2011 Challenge Walkthrough

From SkullSpace Wiki
Revision as of 16:10, 6 August 2012 by Mogigoma (talk) (Level 10)
Jump to navigation Jump to search

For those of you that may not know, last February SkullSpace published a challenge on the Internet. The challenge can be found here. You should really try to get through the first four levels, which we consider to be the introductory levels, before continuing reading this.

DO NOT ADD NEW LEVELS ON YOUR OWN, WE WILL BE RELEASING NEW INFORMATION GRADUALLY.

SPOILERS AHEAD. YOU HAVE BEEN WARNED.

AS OF 2012-08-05 THE HALL OF FAME IS CLOSED TO NEW ENTRIES.

Level 1

Level 1

The first level, accessed by clicking the above image, is a complete freebie. Progressing to level 2 is as simple as clicking on a link found on the level's page. This level is important because it introduces several concepts:

  • The path in the URL for this level is a nonsensical phrase that combines the year and the level number. This level's path is 2011/01-level/secretchallenge.php. This prevents the URL of levels from being guessed.
  • The image that is the central focus of the level's page is a random photo taken from a friend's Flickr page. The filename of the image is hash, preventing the URLs for images from being guessed. The directory in which the images reside cannot be listed, either.
  • The HTML that makes up the page should be examined on every level, since it may contain clues or jokes. See below for an example.
  • The favicon for this level appears in most browsers to be random black dots on a white background. Looking at the icon in full detail shows it to be a QR code. Running the QR code through ZXing.com reveals the text "OUR PRINCESS IS IN ANOTHER CASTLE!", which is a line from the NES game Super Mario Bros.
  • The title of the page, which is simply "Welcome".

Easter Eggs

The only easter egg in this level is found in the HTML:

 You should feel good about yourself.  Try to remember that feeling.</p>
 <p>The feeling may not last long. <!--That's what SHE said!--></p>

For those of you unfamiliar with the joke, please put your hands in the air, and slowly back away from the Internet.

Interesting Wrong Answers

Considering that the next level is reached by clicking a link, I find it amusing that players were still suspicious enough to be looking around for other solutions. Here are some URLs they attempted:

  • /2011/01-hail
  • /2011/01-level/favicon.ico
  • /2011/01-cow
  • /2011/01-start
  • /2011/01-Beginning
  • /2011/011235813, the significance of which becomes apparent in the third level

Identification

When attempting, for the first time, to access any level beyond 1, you will be asked for your name. We use this to track the level each player is on, and for no other nefarious purposes.

Level 2

Level 2

The second level is where the fun begins. Let's start off with an overview of the page's components:

  • URL path: 2011/02-hail/humblebeginning.php. The "hail" is a reference to "Hail Caesar!".
  • Page title: "You don't make friends with salad", which is a line from an episode of The Simpsons.
  • The QR code contains the URL for the Wikipedia page for the Caesar Cipher.
  • The image for this level is obviously not related to this level, as it's from the Flickr stream.

Looking at the page's text, it explicitly states that we should check the HTML, where we find:

 <!-- uggc://jjj.fxhyyfcnpr.arg/2011/03-vfncnegl/fefofaf.cuc -->

Since the favicon links to the Caesar Cipher, it's fairly obvious that we should use that to decode what appears to be a URL. Since the Caesar Cipher is a substitution cipher, and more specifically a shift cipher, we'll need to figure out the 'key'. Thankfully, we know the majority of the URL should be something along the lines of:

 <!-- http://www.skullspace.net/2011/03-????????/???????.php -->

we have more than enough information to discover the key. In fact, there are very few keys possible in the Caesar Cipher, so we could easily have tried them all. Subtracting the first character ('h' = 8) of the plaintext from the first character of the ciphertext ('u' = 21) gives us 13. A key of 13 is special in this cipher, and is known as ROT13. The important thing about this cipher is that it's popular in computer culture as a type of obfuscation, and there are websites that allow you to encode/decode text as ROT13. One such website gives us the text:

 <!-- http://www.skullspace.net/2011/03-isaparty/srsbsns.php -->

Navigating to the above URL gets us to the next level.

Interesting Wrong Answers

It's interesting to look at what people have tried to get to the next level. Below are a list of URLs that people have tried:

  • /2011/02-hail/transformers.php, due to the "More than meets the eye" reference
  • /2011/02-hail/ceasar
  • /2011/03-hail

Most other attempts were made with URLs that were completely decrypted incorrectly, had one letter wrong in the decryption, or had random casing on the letters.

Statistics

451 usernames are currently on this level.

