Banner credit: @CryptoVillage.
We played the annual Gold Bug puzzle hosted by the DEFCON Crypto and Privacy Village - and we won! Although we were unable to ace the challenge before the game ends, we managed to solve the remaining challenge afterwards. We will be covering all of them in this walkthrough.
We would like to express our gratitude to the puzzle setters: @MayaKaczorowski for filling in the steps those we missed in the write-up, and @0xCryptoK for bearing Mystiz's stupid questions during the game, too.
By the way, if we are talking about time, they are in UTC+8. We are 15 hours ahead of the Vegas time.
Pool of Tears
Dear, dear! How queer everything is today! And yesterday things went on just as usual!
Iβve made a real mess of things here. The lock and key were right in front of me, neatly packaged between near-centurions! But this world is so strange - dividing when we should have multiplied; combining when we should have counted! Oh what a mess this is.
/ A71C3
Solution
β Progress: 1/11 β
π Solved on August 7, 03:55 (2h 55m after the game starts) π
There are multiple lines of floating point number. We threw their decimal parts to WolframAlpha. These are multiple examples:
We are awared that the denominators are factors of 684483. We then tried to multiply each number by 684483:
99242120222107240109211806120025211019050912221525219900000000000000000
99251913102109211510092505012022041421171509990000000
991720010821080801092103241211050922071014020615252199000000000000000000000000
99052002141105151416021002062516171906990000000000000000000
992421202114182125071118091714180912060325170713052521990000000
9924212006111410190009221523071724162019182415259900000000000000
991720011511251922142118061200252113100914021115019900000000000000000
991315170013180401131525100118220414111703169900000000
99152118141119050215200005232214021217112213179900
TWY counted the trailing zeros from each line and obtained 17, 7, 24, 19, 7, 14, 17, 8, 2
, which is rhythoric
. However, this is not the flag. On the other hand, Mystiz grouped the numbers between the two 99
s into pairs. For example, for the first line it is
24 21 20 22 21 07 24 01 09 21 18 06 12 00 25 21 10 19 05 09 12 22 15 25 21
This is decoded YVUWVHYBJVSGMAZVKTFJMWPZV
. What does that mean?
Eventually, we figured out we can use Vigenere cipher to decrypt YVUW...
with the key rhythoric
and obtained those lines:
howdoththelittlecrocodile
improvehisshiningtail
andpourthewatersofthenile
oneverygoldenscale
howcheerfullyheseemstogrin
howneatlyspreadhisclaws
andwelcomelittlefishesin
withgentlysmilingjaws
youvefoundthepalepuppy
Flag: palepuppy
A71C3
is 684483
in base 16. We did not notice it at all…
Wonder Watch
Solution
β Progress: 2/11 β
π Solved on August 7, 04:15 (3h 15m after the game starts) π
TWY read the clock's hands, which is 18days 1hour 33minutes 25seconds 286/1000 250/1000 791/1000. Since it mentions 1GHz, the time should be correct to one nanosecond, which is what we have now. When converted to a number, it is 1560805286250791.
Mystiz tried to convert the number in base 26 and 256 but did not have a proper result. However, noticing the SemiSeptemvigesimal in the clock, he converted the number into base 27 (7 15 18 9 14 7 0 7 15 1 20
). By mapping 0 to the space and the rest to the English alphabet, we got the flag.
Flag: goringgoat
Pig and Pepper
"By-the-bye, what became of the baby?" said the Cat. "I'd nearly forgotten to ask."
"It turned into a pig," Alice quietly said, just as if it had come back in a natural way.
"Did you say pig, or fig?" said the Cat.
"I said pig," replied Alice.
