2011 Challenge Walkthrough
For those of you that may not know, last February SkullSpace published a challenge on the Internet. The challenge can be found here. You should really try to get through the first four levels, which we consider to be the introductory levels, before continuing reading this.
DO NOT ADD NEW LEVELS ON YOUR OWN, WE WILL BE RELEASING NEW INFORMATION GRADUALLY.
SPOILERS AHEAD. YOU HAVE BEEN WARNED.
Contents
Level 1:
The first level, accessed by clicking the above image, is a complete freebie. Progressing to level 2 is as simple as clicking on a link found on the level's page. This level is important because it introduces several concepts:
- The path in the URL for this level is a nonsensical phrase that combines the year and the level number. This level's path is 2011/0'1-level/secretchallenge.php. This prevents the URL of levels from being guessed.
- The image that is the central focus of the level's page is a random photo taken from a friend's Flickr page. The filename of the image is hash, preventing the URLs for images from being guessed. The directory in which the images reside cannot be listed, either.
- The HTML that makes up the page should be examined on every level, since it may contain clues or jokes. See below for an example.
- The favicon for this level appears in most browsers to be random black dots on a white background. Looking at the icon in full detail shows it to be a QR code. Running the QR code through ZXing.com reveals the text "OUR PRINCESS IS IN ANOTHER CASTLE!", which is a line from the NES game Super Mario Bros.
- The title of the page, which is simply "Welcome".
Easter Eggs:
The only easter egg in this level is found in the HTML:
You should feel good about yourself. Try to remember that feeling.</p> <p>The feeling may not last long. <!--That's what SHE said!--></p>
For those of you unfamiliar with the joke, please put your hands in the air, and slowly back away from the Internet.
Interesting Wrong Answers:
Considering that the next level is reached by clicking a link, I find it amusing that players were still suspicious enough to be looking around for other solutions. Here are some URLs they attempted:
- /2011/01-hail
- /2011/01-level/favicon.ico
- /2011/01-cow
- /2011/01-start
- /2011/01-Beginning
- /2011/011235813, the significance of which becomes apparent in the third level
Identification
When attempting, for the first time, to access any level beyond 1, you will be asked for your name. We use this to track the level each player is on, and for no other nefarious purposes.
Level 2:
The second level is where the fun begins. Let's start off with an overview of the page's components:
- URL path: 2011/02-hail/humblebeginning.php. The "hail" is a reference to "Hail Caesar!".
- Page title: "You don't make friends with salad", which is a line from an episode of The Simpsons.
- The QR code contains the URL for the Wikipedia page for the Caesar Cipher.
- The image for this level is obviously not related to this level, as it's from the Flickr stream.
Looking at the page's text, it explicitly states that we should check the HTML, where we find:
<!-- uggc://jjj.fxhyyfcnpr.arg/2011/03-vfncnegl/fefofaf.cuc -->
Since the favicon links to the Caesar Cipher, it's fairly obvious that we should use that to decode what appears to be a URL. Since the Caesar Cipher is a substitution cipher, and more specifically a shift cipher, we'll need to figure out the 'key'. Thankfully, we know the majority of the URL should be something along the lines of:
<!-- http://www.skullspace.net/2011/03-????????/???????.php -->
we have more than enough information to discover the key. In fact, there are very few keys possible in the Caesar Cipher, so we could easily have tried them all. Subtracting the first character ('h' = 8) of the plaintext from the first character of the ciphertext ('u' = 21) gives us 13. A key of 13 is special in this cipher, and is known as ROT13. The important thing about this cipher is that it's popular in computer culture as a type of obfuscation, and there are websites that allow you to encode/decode text as ROT13. One such website gives us the text:
<!-- http://www.skullspace.net/2011/03-isaparty/srsbsns.php -->
Navigating to the above URL gets us to the next level.
Interesting Wrong Answers:
It's interesting to look at what people have tried to get to the next level. Below are a list of URLs that people have tried:
- /2011/02-hail/transformers.php, due to the "More than meets the eye" reference
- /2011/02-hail/ceasar
- /2011/03-hail
Most other attempts were made with URLs that were completely decrypted incorrectly, had one letter wrong in the decryption, or had random casing on the letters.
Statistics:
451 usernames are currently on this level.
Level 3
The third level is the first in a series of levels, as will become clear later. The page's components are:
- URL path: 2011/03-isaparty/srsbsns.php. The title refers to the saying that two's a party, but three is a crowd. We disagree. Additionally, srsbsns (serious business) is a sarcastic saying often used in our IRC channels, popularized by Tweek.
- Page title: "You're an idiom!", comes from my wife asking me after I had used the word 'idiom' in a conversation, what it meant. I responded as the title says, in a stupid voice.
- The QR code contains the text "Leonardo Pisano Bigollo".
- The image for this level isn't very scenic, which indicates that it's relevant to the level.
