Difference between revisions of "2011 Challenge Walkthrough"
(→Level 10) |
m |
||
(One intermediate revision by one other user not shown) | |||
Line 1: | Line 1: | ||
+ | [[Category:Projects]] | ||
+ | |||
For those of you that may not know, last February SkullSpace published a challenge on the Internet. The challenge can be found [http://skullspace.net/secret.php here]. You should really try to get through the first four levels, which we consider to be the introductory levels, before continuing reading this. | For those of you that may not know, last February SkullSpace published a challenge on the Internet. The challenge can be found [http://skullspace.net/secret.php here]. You should really try to get through the first four levels, which we consider to be the introductory levels, before continuing reading this. | ||
Line 336: | Line 338: | ||
winnipeg statue billy | winnipeg statue billy | ||
− | Gives a link to the Wikipedia page on | + | Gives a link to the Wikipedia page on [https://en.wikipedia.org/wiki/William_Stephenson Sir William Stephenson], whose codename was "''intrepid''". |
===Interesting Wrong Answers=== | ===Interesting Wrong Answers=== |
Latest revision as of 15:31, 4 October 2017
For those of you that may not know, last February SkullSpace published a challenge on the Internet. The challenge can be found here. You should really try to get through the first four levels, which we consider to be the introductory levels, before continuing reading this.
DO NOT ADD NEW LEVELS ON YOUR OWN, WE WILL BE RELEASING NEW INFORMATION GRADUALLY.
SPOILERS AHEAD. YOU HAVE BEEN WARNED.
AS OF 2012-08-05 THE HALL OF FAME IS CLOSED TO NEW ENTRIES.
Contents
Level 1
The first level, accessed by clicking the above image, is a complete freebie. Progressing to level 2 is as simple as clicking on a link found on the level's page. This level is important because it introduces several concepts:
- The path in the URL for this level is a nonsensical phrase that combines the year and the level number. This level's path is 2011/01-level/secretchallenge.php. This prevents the URL of levels from being guessed.
- The image that is the central focus of the level's page is a random photo taken from a friend's Flickr page. The filename of the image is hash, preventing the URLs for images from being guessed. The directory in which the images reside cannot be listed, either.
- The HTML that makes up the page should be examined on every level, since it may contain clues or jokes. See below for an example.
- The favicon for this level appears in most browsers to be random black dots on a white background. Looking at the icon in full detail shows it to be a QR code. Running the QR code through ZXing.com reveals the text "OUR PRINCESS IS IN ANOTHER CASTLE!", which is a line from the NES game Super Mario Bros.
- The title of the page, which is simply "Welcome".
Easter Eggs
The only easter egg in this level is found in the HTML:
You should feel good about yourself. Try to remember that feeling.</p> <p>The feeling may not last long. <!--That's what SHE said!--></p>
For those of you unfamiliar with the joke, please put your hands in the air, and slowly back away from the Internet.
Interesting Wrong Answers
Considering that the next level is reached by clicking a link, I find it amusing that players were still suspicious enough to be looking around for other solutions. Here are some URLs they attempted:
- /2011/01-hail
- /2011/01-level/favicon.ico
- /2011/01-cow
- /2011/01-start
- /2011/01-Beginning
- /2011/011235813, the significance of which becomes apparent in the third level
Identification
When attempting, for the first time, to access any level beyond 1, you will be asked for your name. We use this to track the level each player is on, and for no other nefarious purposes.
Level 2
The second level is where the fun begins. Let's start off with an overview of the page's components:
- URL path: 2011/02-hail/humblebeginning.php. The "hail" is a reference to "Hail Caesar!".
- Page title: "You don't make friends with salad", which is a line from an episode of The Simpsons.
- The QR code contains the URL for the Wikipedia page for the Caesar Cipher.
- The image for this level is obviously not related to this level, as it's from the Flickr stream.
