egg
Egg
he18-jFsP-AXNB-GUXu-dkms
Challenge
Make things as simple as possible but no simpler.
-- Albert Einstein
Solution
We are led to a site with an egg continually chaning colour
The element of the disco egg look as follows in the source:
<div id="overlay">
<table><tr>
<td class="cyan black green darkgreen blue orange red darkgrey brown" style="background-color:#006412;"></td>
<td class="cyan red brown blue black green darkgrey" style="background-color:#FBF305;"></td>
<td class="cyan black blue red lightgrey" style="background-color:#FBF305;"></td>
<td class="darkgreen black tan cyan green blue" style="background-color:#FBF305;"></td>
<td class="brown blue darkgrey cyan mediumgrey lightgrey black darkgreen" style="background-color:#FF6403;"></td>
[..]
we notice that each element has either black
or white
in the list but not both. We let the background color reflect this and find our QR code
cat disco.html
| sed 's|</td>|</td>\n|g'
| sed 's|class=\".*white.*|class=\"white\" style=\"background-color:#FFFFFF;\"></td>|g'
| sed 's|class=\".*black.*|class=\"black\" style=\"background-color:#000000;\"></td>|g'
> disco2.html
Egg
he18-Qox7-xFIw-cljk-ySdF
Challenge
Solution
we find the mp3 file played by the app when hitting the button.
We convert it to wav file and decode the DTMF tones using http://dialabc.com/sound/detect/index.html
472612252336262636253412
This looks like it could be similar to the first challenge, each pair of number representing a
letter, 47
means 4 times number 7 (letter s
in T9)
47 26 12 25 23 36 26 26 36 25 34 12
s n a k e o n n o k i a
Whoo! we enter snakeonnokia
in the egg-o-matic to get our egg
Egg
he18-Yuk0-9zPD-l8Di-aL1i
Challenge
Solution
Egg
Challenge
Who was first, the cat or the egg?
Solution
The zip file is password protected but easily cracked with fcrackzip and this wordllist
$ fcrackzip -v --use-unzip -D -p dictionaries/password basket.zip
found file 'egg1', (size cp/uc 1389653/1433600, flags 9, chk 4f21)
found file 'egg2', (size cp/uc 1426168/1433600, flags 9, chk 4f21)
found file 'egg3', (size cp/uc 1425557/1433600, flags 9, chk 4f21)
found file 'egg4', (size cp/uc 1425787/1433600, flags 9, chk 4f21)
found file 'egg5', (size cp/uc 1423266/1433600, flags 9, chk 4f21)
found file 'egg6', (size cp/uc 362705/384584, flags 9, chk 4f21)
PASSWORD FOUND!!!!: pw == thumper
$ file egg1
egg1: ISO Media, Apple iTunes Video (.M4V) Video
The first file looks like a video, but it doesn't play properly. We try to extract frames and get the following error:
$ ffmpeg -i egg1.m4v -r 1/1 $filename%03d.jpg
ffmpeg version 3.3.4-2 Copyright (c) 2000-2017 the FFmpeg developers
built with gcc 7 (Ubuntu 7.2.0-8ubuntu2)
configuration: --prefix=/usr --extra-version=2 --toolchain=hardened --libdir=/usr/lib/x86_64-linux-gnu --incdir=/usr/include/x86_64-linux-gnu --enable-gpl --disable-stripping --enable-avresample --enable-avisynth --enable-gnutls --enable-ladspa --enable-libass --enable-libbluray --enable-libbs2b --enable-libcaca --enable-libcdio --enable-libflite --enable-libfontconfig --enable-libfreetype --enable-libfribidi --enable-libgme --enable-libgsm --enable-libmp3lame --enable-libopenjpeg --enable-libopenmpt --enable-libopus --enable-libpulse --enable-librubberband --enable-libshine --enable-libsnappy --enable-libsoxr --enable-libspeex --enable-libssh --enable-libtheora --enable-libtwolame --enable-libvorbis --enable-libvpx --enable-libwavpack --enable-libwebp --enable-libx265 --enable-libxvid --enable-libzmq --enable-libzvbi --enable-omx --enable-openal --enable-opengl --enable-sdl2 --enable-libdc1394 --enable-libiec61883 --enable-chromaprint --enable-frei0r --enable-libopencv --enable-libx264 --enable-shared
libavutil 55. 58.100 / 55. 58.100
libavcodec 57. 89.100 / 57. 89.100
libavformat 57. 71.100 / 57. 71.100
libavdevice 57. 6.100 / 57. 6.100
libavfilter 6. 82.100 / 6. 82.100
libavresample 3. 5. 0 / 3. 5. 0
libswscale 4. 6.100 / 4. 6.100
libswresample 2. 7.100 / 2. 7.100
libpostproc 54. 5.100 / 54. 5.100
[mov,mp4,m4a,3gp,3g2,mj2 @ 0x55e2047e2f20] moov atom not found
egg1: Invalid data found when processing input
a moov atom
contains metadata about the video link.