Solution
β Progress: 3/11 β
π Solved on August 7, 23:55 (22h 55m after the game starts) π
It is pretty obvious that pigpen cipher is the first stage.
hadr
range
corn
eek
ream
live
heat
However, the words eek
, ream
did not make any sense. Maybe it is eel
or team
? Turns out we can build a food name by adding one character in front:
C hadr
O range
A corn
L eek
C ream
O live
W heat
Flag: coalcow
Caucus-race
"What is a Caucus-race?" said Alice. "Why," said the Dodo, "the best way to explain it is to do it."
First it marked out a race-course, in a sort of circle, ("the exact shape doesnβt matter," it said,) and then all the party were placed along the course, here and there. There was no "One, two, three, and away," but they began running when they liked, and left off when they liked, so that it was not easy to know when the race was over.
Solution
β Progress: 4/11 β
π Solved on August 8, 00:10 (23 10m after the game starts) π
Approach:
- Exhaust possible plaintexts encrypted with Caesar cipher. For example,
JHQVHQVSLNHFRKHQMRMRU
->GENSENSPIKECOHENJOJOR
. - Shift the string into the correct order. For example,
GENSENSPIKECOHENJOJOR
->JOJORGENSENSPIKECOHEN
(JO JORGENSEN / SPIKE COHEN
). - Find their party (
Libertarian Party
) and capture the first letter (L
) - Repeat for each of the cases
Libertarian Party -- JO JORGENSEN, SPIKE COHEN Caesar shift +3 JHQVHQVSLNHFRKHQMRMRU
Independent Party of Oregon -- CLIFF THOMASON, PATRICK BARNEY Caesar shift +8 JIZVMGKTQNNBPWUIAWVXIBZQKS
Oregon Progressive Party -- DARIO HUNTER, CHRIS HENRY +15 XHWTCGNSPGXDWJCITGRWG
New Progressive Party -- RICARDO ROSSELLO, JENNIFFER GONZALEZ +13 SRETBAMNYRMEVPNEQBEBFFRYYBWRAAVS
Alliance Party -- ROCKY DE LA FUENTE, DARCY RICHARDSON Caesar shift +5 ZJSYJIFWHDWNHMFWIXTSWTHPDIJQFK
Legal Marijuana Now Party -- DAN VACEK, MARK ELWORTH +17 TVBDRIBVCNFIKYUREMR
Opposition Party -- WILLIAM NH SMITH, FRANCIS BRISTOW +7 TUOZTPAOMYHUJPZIYPZAVDDPSSPH
Freedom Socialist Party -- STEPHEN DURHAM, CHRISTINA LOPEZ +22 DWIYDNEOPEJWHKLAVOPALDAJZQN
Transhumanist Party -- CHARLIE KAM, LIZ PARRISH +20 UGFCTJULLCMBWBULFCYE
We have the flag when taking the first character from the parties.
Flag: lionaloft
liona loft
while Ozetta corrected that it should be lion aloft
.
Split Meanings
I stumbled upon the most peculiar coincidence. Or was it a coin cidence? Or a Coinci dence??
Once you've separated heads from tails, don't forget to use the passages for spot all-stars... or was it a result of points...
Solution
β Progress: 5/11 β
π Solved on August 8, 00:55 (23h 55m after the game starts) π
We had no idea what was going on. Mystiz guessed that the first hint starts with dig
because of the word excavating. TWY thought that should be digest, and eventually got the first solution: dig estate
/ digest ate
.
On the second trial, TWY suggested that the last one ends with terrain.
Mystiz: win terrain / winter rain? TWY: bet terrain / better rain!
We eventually solved most of them. While we are solving, assuming that the middle part consists of three letters also helped us to solve the harder ones:
Ratio of law enforcement OR a penny (10)
cop percent / copper cent
In addition to nature OR having no exit (12)
with outdoors / without doors [*]
Island of a large island OR location for work (10)
off iceland / office land [*]
Jewelry for phone icons OR suddenly visible circles (11)
app earrings / appear rings
Aliceβs vote OR a bundle of rosemary (9)
her ballot / herbal lot
Planter for particles OR spud speaking device (9)
pot atomic / potato mic
Expert demonstration OR correct posture (10)
pro perform / proper form
Excavating an inheritance OR consuming an processing (9)
dig estate / digest ate
Tasting tin OR master of the shiny elements (12)
metal licking / metallic king
Laws pertaining to a flying mammal OR a night out with the caped crusader (10)
bat mandate / batman date
Gambling field OR more welcome precipitation (10)
bet terrain / better rain
[*]: Answers provided by the puzzle setter.