Level 3

Level 3

The third level is the first in a series of levels, as will become clear later. The page's components are:

  • URL path: 2011/03-isaparty/srsbsns.php. The title refers to the saying that two's a party, but three is a crowd. We disagree. Additionally, srsbsns (serious business) is a sarcastic saying often used in our IRC channels, popularized by Tweek.
  • Page title: "You're an idiom!", comes from Mak's wife asking him after he had used the word 'idiom' in a conversation, what it meant. He responded as the title says, in a stupid voice.
  • The QR code contains the text "Leonardo Pisano Bigollo".
  • The image for this level isn't very scenic, which indicates that it's relevant to the level.

Since the HTML for the page has nothing secret, the only things we have to work with are the name in the QR code, and the sequence of numbers. Performing a Google search for Leonardo Pisano Bigollo brings up the Wikipedia entry for Fibonacci as its first result. Reading through the article explains that Leonardo Pisano Bigollo is commonly referred to as 'Fibonacci'. A section of the article covers the Fibonacci Sequence, which begins with the numbers listed on the Post-it note in the page's image.

Now that we know the significance of the numbers, what are we to do with them? This level's page features a text input field, with a button beside it that is labelled "What's next?" Turning our attention back to the Post-it note, we can see that the sequence ends with an ellipses. According to the Wikipedia article, the next number in the sequence is 3. Trying that, we are told we are "Getting warmer...". Continuing with the sequence, entering the number 5, we are told "Getting hot!". Finally, entering the number 8, we are told "The next level is here."

It's interesting to note that this level can be solved quickly by simply entering random numbers sequentially, which is how many people solved it.

Easter Eggs

As a result of this level accepting input, it has quite a lot of easter eggs. Several numbers in the Fibonacci Sequence have been given responses, as have some nearby numbers:

  • 0: "Hey, that was on the sticky note."
  • 1: "There are two ones."
  • 2: "Yup, 2 is something."
  • 3: "Getting warmer..."
  • 4: "Stop being random."
  • 5: "Getting hot!"
  • 8: "The next level is here."
  • 9: "I am not sure if you are still being random."
  • 13: "Too far!"
  • 21: "Seriously, go back."
  • 34: "Nothing to see here."
  • 55: "This is not funny anymore."
  • 89: "Go to the next level already!"
  • 144: "<insert clever quip here>"
  • 233: "I ran out of jokes, so you are on your own."

Numbers which do not have an assigned message respond with "lol wut?".

Statistics

65 usernames are currently on this level.

Level 4

Level 4

The fourth level is the last of the introductory levels, which we found that people tended to blast through and not talk about. The page's components are:

  • URL path: 2011/04-weneedsomething/levelfhour.php.
  • Page title: Oddly, this page doesn't have a title.
  • The QR code contains the URL for the Wikipedia page for Cryptograms.
  • The image for this level is obviously not related to this level, as it's from the Flickr stream.

This level appears to be another level based in cryptography, similar to the second level. The page explicitly states that we need to find the author of the large, encrypted document that's displayed. We know that it's encrypted using the cryptogram method, meaning that it's a substitution cipher. At the top of the ciphertext, we can clearly see that the document is dated. At the bottom of the ciphertext, there is no signature for the author. This indicates that once the text has been deciphered, we are expected to either recognize the author on our own, or be able to find it. Though we could solve the cryptogram by hand fairly quickly, there are web-based cryptogram solvers on the Internet. Choosing one of these solvers, and giving it the first paragraph of ciphertext:

 Kyiepcd iyc oie vkgope eimkf, he'l kss iwcd epc jkjcdl. "Eccykocd Kddclecm hy
 Vizjgecd Vdhzc Lvkymks", "Pkvrcd Kddclecm knecd Xkyr Ekzjcdhyo"...

we get the following plaintext:

 Another one got caught today, it's all over the papers. "Teenager Arrested in
 Computer Crime Scandal", "Hacker Arrested after Bank Tampering"...

Performing a Google search for "Another one got caught today" quickly informs us that this text is from The Hacker Manifesto and the name, technically the handle, of the author is The Mentor. Adding this into the URL template given on the page leads us to the next level.

Interesting Wrong Answers

Additionally, there is a long string of authors that was likely the result of an automated dictionary-based crawl. Many people, either ignoring the template or out of desperation, tried many of the above author's names in the fourth level's URL.

Easter Eggs

While not really an easter egg, it should be mentioned that through the use of redirects, we enabled about a dozen versions of the author's name to be acceptable in the URL template.

Statistics

100 usernames are currently on this level.

Level 5

Level 5

The second level is where the fun begins. Let's start off with an overview of the page's components:

  • URL path: '.
  • Page title: "'"s.
  • The QR code contains the URL for the Wikipedia page for [].
  • The image for this level is obviously not related to this level, as it's from the Flickr stream.

Interesting Wrong Answers

Statistics

??? usernames are currently on this level.


