Press "Enter" to skip to content

Hacky Easter 2017 Teaser Challenge Solution

Hi fellows,

Some weeks ago the Hacky Easter Challenge Teaser has been published as a warmup to the Hacky Easter challenge. In this post I want to guide you through the 16 riddles that have been asked there. As usual, if you haven’t solved all the riddles by now, you might prefer to solve them first before reading this post.

The task in this teaser was to decode each riddle and collect some fragments. In the end, those fragments has to be rearranged and then decoded in order to get the final solution. In total there are 16 riddles guarded by bunnies.

1. MBD2A !ysaep ,ysaE

This one just needs to be read in reversed order which gives you Easy, peasy! A2DBM

2. UGllY2Ugb2YgY2FrZSEgWlhHSUQ=

If you are familiar with such challenges then you probably immediately recognise that this is base64 encoded. Decoding it gives Piece of cake! ZXGID

3. One for free here: ERROR

This one looks too good to be true. Since it seems that we are collecting fragments of length 5 and ERROR is a fragment of length 5, this might one. However, if you have a closer look at the source code of the webpage, you will find a snippet of javascript that is in a transparent paragraph. It reveals another fragment XIZLS.

4. eval(function(p,a,c,k,e,d){e=function(c){return c};if(!''.replace(/^/,String)){while(c--){d=k||c}k=[function(e){return d[e]}];e=function(){return'\\w+'};c=1};while(c--){if(k){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k)}}return p}('0(\'1\');',2,2,'alert|VYGY6'.split('|'),0,{}))

This is also a javascript snipped which you can execute. Once executed, there will appear an alertbox saying VYGY6. (Having a closer look at the code already reveals this fragment)

5.3a3ea00cfc35332cedf6e5e9a32e94da
9d5ed678fe57bcca610140957afab571
f09564c9ca56850d4cd6b3319e541aee
5dbc98dcc983a70728bd082d1a47546e
7fc56270e7a70fa81a5935b72eacbe29

To be honest, it took me also a while until I found out how to decode this one. Once I have realised that this are 5 lines, I assumed that each line probably encodes one character of the fragment. And indeed, each line is the MD5-Hash of a character. Decoding each hash gives EBQSA.

6. --- -. . / -- --- .-. . / .... . .-. . ---... / .--- .- --- -- -.--

This was an easy one. It is obviously morse code and stands for ONE MORE HERE: JAOMY.

7. Hwldp wx, Euxwh! QYAVL

This one looks like it is shifted which points to the Caesar Cipher. Going through all the keys eventually revealed etiam tu, brute! NVXSI.

8. 84 97 107 101 32 116 104 105 115 58 32 71 89 53 84 70

These are just decimal numbers. Convert them into ASCII and you will get Take this: GY5TF.

9. Just a bit:
/2mi4AMj

The word ‘bit’ is a hint and points to the link shortener bit.ly. Appending the string below gives you a link bit.ly/2mi4AMj. Following the link gives you the next fragment 5DFME.

10. No comment.

There is obviously a comment in the source code of the website. It says A43JN.

11. ????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

Replacing every ghost with a 0 and every alien with a 1 gives you a binary string. Converting this string into ASCII reveals the next fragment: CONGRATS! N5XGK.

12. 697c611778601371647d12177e7d060572
3133333731333337313333373133333731

This one was also not that easy at first. I noticed that the second line is a repetition. Eventually I tried to xor them. Converting the result into ASCII gave XOR IS FUN! ON52C.

13.URER LBH TB: MJX4E

This again looks like it is shifted like number 7. Again trying the caesar cipher gave HERE YOU GO: ZWK4R. (It actually is a Rot-13)

14.89504E470D0A1A0A0000000D494844520000001D0000000708020000007BBCD1A5000000017352474200AECE1CE90
000000467414D410000B18F0BFC6105000000097048597300000EC300000EC301C76FA8640000001874455874536F
667477617265007061696E742E6E657420342E302E36FC8C63DF000001AA4944415428534D513DC8416118BD7E4A1
9180C0665A0582C8C7E22DF20C5480A130629060CF29792C16CB06293C82283C2F0C562540693C94F297F2983FB9D
EBF9BEDB77A673CE7DEE799FF3BE0CFB81C160904824C4098542C1E17098CDE672B90C399D4E9D4EA740208846A39
BCD2693C9300CF3F5079A29168B56ABD5E572B5DBEDDF5C954A85B9D3E944D2EBF5D66AB5DBEDF67EBF5BADD6EBF5
1A8D4676BB1D9F7ABD9EDFEF877FBFDFE3F1782E97BB5EAFF0B1473A9D063F1C0E1A8D86CB1D8FC7D8CBE3F1341A0
DC8C964A2502840FE83CF050987C3642693C96AB54A1C558810B8DC4824321C0E178B85CD66836C369BD80244A7D3
A194DBED7E3C1E8893CBE5E804743A1DEE57964DA552F57A1D64B7DB994C2632095CAE4C260B8542C160502A95AED
7EBC160100804E05F2E97E3F1882054E6F7DDEFF770CEE73378369BA5DCE7F3899B04E1C174BBDD582CF6FD01162F
954AD84EA9542E974B9A108BC5FF7301AD564B2F91CFE729174033BC1BF17EBFCFF87CBEF97C4E7ABBDDEAF57A90D
96C66341A3FA519FE5AD56A35A44824C2D99F71B652A9F0B9ABD5CA62B1604028142612891FA2F7838B729D41E800
00000049454E44AE426082

I have already seen similar things during some CTF challenges, therefore I knew that this was hex-encoded. Decoding it, storing the result in a file and opening it as an image gave the fragment AGBTC.

15.FRIDAY THE THIRTEENTH, 4:00 PM
/([FOR]*)([ID]{2})([^N]*)(.)(.*)/g
$2E$44

Notice that the second line describes a regular expression and half of the riddle is already done. Applying the regular expression on the first line and taking $2 and $4 as the second and the fourth group of the matching parts gives, together with the ‘E’ and the ‘4’ from the last line the fragment IDEN4.

16.<~<+oue+DGm>FD,5.CghC,+E)./+Ws0B9h&:~>

For me, this was really the hardest of all the riddles. After a long search I eventually found out that this string is ASCII85 encoded. Decoding it finally revealed the last fragment: This is the last one! DFMFZ.

We now have all of the 16 fragments. However, we are not done yet. The last task is to find the final string by reordering and decoding the fragments. First of all, I put each fragment next to each other

A2DBM ZXGID XIZLS VYGY6 EBQSA JAOMY NVXSI GY5TF 5DFME A43JN N5XGK ON52C ZWK4R AGBTC IDEN4 DFMFZ

Since it is specifically given that it is encoded, we have to find an appropriate encoding scheme. I noticed, that there are only numbers between 2 and 6 which made me think of base32, where only numbers from 2 to 7 are considered. With trial and error I finally found the right ordering and managed to decode it.

N5XGK IDEN4 ZXGID ON52C A43JN VYGY6 JAOMY GY5TF EBQSA 5DFME ZWK4R AGBTC A2DBM NVXSI DFMFZ XIZLS

This decoded gives:

one do3s not simply s0lve a tea3er 0f hacky easter

Indeed this was not that easy, especially the last part. I still don’t know whether there is a special meaning behind the reordering or if it is just random. If you know, please let me know it. Now I am really curious about the real Hacky Easter.

See you there, Cheers

Be First to Comment

Leave a Reply

Your email address will not be published. Required fields are marked *