There are a bunch of unused triples. For that, we extract the three letters in the middle part and compute a product-sum for each of the triples.
For the first line, the middletext is per
(that is $(16, 5, 18)$) and the triple is $(-2, 1, 2)$. We can compute i
(which is a $9$) with the below formula:
\[(-2)\cdot 16 + 1\cdot 5 + 2\cdot 18 = 9\]
Repeating the progress, we had the flag.
Flag: ivoryequine
(so the adjective and the noun doesn't start with the same letter)
Inconvenient Habit of Kittens
Solution
β Progress: 6/11 β
π Solved on August 8, 04:15 (1d 3h 15m after the game starts) π
We are given a sound file of meow's and purr's, some follows immediately after the previous sound, some with a short pause and some with a longer pause.
We first labelled and converted the sound file into the following text:
r h atfd k@el
!w b
xig oc sj pu vhaf
mdk el qbi
zgn$ #yr oct
@ jp! vwh xa
s umq
fdke lbz n$ i#yg r to@!
wcj pvx su hmqa z nf$# dkyrel
bt @i goc j!w p vxh sumafd
kelb qzn i$g #o c yjp vhaf rt@ d!k elb i
The maximum length is 6 and there are more than 26 different source of sounds.
Okay, this is some sort of morse code. When we convert each purr into a dash and each meow into a dot, we are able to get:
- . .-.. .-..
-- .
-.. .. -. .- ....
-.. .. -..
-.-- --- ..-
- ..- .-. -.
- ---
.... ..- -- .--. - -.--
-.. ..- -- .--. - -.-- ..--..
.- -. ... .-- . .-. ---...
.... --- .-. -. . -.. .... --- .-. ... .
TELL ME DINAH DID YOU TURN TO HUMPTY DUMPTY? ANSWER: HORNEDHORSE
Flag: hornedhorse
Down the Rabbithole
Solution
β Progress: 7/11 β
π Solved on August 8, 13:55 (1d 12h 55m after the game starts) π
Stage 1
Have you come seeking the Jabberwock? Beware - there is danger ahead!
We must first go DANCING down the rabbit hole...
This stage is pretty straight-forward. Decoding with dancing-man cipher, we can see that there are two group of words: blue and caterpillar. Thus the answer is BlueCaterpillar
.
Stage 2
Twas brillig, and the slithy toves Did gyre and gimble in the wabe; All mimsy were the borogoves, And the mome raths outgrabe.
There are a bunch of lines sampled below. After a bit of researching, it seems that each line represents an area code in the United States or Canada.
(Boulder, CO [historically]),
(Fresno, CA),
110,
148,
(Asheville, NC),
...
Also, 303 Duovigintillion in the title hinted that we are going to build a big number eventually. Also, the line "After all, you wouldn't want to waste your PRIME FORM." suggested us to factorize the numbers.
With the help of Google and the area code checker, we can build a huge number.
\[303559110...132800000 = 2^{20}\cdot3^8\cdot5^5\cdot7^{18}\cdot11^{15}\cdot13^{19}\cdot17^5.\]
Considering the indices in the prime factorization, we got the answer for the next stage: TheRose
.
Stage 3
Beware the Jabberwock, my son! The jaws that bite, the claws that catch! Beware the Jubjub bird, and shun The frumious Bandersnatch!
This stage is also easy. Searching the keywords dark, jot and cipher on Google, we are suggested that the above text is encoded in nyctography, created by Lewis Carroll.