We remember the challenge description cat or the egg
so we concatenate the different files together to get a working video
$ cat egg* > eggall
We notice some marking at the bottom of the frames during the last second orso, but not sure what that means?
$ ffmpeg -i eggall -y -ss 24 -an -r 20 frame%03d.jpg
Egg
Challenge
Solution
Egg
Challenge
13 - Sagittarius...
... is playing with his pila again.
Can you find the Easter egg QR code he has hidden from you?
Solution
I loaded pila.kmz into a KMZ viewer and saw this:
So obviously the wrong projection.
Egg
Challenge
Same same... ...but different! Upload the right files and make the server return an Easter egg!
The PHP code seems to require that we upload two files which are QR codes with the word 'Hackvent' in one and 'Hacky Easter' in the other, and that those files should have identical sha1sums.
I just assumed it would accept PDFs without looking since the sha1 collision for pdfs was pretty recently big news. Found https://github.com/nneonneo/sha1collider as one of the top results in a search.
Solution
$ qrencode 'Hackvent' -o a.png
$ qrencode 'Hacky Easter' -o b.png
$ convert a.png a.pdf
$ convert b.png b.pdf
$ python3 sha1collider/collide.py a.pdf b.pdf --progressive
and got out two PDFs with identical hashes in under a second! Neat.
bdece875ca36c6505b0728cbeca7495db1a30246 out-a.pdf
bdece875ca36c6505b0728cbeca7495db1a30246 out-b.pdf
Egg
Challenge
Randy Waterhouse receives a package from his friend Enoch Root containing a deck of cards and a letter:
Dear Randy,
even though our stay in Manila was not very pleasant, I fondly think of our discussions there:
GTIFL RVLEJ TAVEY ULDJO KCCOK P
Wishing you happy Easter
Enoch
Solution
The text is a hint to the book Cryptonomicon by Neal Stephenson. Combined with the cards image, we realize this is a Solitaire Cipter
if we convert the notation of the deck slightly we can solve it online here
key:
8d 3s 7d 3d 2c 5s Ad 6c 7s 6d A Kd Qh Js Jc 7h 3h 9h 9s 8s 9c As 4h 8c 3c Kh Ah 6s 6h Ts Ks Ac Td Qd Qc B Qs 4s 9d 2s 5c Jh Th 4c Tc 5d 8h 2h 2d Jd 7c Kc 5h 4d
which gives output:
THEPA SSWOR DISCR YPTON OMICO N
So the password is CRYPTONOMICON
, and we put that into the egg-o-matic to get our flag
Egg
he18-ifiI-T6ZT-TNyX-9DZp
Challenge
This one requires your best Git-Fu! Find the hidden egg in the repository.
Solution
The zip files contains a git repo with a number of images in it:
The egg with the QR code translates to 7dUDQDhMQkLYsQTMJq62
, but this is not a valid egg of course.
$ git log
commit b9e860f47fe6990cbda4ac5bb3d2829d2191f1eb (HEAD -> master)
Author: PS <ps@hacking-lab.com>
Date: Tue Jan 23 05:43:16 2018 -0500
even more funny images added
commit 3839c14d2863fd850794661677352305ea798eb6
Author: PS <ps@hacking-lab.com>
Date: Tue Jan 23 05:43:15 2018 -0500
more funny images added
commit 228b603ed45ddaf1b1d3fe502e168fa2508ee5ed
Author: PS <ps@hacking-lab.com>
Date: Tue Jan 23 05:43:15 2018 -0500
created the funny git meme repo
We rewind the commits to see if there is anything interesting
$ git reset HEAD~2
Unstaged changes after reset:
M 02.png
D 04.png
we see that image 2 was modified and another image deleted
but alas, this different egg (QRcode reads qdUX0sgDVjWxiFNifHKE
) is still not what we are looking for..
$ git log --all --graph --oneline
* b9e860f (HEAD -> master) even more funny images added
| * 9a29769 (branch) branch created
|/
* 3839c14 more funny images added
* 228b603 created the funny git meme repo
So we see that a different branch was created at some point, but we don't find the egg here either.