Looking at the page's text, it explicitly states that we should check the HTML, where we find:
<!-- uggc://jjj.fxhyyfcnpr.arg/2011/03-vfncnegl/fefofaf.cuc -->
Since the favicon links to the Caesar Cipher, it's fairly obvious that we should use that to decode what appears to be a URL. Since the Caesar Cipher is a substitution cipher, and more specifically a shift cipher, we'll need to figure out the 'key'. Thankfully, we know the majority of the URL should be something along the lines of:
<!-- http://www.skullspace.net/2011/03-????????/???????.php -->
we have more than enough information to discover the key. In fact, there are very few keys possible in the Caesar Cipher, so we could easily have tried them all. Subtracting the first character ('h' = 8) of the plaintext from the first character of the ciphertext ('u' = 21) gives us 13. A key of 13 is special in this cipher, and is known as ROT13. The important thing about this cipher is that it's popular in computer culture as a type of obfuscation, and there are websites that allow you to encode/decode text as ROT13. One such website gives us the text:
<!-- http://www.skullspace.net/2011/03-isaparty/srsbsns.php -->
Navigating to the above URL gets us to the next level.
Interesting Wrong Answers
It's interesting to look at what people have tried to get to the next level. Below are a list of URLs that people have tried:
- /2011/02-hail/transformers.php, due to the "More than meets the eye" reference
- /2011/02-hail/ceasar
- /2011/03-hail
Most other attempts were made with URLs that were completely decrypted incorrectly, had one letter wrong in the decryption, or had random casing on the letters.
Statistics
451 usernames are currently on this level.
Level 3
The third level is the first in a series of levels, as will become clear later. The page's components are:
- URL path: 2011/03-isaparty/srsbsns.php. The title refers to the saying that two's a party, but three is a crowd. We disagree. Additionally, srsbsns (serious business) is a sarcastic saying often used in our IRC channels, popularized by Tweek.
- Page title: "You're an idiom!", comes from Mak's wife asking him after he had used the word 'idiom' in a conversation, what it meant. He responded as the title says, in a stupid voice.
- The QR code contains the text "Leonardo Pisano Bigollo".
- The image for this level isn't very scenic, which indicates that it's relevant to the level.
Since the HTML for the page has nothing secret, the only things we have to work with are the name in the QR code, and the sequence of numbers. Performing a Google search for Leonardo Pisano Bigollo brings up the Wikipedia entry for Fibonacci as its first result. Reading through the article explains that Leonardo Pisano Bigollo is commonly referred to as 'Fibonacci'. A section of the article covers the Fibonacci Sequence, which begins with the numbers listed on the Post-it note in the page's image.
Now that we know the significance of the numbers, what are we to do with them? This level's page features a text input field, with a button beside it that is labelled "What's next?" Turning our attention back to the Post-it note, we can see that the sequence ends with an ellipses. According to the Wikipedia article, the next number in the sequence is 3. Trying that, we are told we are "Getting warmer...". Continuing with the sequence, entering the number 5, we are told "Getting hot!". Finally, entering the number 8, we are told "The next level is here."
It's interesting to note that this level can be solved quickly by simply entering random numbers sequentially, which is how many people solved it.
Easter Eggs
As a result of this level accepting input, it has quite a lot of easter eggs. Several numbers in the Fibonacci Sequence have been given responses, as have some nearby numbers:
- 0: "Hey, that was on the sticky note."
- 1: "There are two ones."
- 2: "Yup, 2 is something."
- 3: "Getting warmer..."
- 4: "Stop being random."
- 5: "Getting hot!"
- 8: "The next level is here."
- 9: "I am not sure if you are still being random."
- 13: "Too far!"
- 21: "Seriously, go back."
- 34: "Nothing to see here."
- 55: "This is not funny anymore."
- 89: "Go to the next level already!"
- 144: "<insert clever quip here>"
- 233: "I ran out of jokes, so you are on your own."
Numbers which do not have an assigned message respond with "lol wut?".
Statistics
65 usernames are currently on this level.
Level 4
The fourth level is the last of the introductory levels, which we found that people tended to blast through and not talk about. The page's components are:
- URL path: 2011/04-weneedsomething/levelfhour.php.
- Page title: Oddly, this page doesn't have a title.
- The QR code contains the URL for the Wikipedia page for Cryptograms.
- The image for this level is obviously not related to this level, as it's from the Flickr stream.
