Sebastian's Blog

software developer. security enthusiast.

Author: Sebastian

HV19.09 Santas Quick Response 3.0

So the qr code looks broken. Doing a reverse image search on the first image reveals that the image was taken at Cambridge North railway station. The cladding of the building features a pierced design derived from Rule 30. So I thought maybe generate a Rule 30 image, put it over the qr code and […]

HV19.08 SmileNcryptor 4.0

Introduction You hacked into the system of and you found a SQL-Dump with $$-creditcards numbers. As a good hacker you inform the company from which you got the dump. The managers tell you that they don’t worry, because the data is encrypted. Dump-File: Goal Analyze the “Encryption”-method and try to decrypt the flag. Hints […]

HV19.H2 Hidden Two

Again a hidden flag. Challenge Description As Hidden Two came out the same time as HV19.07 Santa Rider I thought it might be again of the challenge that also came out that day like before with Hidden One. I thought it was odd, that there was a download for a zip containing the video of […]

HV19.07 Santa Rider

Santa is prototyping a new gadget for his sledge. Unfortunately it still has some glitches, but look for yourself. Challenge Description This was very easy, we got 8 LEDs, so 8 bit = 1 byte. Looks like ASCII. I split the video into frames using ffmpeg to go through the pictures by hand while noting […]

HV19.H1 Hidden One

Sometimes, there are hidden flags. Got your first? Challenge Description Hidden One came out the same time as HV19.06 bacon and eggs came out, so I thought it might be about the extra information added below the bacon cipher ciphertext. Born: January 22 Died: April 9 Mother: Lady Anne Father: Sir Nicholas Secrets: unknown The […]

HV19.06 bacon and eggs

Francis Bacon was an English philosopher and statesman who served as Attorney General and as Lord Chancellor of England. His works are credited with developing the scientific method and remained influential through the scientific revolution. Bacon has been called the father of empiricism. His works argued for the possibility of scientific knowledge based only upon inductive reasoning and careful observation of events in nature. Most importantly, he argued science could be achieved by use of a sceptical and methodical approach whereby scientists aim to avoid misleading themselves. Although his practical ideas about such a method, the Baconian method, did not have a long–lasting influence, the general idea of the importance and possibility of a sceptical methodology makes Bacon the father of […]

HV19.05 Santa Parcel Tracking

To handle the huge load of parcels Santa introduced this year a parcel tracking system. He didn’t like the black and white barcode, so he invented a more solemn barcode. Unfortunately the common barcode readers can’t read it anymore, it only works with the pimped models santa owns. Can you read the Barcode Challenge Description […]

HV19.04 password policy circumvention

Santa released a new password policy (more than 40 characters, upper, lower, digit, special). The elves can’t remember such long passwords, so they found a way to continue to use their old (bad) password: merry christmas geeks Challenge Description Attached to this was the following file named HV19-PPC.ahk This was an AutoHotkey source file. Loading […]

HV19.03 Hodor, Hodor, Hodor

This was quite easy. I immediately thought that this must be a programming language. Apparently there is a programming language called Hodor Programming Language. Running the code reveals: Awesome, you decoded Hodors language! As sis a real h4xx0r he loves base64 as well. SFYxOXtoMDFkLXRoMy1kMDByLTQyMDQtbGQ0WX0= Base64 decode reveals the flag: HV19{h01d-th3-d00r-4204-ld4Y}.

HV19.02 Triangulation

Today we give away decorations for your Christmas tree. But be careful and do not break it. Attached to that we receive a STL file named Triangulation. This file is a 3D model. Opening this in blender and peeling the shell. Showed that it contains another shell. Peeling this again revealed an AZTEC code. Tweaking […]