* Miscellaneous

** Discord

- Check the announcements channel

** Verbose

- It's JSFuck
- Evaluating it in the browser redirects you somewhere else...
- Find some other suitable decoder

** Locked Up

- Use =zipinfo= to look at archive contents
- Flag is one of the file names

** Admin Pass

- Description links to Git repo
- Looks like we have to crack a hash
- The comment doesn't have the right flag
- The Git history contains the right flag before it was redacted

** The Real Reversal

- Reverse the bytes
- Print the string
- Decode the numbers into bytes
- Print each char
- Reverse each line (because it's printed reverse)

** Broken GPS

- Write some code doing exactly what is asked from you
- Calculate the distance using Pythagoras
- Calculate the letter for each file

** Hidden Flag

- At the end of the file it spells out the key
- XOR each key byte with the first bytes, check whether it looks like
  the PNG magic bytes
- Repeat for the rest of the file
- Obtain an image displaying the flag

* Cryptography

** Reverse Search Algorithm

- RSA with known factors (check factordb or use YAFU)
- Calculate ~d = (p - 1) * (q - 1)~
- Decrypt with ~m = modexp(d, c, n)~
- Format message as string to obtain the flag

** A Lost Cause

- Write some code that does the reverse of the transformation for each
  possible offset, then prints the result
- One of those is the raw flag

* Forensics

** Chicken Crossing

- =strings= shows the flag at the end of the file

** Cool Image 2

- Remove the first 40 garbage bytes from the file

** Slap

- Check with =exiftool= for the flag

** Fish

- =steghide= key is at the end of the file
- Use =steghide= to extract the hidden text file

* Web

** md5--

- One way to solve this is to find a MD5 hash hashing to itself
- The other is to make use of PHP's funny ~==~ semantics
- If both strings look like numbers, they're coerced to numbers before
  comparing
- So, =9= is equal to =09= and =0e123= is equal to =0e999=
- I wrote a bruteforce script that checked for numerical strings
  hashing into an equivalent numerical string
- Eventually it found a working one

** Accessible Rich Internet Applications

- HTML file containing lots of JS
- When opened in a browser it creates lots of HTML, with way too many
  ARIA tags that have a sort key and a binary value
- Copy them into a text file, sort by the sort key, extract the binary value
- Decode the binary into a text with the flag

** Networked Password

- If you send a password starting with =h=, the request takes 0.5s
  longer than a password not starting with =h=
- For subsequent correct characters, the request time increases by
  0.5s for each
- I wrote me a script that uses this to guess the flag for me
- It's not perfect as there's the occasional false positive, this can
  be detected by subsequent guesses taking less time than the previous
  ones
- The charset is alphanumerical with underscores and braces