This level appears to be another level based in cryptography, similar to the second level. The page explicitly states that we need to find the author of the large, encrypted document that's displayed. We know that it's encrypted using the cryptogram method, meaning that it's a substitution cipher. At the top of the ciphertext, we can clearly see that the document is dated. At the bottom of the ciphertext, there is no signature for the author. This indicates that once the text has been deciphered, we are expected to either recognize the author on our own, or be able to find it. Though we could solve the cryptogram by hand fairly quickly, there are web-based cryptogram solvers on the Internet. Choosing one of these solvers, and giving it the first paragraph of ciphertext:
Kyiepcd iyc oie vkgope eimkf, he'l kss iwcd epc jkjcdl. "Eccykocd Kddclecm hy Vizjgecd Vdhzc Lvkymks", "Pkvrcd Kddclecm knecd Xkyr Ekzjcdhyo"...
we get the following plaintext:
Another one got caught today, it's all over the papers. "Teenager Arrested in Computer Crime Scandal", "Hacker Arrested after Bank Tampering"...
Performing a Google search for "Another one got caught today" quickly informs us that this text is from The Hacker Manifesto and the name, technically the handle, of the author is The Mentor. Adding this into the URL template given on the page leads us to the next level.
Interesting Wrong Answers
- *
- Many SQL injection attacks in the URL
- <some famous author>
- Loyd Blankenship, The Mentor's real name
- Picard
- Michael Jackson
- Morgan, as in 2011/05-imthecaptain/morgan.php
- Grand Funk Railroad, who have a song I'm Your Captain
- Run DMC
- Hamilton
- Brian Kulyk, the photographer for most of the challenge
- William Shakespeare
- Herman Melville
- Charles Dickens
- Voltaire
- McEvoy
- Dennis Bellinger, the bass guitarist for Grand Funk Railroad from 1981–1983
- Adam L. Beberg, the founder of Mithral
- Larry McMurtry
- Michael Folie
- William Henley
- Kevin Mitnick
- Aaron Swartz
- Jorge Luis Borges
- H.P. Lovecraft
- Bruce Sterling
- George Orwell
- John Perry Barlow
- Long John Silver
- Samuel Coleridge
- George Lucas
- Edgar Allan Poe
- Penn Badgley
- William Shatner
- Storm Jameson
- Anne Frank
- Mark Farner, the lead singer and guitarist for Grand Funk Railroad
- Chad Bechard
- Tom Clancy
- Orson Scott Card
- Caesar
Additionally, there is a long string of authors that was likely the result of an automated dictionary-based crawl. Many people, either ignoring the template or out of desperation, tried many of the above author's names in the fourth level's URL.
Easter Eggs
While not really an easter egg, it should be mentioned that through the use of redirects, we enabled about a dozen versions of the author's name to be acceptable in the URL template.
Statistics
100 usernames are currently on this level.
Level 5
The second level is where the fun begins. Let's start off with an overview of the page's components:
- URL path: '.
- Page title: "'"s.
- The QR code contains the URL for the Wikipedia page for [].
- The image for this level is obviously not related to this level, as it's from the Flickr stream.
Interesting Wrong Answers
Statistics
??? usernames are currently on this level.
Level 6
The second level is where the fun begins. Let's start off with an overview of the page's components:
- URL path: '.
- Page title: "'"s.
- The QR code contains the URL for the Wikipedia page for [].
- The image for this level is obviously not related to this level, as it's from the Flickr stream.
Interesting Wrong Answers
Statistics
??? usernames are currently on this level.
Level 7
The second level is where the fun begins. Let's start off with an overview of the page's components:
- URL path: '.
- Page title: "'"s.
- The QR code contains the URL for the Wikipedia page for [].
- The image for this level is obviously not related to this level, as it's from the Flickr stream.
Interesting Wrong Answers
Statistics
??? usernames are currently on this level.
Level 8
The second level is where the fun begins. Let's start off with an overview of the page's components:
- URL path: '.
- Page title: "'"s.
- The QR code contains the URL for the Wikipedia page for [].
- The image for this level is obviously not related to this level, as it's from the Flickr stream.
