Hi fellows,

Some weeks ago the Hacky Easter Challenge Teaser has been published as a warmup to the Hacky Easter challenge. In this post I want to guide you through the 16 riddles that have been asked there. As usual, if you haven’t solved all the riddles by now, you might prefer to solve them first before reading this post.

The task in this teaser was to decode each riddle and collect some fragments. In the end, those fragments has to be rearranged and then decoded in order to get the final solution. In total there are 16 riddles guarded by bunnies.

#### 1. MBD2A !ysaep ,ysaE

This one just needs to be read in reversed order which gives you **Easy, peasy! A2DBM**

#### 2. UGllY2Ugb2YgY2FrZSEgWlhHSUQ=

If you are familiar with such challenges then you probably immediately recognise that this is `base64`

encoded. Decoding it gives **Piece of cake! ZXGID**

#### 3. One for free here: ERROR

This one looks too good to be true. Since it seems that we are collecting fragments of length 5 and ERROR is a fragment of length 5, this might one. However, if you have a closer look at the source code of the webpage, you will find a snippet of javascript that is in a transparent paragraph. It reveals another fragment **XIZLS**.

#### 4. `eval(function(p,a,c,k,e,d){e=function(c){return c};if(!''.replace(/^/,String)){while(c--){d=k||c}k=[function(e){return d[e]}];e=function(){return'\\w+'};c=1};while(c--){if(k){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k)}}return p}('0(\'1\');',2,2,'alert|VYGY6'.split('|'),0,{}))`

This is also a javascript snipped which you can execute. Once executed, there will appear an alertbox saying **VYGY6**. (Having a closer look at the code already reveals this fragment)

#### 5.`3a3ea00cfc35332cedf6e5e9a32e94da`

9d5ed678fe57bcca610140957afab571

f09564c9ca56850d4cd6b3319e541aee

5dbc98dcc983a70728bd082d1a47546e

7fc56270e7a70fa81a5935b72eacbe29

9d5ed678fe57bcca610140957afab571

f09564c9ca56850d4cd6b3319e541aee

5dbc98dcc983a70728bd082d1a47546e

7fc56270e7a70fa81a5935b72eacbe29

To be honest, it took me also a while until I found out how to decode this one. Once I have realised that this are 5 lines, I assumed that each line probably encodes one character of the fragment. And indeed, each line is the `MD5-Hash`

of a character. Decoding each hash gives **EBQSA**.

#### 6. `--- -. . / -- --- .-. . / .... . .-. . ---... / .--- .- --- -- -.--`

This was an easy one. It is obviously morse code and stands for **ONE MORE HERE: JAOMY**.

#### 7. `Hwldp wx, Euxwh! QYAVL`

This one looks like it is shifted which points to the Caesar Cipher. Going through all the keys eventually revealed **etiam tu, brute! NVXSI**.

#### 8. `84 97 107 101 32 116 104 105 115 58 32 71 89 53 84 70`

These are just decimal numbers. Convert them into `ASCII`

and you will get **Take this: GY5TF**.

#### 9. `Just a bit:`

/2mi4AMj

/2mi4AMj

The word ‘bit’ is a hint and points to the link shortener bit.ly. Appending the string below gives you a link bit.ly/2mi4AMj. Following the link gives you the next fragment **5DFME**.

#### 10. `No comment.`

There is obviously a comment in the source code of the website. It says **A43JN**.

#### 11. ????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

Replacing every ghost with a `0`

and every alien with a `1`

gives you a binary string. Converting this string into `ASCII`

reveals the next fragment: **CONGRATS! N5XGK**.

#### 12. `697c611778601371647d12177e7d060572`

3133333731333337313333373133333731

3133333731333337313333373133333731

This one was also not that easy at first. I noticed that the second line is a repetition. Eventually I tried to `xor`

them. Converting the result into `ASCII`

gave **XOR IS FUN! ON52C**.

#### 13.`URER LBH TB: MJX4E`

This again looks like it is shifted like number 7. Again trying the caesar cipher gave **HERE YOU GO: ZWK4R**. (It actually is a Rot-13)

