Challenge: Santa has an awesome light show every year. And because one elf leaked the code you can see the light show a few days before christmas
This one was frustrating and a textbook example how one can get lost in details and take a wrong turn.
The contents of the HEX file seem to be an [https://en.wikipedia.org/wiki/Intel_HEX ](Intel HEX) firmware. So I first explored tools to work with that. It’s a, well, hex encoded binary, where each line has a type, like data, segment addressing. Strangely here were other types that are not known to the original Intel HEX specs. I converted it to a linear binary and started exploring the contents. At one point I searched for “lightshow” and found some strange patterns.
I think I already knew at that point that it’s probably a firmware file for the BBC micro:bit board.
Being totally consumed by that pattern I came up with this code:
$raw = file_get_contents("FIRMWARE.BIN");
$raw = substr($raw, 0x3698e,2000);
$raw = explode("\x05\x00\x05", $raw);
//$raw = array($raw);
foreach($raw as $r) {
$row = str_replace(["\x00","\xff"],[" ","X"], $r);
$row=substr($row,1,-3);
echo "|".implode("|\n|", str_split($row, 5))."|\n ----- \n";
}
And this output:
Its a microbit “font” for its 5x5 display. Totally worth it, but completely useless.
I went back to the HEX file and wrote a script to linearly decode all lines and finally was something useful at the end of the file.
The data blob was described in https://makecode.com/source-embedding and I event went so far to uncompress it if there was something hidden in there. Nada.
Then then I went to https://makecode.microbit.org and imported the file. Finally!
I got some hints from friends (neo!) that I should look at the “lightshow” and ignore the “music”. It became immediately obvious that smallHeart and bigHeart are 0 and 1 bit values. Doing some string replace magic we end up with
01111000 01101101 01100001 01110011 01111011 01010100 01101000 00110000 01110011 01100101 01000011 01101000 01110010 00110001 01110011 01110100 01101101 01000001 00100100 00110001 01001001 01100111 01101000 01110100 00100100 01111101
Using our favorite CyberChef tool we get the flag.
So in the end the process was:
Import to microbit https://makecode.microbit.org/, get lightshow routine, convert bigHeart() to 1 and smallHEart() to 0 and convert to ASCII.
Flag: xmas{Th0seChr1stmA$1Ight$}
What did I learn: I can get easily lost in… binary.