Interesting Wrong Answers
Statistics
??? usernames are currently on this level.
Level 9
The second level is where the fun begins. Let's start off with an overview of the page's components:
- URL path: '.
- Page title: "'"s.
- The QR code contains the URL for the Wikipedia page for [].
- The image for this level is obviously not related to this level, as it's from the Flickr stream.
Interesting Wrong Answers
Statistics
??? usernames are currently on this level.
Level 10
This level was the second major stumbling block among the players. It's notable for having four images instead of one, and being based on something in the city.
- URL path: /2011/10-roflcopters/onmylawn.php.
- Page title: "Find Billy's nickname"s.
- The QR code contains the URL for the Wikipedia page for calculating the intersections of lines.
- The images for this level were taken specifically for this level.
Below the images, there is the text "X marks the spot", reminiscent of treasure maps. There's also a little bit of encouragement in the HTML:
<!-- billy got turned to stone -->
So if this level is about a map, where is it? A Winnipegger might be able to place three of the pictures on the page, but a solitary lamppost with no other landmarks isn't recognizable. The logical leap required is to get further is to realize that we've given you four separate image files instead of one file containing four images. There are ways to embed the location a photo was taken, the GPS coordinates, in a file's metadata. Pulling the GPS coordinates out of the files gives:
(49.941250, -97.206192) | (49.889153, -97.128502) | |
X | ||
(49.886658, -97.164833) | (49.864323, -97.124481) |
Asking Wolfram Alpha to do the math for us:
line through (49.941250, -97.206192) and (49.864323, -97.124481) and line through (49.886658, -97.164833) and (49.889153, -97.128502)
We are told that the intersection occurs at (49.8877, -97.1493).
Using Google Maps to draw the points (purple pins) and their intersection, and comparing it against the computed intersection (red pin), as well as the the location that we actually intended (green pin) looks like:
Using Google Street Map around there shows mostly open grassy areas between roads. Many of the grassy areas have statues. The HTML for the page also said:
<!-- billy got turned to stone -->
So, how do we find out which statue is "Billy"? The easy answer is to go there. For the out-of-town players, that wasn't really an option. Instead, with enough web searching, you can eventually find a query that will tell you what you want to know. In fact, if you intuit a few things, you'll find the first result on Google for:
winnipeg statue billy
Gives a link to the Wikipedia page on Sir William Stephenson, whose codename was "intrepid".
Interesting Wrong Answers
The wrong answers included the usual SQL injection attacks, XSS attacks, as well as street addresses and GPS coordinates:
- $NICKNAME
- 007
- 320x240, the size of each of the four images
- 4 SQUARE
- A. A. MILNE
- ACE
- AIRMAN
- ALBERT RIEZEBOS
- ALL THAT REMAINS
- AMABLE GIRARD
- AMICI
- ANDREW MYNARSKI
- ASH KETCHUM
- ASLAN
- ATLAS
- AXON
- AYREON
- BABY BUDD
- BACARDI
- BASILISK
- BEAR
- BEARS ON BROADWAY
- BERTRAM
- BIFFY
- BIG M
- BILL
- BILL YORK
- BILLY BEAR
- BILLY BISHOP
- BILLY BOSH
- BILLY BOB
- BILLY BONES
- BILLY FOX
- BILLY IDOL
- BILLY MCCANN
- BILLY STEPHENSON
- BILLY THE GOLDEN BOY
- BILLY THE KID
- BILLY YOUNG
- BISONS
- BOND
- BONES
- CAREBEAR
- CENOTAPH
- CIRCLE AROUND THE DOT
- CITY HYDRO FOUNTAIN
- GAS CAN BILLY
- NIKE, due to the "'JUST DO IT'" button
- THE BRITISH BULLDOG
- WEE WILLIE
- WILD BILL
- YOUNG BILLY
- ZEROCOOL
Statistics
??? usernames are currently on this level.
Level 11
The second level is where the fun begins. Let's start off with an overview of the page's components:
- URL path: '.
- Page title: "'"s.
- The QR code contains the URL for the Wikipedia page for [].