Level 6

Level 6

The second level is where the fun begins. Let's start off with an overview of the page's components:

  • URL path: '.
  • Page title: "'"s.
  • The QR code contains the URL for the Wikipedia page for [].
  • The image for this level is obviously not related to this level, as it's from the Flickr stream.

Interesting Wrong Answers

Statistics

??? usernames are currently on this level.

Level 7

Level 7

The second level is where the fun begins. Let's start off with an overview of the page's components:

  • URL path: '.
  • Page title: "'"s.
  • The QR code contains the URL for the Wikipedia page for [].
  • The image for this level is obviously not related to this level, as it's from the Flickr stream.

Interesting Wrong Answers

Statistics

??? usernames are currently on this level.

Level 8

Level 8

The second level is where the fun begins. Let's start off with an overview of the page's components:

  • URL path: '.
  • Page title: "'"s.
  • The QR code contains the URL for the Wikipedia page for [].
  • The image for this level is obviously not related to this level, as it's from the Flickr stream.

Interesting Wrong Answers

Statistics

??? usernames are currently on this level.

Level 9

Level 9

The second level is where the fun begins. Let's start off with an overview of the page's components:

  • URL path: '.
  • Page title: "'"s.
  • The QR code contains the URL for the Wikipedia page for [].
  • The image for this level is obviously not related to this level, as it's from the Flickr stream.

Interesting Wrong Answers

Statistics

??? usernames are currently on this level.

Level 10

Level 10 Level 10
Level 10 Level 10

This level was the second major stumbling block among the players. It's notable for having four images instead of one, and being based on something in the city.

  • URL path: /2011/10-roflcopters/onmylawn.php.
  • Page title: "Find Billy's nickname"s.
  • The QR code contains the URL for the Wikipedia page for calculating the intersections of lines.
  • The images for this level were taken specifically for this level.

Below the images, there is the text "X marks the spot", reminiscent of treasure maps. There's also a little bit of encouragement in the HTML:

 <!-- billy got turned to stone -->

So if this level is about a map, where is it? A Winnipegger might be able to place three of the pictures on the page, but a solitary lamppost with no other landmarks isn't recognizable. The logical leap required is to get further is to realize that we've given you four separate image files instead of one file containing four images. There are ways to embed the location a photo was taken, the GPS coordinates, in a file's metadata. Pulling the GPS coordinates out of the files gives:

(49.941250, -97.206192) (49.889153, -97.128502)
X
(49.886658, -97.164833) (49.864323, -97.124481)

Asking Wolfram Alpha to do the math for us:

 line through (49.941250, -97.206192) and (49.864323, -97.124481) and line through (49.886658, -97.164833) and (49.889153, -97.128502)

We are told that the intersection occurs at (49.8877, -97.1493).

Using Google Maps to draw the points (purple pins) and their intersection, and comparing it against the computed intersection (red pin), as well as the the location that we actually intended (green pin) looks like:

X almost marks the spot

Using Google Street Map around there shows mostly open grassy areas between roads. Many of the grassy areas have statues. The HTML for the page also said:

 <!-- billy got turned to stone -->

So, how do we find out which statue is "Billy"? The easy answer is to go there. For the out-of-town players, that wasn't really an option. Instead, with enough web searching, you can eventually find a query that will tell you what you want to know. In fact, if you intuit a few things, you'll find the first result on Google for:

 winnipeg statue billy

Gives a link to the Wikipedia page on Sir William Stephenson, whose codename was "intrepid".

Interesting Wrong Answers

The wrong answers included the usual SQL injection attacks, XSS attacks, as well as street addresses and GPS coordinates:

  • $NICKNAME
  • 007
  • 320x240, the size of each of the four images
  • 4 SQUARE
  • A. A. MILNE
  • ACE
  • AIRMAN
  • ALBERT RIEZEBOS
  • ALL THAT REMAINS
  • AMABLE GIRARD
  • AMICI
  • ANDREW MYNARSKI
  • ASH KETCHUM
  • ASLAN
  • ATLAS
  • AXON
  • AYREON
  • BABY BUDD
  • BACARDI
  • BASILISK
  • BEAR
  • BEARS ON BROADWAY
  • BERTRAM
  • BIFFY
  • BIG M
  • BILL
  • BILL YORK
  • BILLY BEAR
  • BILLY BISHOP
  • BILLY BOSH
  • BILLY BOB
  • BILLY BONES
  • BILLY FOX
  • BILLY IDOL
  • BILLY MCCANN
  • BILLY STEPHENSON
  • BILLY THE GOLDEN BOY
  • BILLY THE KID
  • BILLY YOUNG
  • BISONS
  • BOND
  • BONES
  • CAREBEAR
  • CENOTAPH
  • CIRCLE AROUND THE DOT
  • CITY HYDRO FOUNTAIN
  • GAS CAN BILLY
  • NIKE, due to the "'JUST DO IT'" button
  • THE BRITISH BULLDOG
  • WEE WILLIE
  • WILD BILL
  • YOUNG BILLY
  • ZEROCOOL

Statistics

??? usernames are currently on this level.