Decoding the text, we have the answer CheshireCat
.
Stage 4
He took his vorpal sword in hand: Long time the manxome foe he sought - So rested he by the Tumtum tree, And stood awhile in thought.
We can see that there are a bunch of M&Ms in this stage. Similar to Knave of Hearts (which is not correct), Mystiz thought that it is ASCII related because there are eight columns and first column consists of zeroes only. This decodes into CountColors
, and therefore the number of M&Ms are counted for each of the colors.
white: 16 (p)
red: 20 (t)
pale-red: 3 (c)
orange: 8 (h)
yellow: 5 (e)
green: 4 (d)
blue: 21 (u)
brown: 11 (k)
----------------
sum: 88
Mystiz tried to anagram with ptcheduk
. Got peck thud
but it was not helpful.
TWY found that white is a stub and p
should not be included. Rearranging the characters, it should be TheDuck
.
Stage 5
And as in uffish thought he stood, The Jabberwock, with eyes of flame, Came whiffling through the tulgey wood, And burbled as it came!
We are given a lint of runes. It is easily searchable that the characters are Elder Futhark. When decoded, we have the below message:
ααα² αα α¦α αα±ααα’α± αα αΎα¨αα α¨αΎα ααααααα’α± αα αΉα’α
sek je ΓΎe dribur of najl and splittur of wud
TWY parsed the line a bit and got driver of nail and splitter of wood
. With that, Mystiz went through the characters and found Carpenter
is the perfect match (he also found hammer bird but it was incorrect).
Stage 6
One, two! One, two! And through and through The vorpal blade went snicker-snack! He left it dead, and with its head He went galumphing back.
This is the final stage but Mystiz had no idea how to craft the key. Ozetta suggested that the solution is a ten-letter word and asked if Mystiz is going to brute force the solution.
Ozetta: Are you going to brute force the solution with a dictionary yet? Mystiz: How even do I brute force a ten-letter word?
*tries wonderland with instinct*
"And, has thou slain the Jabberwock?"
The Jabberwock is slained, and RubyReptile
is sitting inside the source code.
Flag: rubyreptile
Lobster Quadrille
"You may not have lived much under the sea so you can have no idea what a delightful thing a Lobster Quadrille is!" "No, indeed," said Alice. "What sort of a dance is it?" "Why," said the Gryphon, "you ο¬rst form into a line along the sea-shoreβ" "Two lines!" cried the Mock Turtle.
Solution
β Progress: 8/11 β
π Solved on August 8, 15:35 (1d 14h 35m after the game starts) π
We are given pictures of five ocean animals. Assuming that the lengths given on the left are correct, then they are respectively haddock
, squid
, quahog
, shrimp
and king crab
.
There is a line UEHKYHRIOSTEETEMDR
on the very bottom. Using railfence cipher with two rows. It decrypts into USE THE KEY THERMIDOR
. The rationale comes from the challenge statement - "Two lines!" cried the Mock Turtle.
In a later time, there is a hint regarding to the remaining part of the puzzle:
Mystiz identified that might be playfair cipher. However he was unsure what to decrypt (or encrypt). He decided to DM the puzzle writer and received:
CryptoK β 2021/08/08
trust your intuition a bit more there
Mystiz decided to look into playfair cipher. He initially thought the seven-letter word that ends with a T
would be decrypted to haddock
. This led him nowhere.
After reassured by the puzzle writer, he tried to decrypt the pairs. For instance, we are using the seventh letter of haddock
, i.e. K
, along with the hint T
. When it is decrypted with the key THERMIDOR
, we have CR
. The seventh letter of haddock
is picked because T
in the hint is the seventh letter.
Repeating the process with the ciphertext pairs KT
, DX
, QT
, IF
, IR
. We have CR OW NE DC AT
.