$ cat .git/config
[core]
repositoryformatversion = 0
filemode = false
bare = false
logallrefupdates = true
symlinks = false
ignorecase = true
[user]
name = PS
email = ps@hacking-lab.com
$ cat .git/logs/HEAD [29-03-18 13:00:39]
0000000000000000000000000000000000000000 228b603ed45ddaf1b1d3fe502e168fa2508ee5ed PS <ps@hacking-lab.com> 1516704195 -0500 commit (initial): created the funny git meme repo
228b603ed45ddaf1b1d3fe502e168fa2508ee5ed 228b603ed45ddaf1b1d3fe502e168fa2508ee5ed PS <ps@hacking-lab.com> 1516704195 -0500 checkout: moving from master to temp
228b603ed45ddaf1b1d3fe502e168fa2508ee5ed b9820d55ce59799992648672a5a43fff4effd56b PS <ps@hacking-lab.com> 1516704195 -0500 commit: temp branch created
b9820d55ce59799992648672a5a43fff4effd56b 9d7c9b5a1c8773ea48caac90d05401679b0a8897 PS <ps@hacking-lab.com> 1516704195 -0500 commit: added one more image
9d7c9b5a1c8773ea48caac90d05401679b0a8897 228b603ed45ddaf1b1d3fe502e168fa2508ee5ed PS <ps@hacking-lab.com> 1516704195 -0500 checkout: moving from temp to master
228b603ed45ddaf1b1d3fe502e168fa2508ee5ed 3839c14d2863fd850794661677352305ea798eb6 PS <ps@hacking-lab.com> 1516704195 -0500 commit: more funny images added
3839c14d2863fd850794661677352305ea798eb6 3839c14d2863fd850794661677352305ea798eb6 PS <ps@hacking-lab.com> 1516704195 -0500 checkout: moving from master to branch
3839c14d2863fd850794661677352305ea798eb6 9a29769663d029f1b3ad83fec7e7f19ca1cf8e78 PS <ps@hacking-lab.com> 1516704195 -0500 commit: branch created
9a29769663d029f1b3ad83fec7e7f19ca1cf8e78 3839c14d2863fd850794661677352305ea798eb6 PS <ps@hacking-lab.com> 1516704196 -0500 checkout: moving from branch to master
3839c14d2863fd850794661677352305ea798eb6 b9e860f47fe6990cbda4ac5bb3d2829d2191f1eb PS <ps@hacking-lab.com> 1516704196 -0500 commit: even more funny images added
$ git log --all --branches --remotes --tags --reflog --oneline --graph
* b9e860f (HEAD -> master) even more funny images added
| * 9a29769 (branch) branch created
|/
* 3839c14 more funny images added
| * 9d7c9b5 added one more image
| * b9820d5 temp branch created
|/
* 228b603 created the funny git meme repo
git checkout 9d7c9b5a1c8773ea48caac90d05401679b0a8897
gives us another image, tree.jpg
and yet another version of 02.png
:
Eventually discovered git fsck
notes a dangling blob which is apparently some
piece of data that was included at one point but the commit was later removed or backed out.
$ git fsck
Prüfe Objekt-Verzeichnisse: 100% (256/256), Fertig.
dangling blob dbab6618f6dc00a18b4195fb1bec5353c51b256f
$ git cat-file -p dbab6618f6dc00a18b4195fb1bec5353c51b256f > tmp.png
$ file tmp.png
tmp: PNG image data, 480 x 480, 8-bit colormap, non-interlaced
Egg
Challenge
Alien space invaders left a secret message. Luckily, you know that they used codemoji.org for the encryption.
Decrypt the message, and save the planet!!
⚾⭐📯💵🎨📢📘💪☀🌆💪🐸🎨🐦📢
Solution
-
create a random message
-
"share", they give you a shortlink that resolves into "https://codemoji.org/share.html?data=...." where data is an html encoded, base64 encoded blob of json like:
{ "message": "⚾⭐📯💵🎨📢📘💪☀🌆💪🐸🎨🐦📢", "key": "👾" }
-
replace the message with the given input: "⚾⭐📯💵🎨📢📘💪☀🌆💪🐸🎨🐦📢"
-
and get this url
-
which decodes with the invader emoji to
invad3rsmustd13
Egg
Challenge
Solution
Egg
Challenge
Solution
Egg
Challenge
Solution
we find some hidden text in the pdf file using extractpdf.com:
Composition
No Name Yet
�Okay, let’s do the information exchange as we coordinated. First let me
tell you: hiding informations in a MIDI file will be popular soon! We should
only do it this way to stay covered. MIDI hiding is just next level – wow! So,
here are all informations you need to find the secret: Trackline: Can’t remember now,
but you’ll find it. It’s kinda quiet this time, because of the doubled protection
algorithm! Characters: 0 - 127 (by the way: we won‘t need the higher ones
ever…)Let’s go!�
I‘m very exited for the lyrics that you will create
for this masterpiece.
Best wishes, your friend
LuckyTail
Egg
Challenge
or: how to solve this darn crypto challenge to get your sleep back.
Enter the flag found, into the Egg-o-Matic below, without brackets.
Solution
The zipfile contains a tiff file
with binwalk we find a png image embedded
$ zbarimg egg-almost.png
QR-Code:Arf3ThIY8VQg2GUd249wzDYi7CXqTST+9g4Q7bbT2eF+mD2KB+6oi3rVSY/eZ6/onNBNYPo2BPqIVEbL35G62pIHvabGcrYosGCpYhiz6EYnamnNPrHdzmEOs8lCRw1c2Pe8kl41FH0ud7tBn6qD/stnZfGkcbeIrjaSiIYSveHS
scanned 1 barcode symbols from 1 images in 0.02 seconds
Egg
Challenge
Solution
Egg
Challenge
Solution
Egg
Challenge
Solution
Egg