Level 11

Level 11

The second level is where the fun begins. Let's start off with an overview of the page's components:

  • URL path: '.
  • Page title: "'"s.
  • The QR code contains the URL for the Wikipedia page for [].
  • The image for this level is obviously not related to this level, as it's from the Flickr stream.

Interesting Wrong Answers

Statistics

??? usernames are currently on this level.

Level 12

Level 12

The second level is where the fun begins. Let's start off with an overview of the page's components:

  • URL path: '.
  • Page title: "'"s.
  • The QR code contains the URL for the Wikipedia page for [].
  • The image for this level is obviously not related to this level, as it's from the Flickr stream.

Interesting Wrong Answers

Statistics

??? usernames are currently on this level.

Level 13

Level 13

The second level is where the fun begins. Let's start off with an overview of the page's components:

  • URL path: '.
  • Page title: "'"s.
  • The QR code contains the URL for the Wikipedia page for [].
  • The image for this level is obviously not related to this level, as it's from the Flickr stream.

Interesting Wrong Answers

Statistics

??? usernames are currently on this level.

Level 14

Level 14

The second level is where the fun begins. Let's start off with an overview of the page's components:

  • URL path: '.
  • Page title: "'"s.
  • The QR code contains the URL for the Wikipedia page for [].
  • The image for this level is obviously not related to this level, as it's from the Flickr stream.

Interesting Wrong Answers

Statistics

??? usernames are currently on this level.

Level 15

Level 15

The second level is where the fun begins. Let's start off with an overview of the page's components:

  • URL path: '.
  • Page title: "'"s.
  • The QR code contains the URL for the Wikipedia page for [].
  • The image for this level is obviously not related to this level, as it's from the Flickr stream.

Interesting Wrong Answers

Statistics

??? usernames are currently on this level.

Level 16

Level 16

The final level took almost no time to make, but took the most time to test.

  • URL path: /2011/16-gameover/orisit.php.
  • Page title: "s/php/ips"s.
  • The QR code contains the URL for the Wikipedia page for an IPS patcher.
  • The image for this level is a screenshot of Super Mario Bros. with additional text at the top that says "BEAT A CASTLE".

The IPS file format is used to distribute patches to ROMs. The QR code links to a program that can apply IPS files. The title of the page indicates that if you change the URL from PHP to IPS you will be taken to the file. Getting the ROM itself is an exercise left to the reader. Since we don't provide the ROM, for legal reasons, in the HTML there is a way to check that whatever ROM you get is the right one:

 <!-- MD5 (Super Mario Bros. + Duck Hunt (U).nes) = 1306a0286248a0851005464d7ec8d785 -->

When making this level, we tested to ensure that every castle would display the message. That was awesome.

Upon beating any castle in the game, you will be given the username "TOAD" and the password "CAKE".

Interesting Wrong Answers

The first group of wrong answers are for URLs:

  • BEATACASTLE
  • passwd
  • shadow
  • s/php/ips

The second group of wrong answers are for the input boxes:

  • "MARIO" / "ROOK"
  • "MUSI" / "MAWIJO"
  • "' OR 1=1--" / "' OR 1=1--"
  • "BEAT" / "ACASTLE"
  • "BEAT" / "MALIGNUS"
  • "CAS" / "TLE"
  • "DUCK" / "HUNT"
  • "OUR PRINCESS IS IN ANOTHER CASTLE" / "OUR PRINCESS IS IN ANOTHER CASTLE"
  • "TOAD" / "STOOL"
  • "WORLD" / "TIME"

Statistics

??? usernames are currently on this level.

Level 17

Level 17 has no image.

This level was made to be a lame red herring pretending to be the end of the challenge.

Looking at the HTML for the page, which is nearly the bare minimum, you'll see:

 See you again <!--hint-->next year<!--/hint-->

A bit blunt, but that's what we were going for. Thankfully, nobody that made it this far into the challenge failed to get to the next level.

Statistics

13 usernames made it to this level.

Hall Of Fame

The Hall Of Fame has no image.

This is the true end of the SkullSpace 2011 Challenge. Impressively, before the end of the first day, sitting in the King's Head pub, Burke Libbey and eqdw completed the challenge. Their dedication was beyond anything we had expected, braving the harsh Winnipeg winter to visit some of the sites pictured in Level 10.

The Hall Of Fame shall remain as it is, no more names are eligible for inclusion. The IRC channel has long been vacant, since nobody has gotten near the end of the challenge in eight months as I write this.

Statistics

13 usernames made it to this level.