I know that I normally write stuff about making things, but today I want to talk about breaking (or cracking) things and hopefully inspire you to do the same while you have some time during the holidays.
For those of you who are not familiar: CTF stands for Capture The Flag and in this context refers to puzzles that need some amount of digital skills to solve. The flag is usually some kind of code with a recognizable format (e.g. CTF{omg_y0u_f0und_1t}). It can be hidden in a file, or obtained by exploiting a vulnerability in a system designed specifically for the challenge, or any method really.
The biggest challenge is that they don’t tell you what to do. You’re just given a picture or some text and maybe a cryptic hint and… good luck! So it fits right in with the spirit of experimentation, frustration and problem solving that’s my usual process for making things too.
For the past week I’ve been playing the yearly ‘Hackvent’ calendar over at Hacking-Lab.com, which is an advent calendar of CTF challenges. One challenge gets posted every day and you get bonus points for solving it on that day, even though you can submit answers until the end of the month. The first week had the easy challenges and it seems we’ve now graduated to Medium difficulty. The challenges are great fun (I swear this is not sponsored). If you want to have a go at this yourself, here are some resources that might help you crack these challenges:
As usual: your brain and a healthy amount of googling things
Cyberchef to make extracting, converting, encoding, reversing, and everything else you might want to do to a file a breeze.
A hex editor of your choice. A hex editor is a program that allows you to see all the bytes in a file, might come in handy. (I’m currently using HxD)
Some wiki articles you might want to have a look at (even if you are not playing the CTF, it’s pretty interesting): Steganography, Esoteric Programming Languages, and old-school cryptography.
I don’t want to post about my own attempts at making things work at this time, to avoid spoilers. But I plan to release a write-up of the challenges I succeeded at when the event is over.
Happy hacking!