Flag: crownedcat
Knave of Hearts
Then followed the Knave of Hearts, carrying the King's crown on a crimson velvet cushion; and, last of all this grand procession, came The King and Queen of Hearts.
Alice was rather doubtful whether she ought not to lie down on her face like the three gardeners, "and besides, what would be the use of a procession," thought she, "if people had all to lie down upon their faces, so that they couldnβt see it?"
Solution
β Progress: 9/11 β
π Solved on August 9, 00:20 (1d 23h 20m after the game starts) π
It is pretty evident that there are two puzzles on the board: Nonogram and sudoku. This is what we have after filling in the board:
Note that there are multiple solutions for the nonogram. We marked them in pale orange and light blue - and either one serves as part of the correct answer along with the green squares.
After that, we are long stuck. There are three hints released:
- If the Knave told you that he could feel the next step by closing his eyes, would you believe him?
- The knave's friend can move from his starting position to the opposite corner clockwise.
- Consider the unseen and the derived separately. From there, your journey continues where edges meet.
There are some thoughts while we are stuck. For instance, we think the the solution for nonogram is encoding ASCII characters column-by-column (which reads 5 53R1C#
). We also guessed that each column is encoding a pair of coordinates (which decodes to $(3, 5)$, $(2, 0)$, $(3, 5)$, $(3, 3)$, ...). Unfortunately this led us to nowhere.
Because of the desperation, Mystiz DMed for hints once again and knew it was braille immediately:
CryptoK β Aug 8 How might one read if they are wearing a blindfold?
Decoding the nonogram solution with Braille, we obtained knightne
(the another one does not decode into something meaningful).
It is stated from the second hint that the knight can move from one corner to the opposite clockwise. Which corners? What are the walkable squares?
Eventually, when we assume that the obstacles are defined by the given hints in sudoku, we are able to move from top-right to bottom-left clockwise. The squares form the flag.
Flag: avianally
Hoofman's Headache
When given a series of digits,
I canβt help but begin to fidget.
My mind canβt stay still,
While counting the quill
Of characters expected within it.And what of the text? Wonder through and reflect?
And the form you have sought? Left be less yielding naught?Hoofman's thoughts canβt see why one would want to multiply!?
Left and right form anew, but their sums over-grew??
Thatβs optimally not right when compressing.
Solution
β Progress: 10/11 β
π Solved on August 9, 01:50 (2d 50m after the game starts) π
We are given 266 bits as below:
00100101110111101110011110101111101111
10110110110001001010101001111000001101
01000111101001111010110000001010100010
11010110011000101101100100000110000010
01101111111001101101011001011000101101
01111100100111110111100101000010011011
10110110011010100011011011001000000110
From the title we notice that Hoofman is spelt so similar to Huffman, especially when the letter o is considered a wildcard character. "Compress" appears in the last line, that further validates this assumption. Furthermore, we made some assumptions according to the poem regarding the "special" construction of the tree:
- "While counting the quill of characters expected within it" may be related to the letter frequencies
- "Left be less yielding naught" seems to imply that the left branch of the tree has smaller weight than the right branch, and the assigned bit is 0.
- "Hoofman's thoughts canβt see why one would want to multiply!?" seems to imply that multiply is used instead of addition.
- "Left and right form anew, but their sums over-grew??" is the basic concept of Huffman tree, and "over-grew" emphasizes the growth rate of the weight after merging.
- "That's optimally not right when compressing." implies that the implementation is different from the optimal Huffman tree construction.
There are some more questions regarding to the third point. If we are using multiplication instead of addition, we need to consider whether "the quill" means the count or the percentage. If it is the latter case, then multiplying two numbers should result in a smaller fraction, so we should instead take the two nodes with highest weights (We thought of whether "Wonder through and reflect?" is related). Otherwise, if it is the frequency, then the actual length of the source is important since when the length is doubled, the product of two weights will become 4 times the original, that affects the relative weight of nodes between different levels.