- The image for this level is obviously not related to this level, as it's from the Flickr stream.
Interesting Wrong Answers
Statistics
??? usernames are currently on this level.
Level 12
The second level is where the fun begins. Let's start off with an overview of the page's components:
- URL path: '.
- Page title: "'"s.
- The QR code contains the URL for the Wikipedia page for [].
- The image for this level is obviously not related to this level, as it's from the Flickr stream.
Interesting Wrong Answers
Statistics
??? usernames are currently on this level.
Level 13
The second level is where the fun begins. Let's start off with an overview of the page's components:
- URL path: '.
- Page title: "'"s.
- The QR code contains the URL for the Wikipedia page for [].
- The image for this level is obviously not related to this level, as it's from the Flickr stream.
Interesting Wrong Answers
Statistics
??? usernames are currently on this level.
Level 14
The second level is where the fun begins. Let's start off with an overview of the page's components:
- URL path: '.
- Page title: "'"s.
- The QR code contains the URL for the Wikipedia page for [].
- The image for this level is obviously not related to this level, as it's from the Flickr stream.
Interesting Wrong Answers
Statistics
??? usernames are currently on this level.
Level 15
The second level is where the fun begins. Let's start off with an overview of the page's components:
- URL path: '.
- Page title: "'"s.
- The QR code contains the URL for the Wikipedia page for [].
- The image for this level is obviously not related to this level, as it's from the Flickr stream.
Interesting Wrong Answers
Statistics
??? usernames are currently on this level.
Level 16
The final level took almost no time to make, but took the most time to test.
- URL path: /2011/16-gameover/orisit.php.
- Page title: "s/php/ips"s.
- The QR code contains the URL for the Wikipedia page for an IPS patcher.
- The image for this level is a screenshot of Super Mario Bros. with additional text at the top that says "BEAT A CASTLE".
The IPS file format is used to distribute patches to ROMs. The QR code links to a program that can apply IPS files. The title of the page indicates that if you change the URL from PHP to IPS you will be taken to the file. Getting the ROM itself is an exercise left to the reader. Since we don't provide the ROM, for legal reasons, in the HTML there is a way to check that whatever ROM you get is the right one:
<!-- MD5 (Super Mario Bros. + Duck Hunt (U).nes) = 1306a0286248a0851005464d7ec8d785 -->
When making this level, we tested to ensure that every castle would display the message. That was awesome.
Upon beating any castle in the game, you will be given the username "TOAD" and the password "CAKE".
Interesting Wrong Answers
The first group of wrong answers are for URLs:
- BEATACASTLE
- passwd
- shadow
- s/php/ips
The second group of wrong answers are for the input boxes:
- "MARIO" / "ROOK"
- "MUSI" / "MAWIJO"
- "' OR 1=1--" / "' OR 1=1--"
- "BEAT" / "ACASTLE"
- "BEAT" / "MALIGNUS"
- "CAS" / "TLE"
- "DUCK" / "HUNT"
- "OUR PRINCESS IS IN ANOTHER CASTLE" / "OUR PRINCESS IS IN ANOTHER CASTLE"
- "TOAD" / "STOOL"
- "WORLD" / "TIME"
Statistics
??? usernames are currently on this level.
Level 17
This level was made to be a lame red herring pretending to be the end of the challenge.
Looking at the HTML for the page, which is nearly the bare minimum, you'll see:
See you again <!--hint-->next year<!--/hint-->
A bit blunt, but that's what we were going for. Thankfully, nobody that made it this far into the challenge failed to get to the next level.
Statistics
13 usernames made it to this level.
Hall Of Fame
The Hall Of Fame has no image.
This is the true end of the SkullSpace 2011 Challenge. Impressively, before the end of the first day, sitting in the King's Head pub, Burke Libbey and eqdw completed the challenge. Their dedication was beyond anything we had expected, braving the harsh Winnipeg winter to visit some of the sites pictured in Level 10.
The Hall Of Fame shall remain as it is, no more names are eligible for inclusion. The IRC channel has long been vacant, since nobody has gotten near the end of the challenge in eight months as I write this.
Statistics
13 usernames made it to this level.