Since the HTML for the page has nothing secret, the only things we have to work with are the name in the QR code, and the sequence of numbers. Performing a Google search for Leonardo Pisano Bigollo brings up the Wikipedia entry for Fibonacci as its first result. Reading through the article explains that Leonardo Pisano Bigollo is commonly referred to as 'Fibonacci'. A section of the article covers the Fibonacci Sequence, which begins with the numbers listed on the Post-it note in the page's image.
Now that we know the significance of the numbers, what are we to do with them? This level's page features a text input field, with a button beside it that is labelled "What's next?" Turning our attention back to the Post-it note, we can see that the sequence ends with an ellipses. According to the Wikipedia article, the next number in the sequence is 3. Trying that, we are told we are "Getting warmer...". Continuing with the sequence, entering the number 5, we are told "Getting hot!". Finally, entering the number 8, we are told "The next level is here."
It's interesting to note that this level can be solved quickly by simply entering random numbers sequentially, which is how many people solved it.
Easter Eggs:
As a result of this level accepting input, it has quite a lot of easter eggs. Several numbers in the Fibonacci Sequence have been given responses, as have some nearby numbers:
- 0: "Hey, that was on the sticky note."
- 1: "There are two ones."
- 2: "Yup, 2 is something."
- 3: "Getting warmer..."
- 4: "Stop being random."
- 5: "Getting hot!"
- 8: "The next level is here."
- 9: "I am not sure if you are still being random."
- 13: "Too far!"
- 21: "Seriously, go back."
- 34: "Nothing to see here."
- 55: "This is not funny anymore."
- 89: "Go to the next level already!"
- 144: "<insert clever quip here>"
- 233: "I ran out of jokes, so you are on your own."
Numbers which do not have an assigned message respond with "lol wut?".
Statistics:
65 usernames are currently on this level.
Level 4:
The fourth level is the last of the introductory levels, which we found that people tended to blast through and not talk about. The page's components are:
- URL path: 2011/04-weneedsomething/levelfhour.php.
- Page title: Oddly, this page doesn't have a title.
- The QR code contains the URL for the Wikipedia page for Cryptograms.
- The image for this level is obviously not related to this level, as it's from the Flickr stream.
This level appears to be another level based in cryptography, similar to the second level. The page's explicitly states that we need to find the author of the large, encrypted document that's displayed. We know that it's encrypted using the cryptogram method, meaning that it's a substitution cipher. At the top of the ciphertext, we can clearly see that the document is dated. At the bottom of the ciphertext, there is no signature for the author. This indicates that once the text has been deciphered, we are expected to either recognize the author on our own, or be able to find it. Though we could solve the cryptogram by hand fairly quickly, there are web-based cryptogram solvers on the Internet. Choosing one of these solvers, and giving it the first paragraph of ciphertext:
Kyiepcd iyc oie vkgope eimkf, he'l kss iwcd epc jkjcdl. "Eccykocd Kddclecm hy Vizjgecd Vdhzc Lvkymks", "Pkvrcd Kddclecm knecd Xkyr Ekzjcdhyo"...
we get the following plaintext:
Another one got caught today, it's all over the papers. "Teenager Arrested in Computer Crime Scandal", "Hacker Arrested after Bank Tampering"...
Performing a Google search for "Another one got caught today" quickly informs us that this text is from The Hacker Manifesto and the name, technically the handle, of the author is The Mentor. Adding this into the URL template given on the page leads us to the next level.
Interesting Wrong Answers:
- *
- Many SQL injection attacks in the URL
- <some famous author>
- Loyd Blankenship, The Mentor's real name
- Picard
- Michael Jackson
- Morgan, as in 2011/05-imthecaptain/morgan.php
- Grand Funk Railroad, who have a song "I'm Your Captain"
- Run DMC
- Hamilton
- Brian Kulyk
- William Shakespeare
- Herman Melville
- Charles Dickens
- Voltaire
- McEvoy
- Dennis Bellinger
- Adam L. Beberg
- Larry McMurtry
- Michael Folie
- William Henley
- Kevin Mitnick
- Aaron Swartz
- Jorge Luis Borges
- H.P. Lovecraft
- Sterling
- George Orwell
- John Perry Barlow
- Long John Silver
- Samuel Coleridge
- George Lucas
- Edgar Allan Poe
- Penn Bagdley
- William Shatner
- Storm Jameson
- Anne Frank
- Mark Farner
- Chad Bechard
- Tom Clancy
- Orson Scott Card
- Caesar
Additionally, there is a long string of authors that was likely the result of an automated dictionary-based crawl. Many people, either ignoring the template or out of desperation, tried many of the above author's names in the fourth level's URL.
Easter Eggs:
While not really an easter egg, it should be mentioned that through the use of redirects, we enabled about a dozen versions of the author's name to be acceptable in the URL template.
Statistics:
100 usernames are currently on this level.
Level 5:
In part 2 of this series of articles, we will start on the first real obstacle that players face. The most contentious, griped about level in the entire challenge: the chess level.