Since guessing the correct source is difficult, we drafted the script for building Huffman tree and wait for hints. The script consists of replacable components:
- changeable source
- extracting the heaviest or the lightest node
- using fraction to store the frequency (denominator is 1 for integers)
- whether to use multiplication or addition
We used the Relative frequency in the English text at the moment, but we were uncertain about whether spaces and symbols should be included, and whether to treat capital and small letters separately.
Eventually the challenge author released the first hint:
From this we know that the source should not be that relative frequency, but some pieces related to Alice in Wonderland. Following that, they released the next hint:
This proves our assumption, and we are certain that frequencies (instead of percentages) of letters is used. Also, this confirms that minimum weights is used, and multiplication is used for the new node.
Here we start to think what the source the frequencies are taken from. We tried to use the letter frequencies from Alice in the Wonderland, and obtained the below "plaintext":
OJCCAUNQYLIOMAGAZAUQJHOFJJAIEWHEHPQDLJOGYCWARDFOERYEFELOHE
Although all bits are consumed (We can immediately falsify a tree if there are leftover bits), the text looked nonsense. Eventually another hint comes in to the scene:
The paste is entitled HoofmansSourceText, and the contents comes from "Through the Looking-Glass, and What Alice Found There", which is considered the sequel to Alice's Adventures in Wonderland. We replaced the current text with the given text, and obtained the below plaintext:
ITLLPUZZLEITTOGOTHROUGHTHECEILINGIEXPECTKEYWORDFIERCEFELINE
(It'll puzzle it to go through the ceiling I expect keyword fierce feline)
Flag: fiercefeline
Mom's Monsters (Meta)
White, Red, or Hearts they be, Connect the dots and you will see. Monsters ten have come to pray - Name them well and we shall play.
Solution
β Progress: 11/11 β
π Solved on August 9, 20:00 (15h 30m after the game ends) π
There are two hints released. And the first being:
The second one is relatively direct.
The capital letters form the word UKMINT, which may refer to the royal mint (the government-owned mint in the United Kingdom). They recently produced the coin for Alice in Wonderland. More importantly, they also produced the coin featuring the Queen's Beasts:
Why is the riddle related to the Queen's Beasts? Here is the list of the beasts:
- The Lion of England
- The White Greyhound of Richmond
- The Yale of Beaufort
- The Red Dragon of Wales
- The White Horse of Hanover
- The White Lion of Mortimer
- The Unicorn of Scotland
- The Griffin of Edward III
- The Black Bull of Clarence
- The Falcon of the Plantagenets
We can see that each of the ten flags corresponds to a beast. This is the mapping between the two:
- Fierce Feline - The White Lion of Mortimer
- Pale Puppy - The White Greyhound of Richmond
- Goring Goat - The Yale of Beaufort
- Crowned Cat - The Lion of England
- Avian Ally - The Falcon of the Plantagenets
- Lion Aloft - The Griffin of Edward III
- Ruby Reptile - The Red Dragon of Wales
- Coal Cow - The Black Bull of Clarence
- Horned Horse - The Unicorn of Scotland
- Ivory Equine - The White Horse of Hanover
Well, the only clue left is the graph in the challenge pdf. At first glance, we should be able to conclude that the shape represents its corresponding beast's name by the puzzle index.
How about the x-axis? We can notice that there is only one shape per x-value, so it is having high chance that it is the character index of the meta-puzzle's flag.
Finally, the y-axis then must be the character index of the corresponding beast's name. As the least y-index starts from 4, we can guess that all the beasts' name included the word "The". Besides, there should be no spaces for the beasts' name as from the experence in previous challenges.
Following the idea, we have the string below:
iFYouLlBEaieveinmeIllBelieveinyou
There is one incorrect point (10, 18) which should be instead (10, 17). Fixing it, we have the final answer:
ifyoullbelieveinmeillbelieveinyou
Which is, "If you'll believe in me, I'll believe in you".