#### 14.`89504E470D0A1A0A0000000D494844520000001D0000000708020000007BBCD1A5000000017352474200AECE1CE90`

000000467414D410000B18F0BFC6105000000097048597300000EC300000EC301C76FA8640000001874455874536F

667477617265007061696E742E6E657420342E302E36FC8C63DF000001AA4944415428534D513DC8416118BD7E4A1

9180C0665A0582C8C7E22DF20C5480A130629060CF29792C16CB06293C82283C2F0C562540693C94F297F2983FB9D

EBF9BEDB77A673CE7DEE799FF3BE0CFB81C160904824C4098542C1E17098CDE672B90C399D4E9D4EA740208846A39

BCD2693C9300CF3F5079A29168B56ABD5E572B5DBEDDF5C954A85B9D3E944D2EBF5D66AB5DBEDF67EBF5BADD6EBF5

1A8D4676BB1D9F7ABD9EDFEF877FBFDFE3F1782E97BB5EAFF0B1473A9D063F1C0E1A8D86CB1D8FC7D8CBE3F1341A0

DC8C964A2502840FE83CF050987C3642693C96AB54A1C558810B8DC4824321C0E178B85CD66836C369BD80244A7D3

A194DBED7E3C1E8893CBE5E804743A1DEE57964DA552F57A1D64B7DB994C2632095CAE4C260B8542C160502A95AED

7EBC160100804E05F2E97E3F1882054E6F7DDEFF770CEE73378369BA5DCE7F3899B04E1C174BBDD582CF6FD01162F

954AD84EA9542E974B9A108BC5FF7301AD564B2F91CFE729174033BC1BF17EBFCFF87CBEF97C4E7ABBDDEAF57A90D

96C66341A3FA519FE5AD56A35A44824C2D99F71B652A9F0B9ABD5CA62B1604028142612891FA2F7838B729D41E800

00000049454E44AE426082

000000467414D410000B18F0BFC6105000000097048597300000EC300000EC301C76FA8640000001874455874536F

667477617265007061696E742E6E657420342E302E36FC8C63DF000001AA4944415428534D513DC8416118BD7E4A1

9180C0665A0582C8C7E22DF20C5480A130629060CF29792C16CB06293C82283C2F0C562540693C94F297F2983FB9D

EBF9BEDB77A673CE7DEE799FF3BE0CFB81C160904824C4098542C1E17098CDE672B90C399D4E9D4EA740208846A39

BCD2693C9300CF3F5079A29168B56ABD5E572B5DBEDDF5C954A85B9D3E944D2EBF5D66AB5DBEDF67EBF5BADD6EBF5

1A8D4676BB1D9F7ABD9EDFEF877FBFDFE3F1782E97BB5EAFF0B1473A9D063F1C0E1A8D86CB1D8FC7D8CBE3F1341A0

DC8C964A2502840FE83CF050987C3642693C96AB54A1C558810B8DC4824321C0E178B85CD66836C369BD80244A7D3

A194DBED7E3C1E8893CBE5E804743A1DEE57964DA552F57A1D64B7DB994C2632095CAE4C260B8542C160502A95AED

7EBC160100804E05F2E97E3F1882054E6F7DDEFF770CEE73378369BA5DCE7F3899B04E1C174BBDD582CF6FD01162F

954AD84EA9542E974B9A108BC5FF7301AD564B2F91CFE729174033BC1BF17EBFCFF87CBEF97C4E7ABBDDEAF57A90D

96C66341A3FA519FE5AD56A35A44824C2D99F71B652A9F0B9ABD5CA62B1604028142612891FA2F7838B729D41E800

00000049454E44AE426082

I have already seen similar things during some CTF challenges, therefore I knew that this was hex-encoded. Decoding it, storing the result in a file and opening it as an image gave the fragment **AGBTC**.

#### 15.`FRIDAY THE THIRTEENTH, 4:00 PM`

/([FOR]*)([ID]{2})([^N]*)(.)(.*)/g

$2E$44

/([FOR]*)([ID]{2})([^N]*)(.)(.*)/g

$2E$44

Notice that the second line describes a regular expression and half of the riddle is already done. Applying the regular expression on the first line and taking `$2`

and `$4`

as the second and the fourth group of the matching parts gives, together with the ‘E’ and the ‘4’ from the last line the fragment **IDEN4**.

#### 16.`<~<+oue+DGm>FD,5.CghC,+E)./+Ws0B9h&:~>`

For me, this was really the hardest of all the riddles. After a long search I eventually found out that this string is `ASCII85`

encoded. Decoding it finally revealed the last fragment: **This is the last one! DFMFZ**.

We now have all of the 16 fragments. However, we are not done yet. The last task is to find the final string by reordering and decoding the fragments. First of all, I put each fragment next to each other

`A2DBM ZXGID XIZLS VYGY6 EBQSA JAOMY NVXSI GY5TF 5DFME A43JN N5XGK ON52C ZWK4R AGBTC IDEN4 DFMFZ`

Since it is specifically given that it is *encoded*, we have to find an appropriate encoding scheme. I noticed, that there are only numbers between 2 and 6 which made me think of `base32`

, where only numbers from 2 to 7 are considered. With trial and error I finally found the right ordering and managed to decode it.

`N5XGK IDEN4 ZXGID ON52C A43JN VYGY6 JAOMY GY5TF EBQSA 5DFME ZWK4R AGBTC A2DBM NVXSI DFMFZ XIZLS`

This decoded gives:

one do3s not simply s0lve a tea3er 0f hacky easter

Indeed this was not that easy, especially the last part. I still don’t know whether there is a special meaning behind the reordering or if it is just random. If you know, please let me know it. Now I am really curious about the real Hacky Easter.

See you there, Cheers

Comments are closed.