Solving the Injective Xmas riddle

After 3 long nights, we managed to solve the injective Christmas riddle! Here is a summary of how we managed to do it.

Private Key part 1

AES

The encryption was done through a block cipher variant known as Advanced Encryption standard (AES). The hint for this was in the first letter of each paragraph of the text:

Knowing this meant we needed to find a secret key to decode the following text from Sensei Bart:

hhRZ/zj/TtSzo8pCXDfmzpCT5AzSIIOeZw9h+N1MtRte40/wgUhwiI9OdsShm9CpNOgqb4cKsrMuQB4i+myh1VzWAhVODbFXX5Z6DSDzbnPPdiNHW1l8QdQN5d6TPANE9d4Qbvd6dw1aJi7Qhj6VxzVFr1nS6wUN4dceZ6ppR9dYKA5lO8MTihwTbrk5QFoyGVz6Lsqvgugt7Y4IGlFPRd179vvdxrXYaHdAehyA/qRw4Tz4a8ZfGPRKg299s1twXEw5sEQ5MvJrzS1TMqozhnkwYiRR0OtZXyBV+5aOjGAd1Onj8NTNGL1j2uExBSDQrBfS8JI8Z2ek4rkXvgnujfFZltdxWfwMlB27ciWlEVLDgbT0zQgO/uNgS53ips+Q1sLP9kBCi/lZFEiC2XR8GBNVCSfZr1kPUS0jPo8dxI9WjDQIwwcsPOH7Szf0RrtCAO1bTIIusrfG2E9+YVMbwPZC9b8kIk2Q0awjM2Vw4Q32IVlFWmaT7OgqsooY4KrEzk1Ol0eSAjeGzheNO135xXlcrEkg1vpbamutxwwPPAw=

Shamurai = SHA256 HASH Encryption

The above text is in base64 (Bart + 63 Ninjas = 64 Ninjas) format (the ‘=’ sign at the end gave it away which indicates padding).

The “Shamurai” = Sha256. So, knowing this we just needed to find something to hash into sha256 format… Also, we received another hint by Injective through twitter that each carriage carried 4 prisoners who surrendered *first* (4*8 = 32). So we assumed we use the first 32 chars of the text.

In the battle of the Century = Chess game of the century

Someone from our team mentioned a chess game known as “The game of the century” where a famous young chess player known as Fischer offers an ingenious knight sacrifice which set him up to win the game https://en.wikipedia.org/wiki/The_Game_of_the_Century_(chess). This matched with what was said in the text about Sensei Bart winning the battle by sacrificing his most prized horse.

We took the battle to begin from the start until his game winning move using chess algebraic notation (AN). This gave us:

nf3nf6c4g6nc3bg7d4o-obf4d5qb3dxc4qxc4c6e4nbd7rd1nb6qc5bg4bg5na4

This then was encrypted using SHA256 which returned:

50aa77c329c0a2ebe84e6f561d6246952de7ce75dfbf524f8684f91d9bd66c0d

We then took the first 32 characters of the hash above and plugged it into an AES simulator (ECB mode with 256 bit key size) which returned the decrypted text:

Great find brave Ninja, you are one step away from unlocking the first key__________D90F4635C21646FC457ACCB99D83F03B8FF3A56963E389CBC27656972ABFA845_________H0fVGS3B3I/38v8b16Q0vE3DIERAr5f3nAfLlKfThJMrhsmYOkZSVOA02fDeRkfBAdp6EA4Cs0o1ncbRV+M5zKVM1QBi/U1uzEKeIDkjArFnG4ZLNx/xui/ayxfmlrSuuz6QsbmivkYmD3+aSCUWH7wKW6gn7DvZl/NP8C1UE4ISZDBDtqpn5dFB6Y7XL00cbr8athvltIGSwClDxt5matYYAZdax7kNXjhSAs1SywbpJ9I2tFKKblCyC+fV/HVH

Deriving the first key

This didn’t give us what we expected so the next step was to solve this before we can successfully claim the first key. The format of the hash transaction looked very similar to that of Injective has numbers, so we plugged it into the the Injective Explorer which returned the following:

We tried to encrypt everything possible from the above transaction. This gave us a successful return as the following was obtained from SHA256 encrypting the transaction amount “29283691024200000”: d471ef309e18c48e2dff41a249715dcc0ac5c480fdb53be2052277b1057e1fbe

where we used the first 32 chars as the secret key. This then gave us a return of:

Congratulations brave Ninja! You have found the first part of the private key__________57e04293856de52f58502________Go to the land of discord and seek Sensei KAYO for the next riddle

Private Key part 2

This sensei KAYO character then provided the next step (sent only after the riddle master (Eric Chen) had confirmation that the first riddle had actually been solved):

Hey ninja, you’re finally here. Unfortunately the second key is with @injectiveintern. But he lost his ability to speak after eating a poisoned apple almost 70 years ago. You might have heard of legends of the ten rings but injective intern was far more powerful with just 3 rings. He managed to get the last 3 rings left by the ancient alpha beings. As he was ascending to be the head of Ninja dojo, he always liked to say “welcome brave ninja” to every new ninja that joined the dojo. But now, everything he says is pure gibberish. I tried asking him about the keys but all he could say was
“pfbslch clkdz fqcgc. qd kmmw bxu lmjh yojs okqo zp zbx fowz. rp ae rfjb, hix kys ab bcgpi zp erx xiwxfz vahoob. byuw mw klxnizzfa vclyce kfw hvoq ckz owgd ucz ujsf ah wgs”

Poisonous Apple

A great mathematician known as Alan Turing managed to crack the enigma cipher during the second world war. He used a machine called the Bombe. He died from eating a poisonous apple almost 70 years ago.

Welcome Brave Ninjas

We used this as a crib (Known Plaintext Attack, KPA) for the first 3 words of the gibberish as they both had the same number of letters per word. Though I can not express how difficult this task was, I’ll summarise the steps we took through the use of a bombe simulator:
Plaintext: welcome brave ninjas

Ciphertext: pfbslch clkdz fqcgc

We now needed to figure out the bombe machine settings in order to run the simulation as this would have taken 12 days if we used a brute force attack with all Enigma machine possibilities:

3 Rings = 3 ring settings on the Enigma machine

Ascending to be the head of Ninja dojo = ascending order of initial rotor settings (ABC, or XYZ, in this case it was xyz as it is common practice to start with combination ZZZ)

Reflector type C

Once we simulated this using the Bombe machine, we got the following text:

WELCOME BRAVE NINJA IT MUST NOT HAVE BEEN EASY TO GET HERE IT IS OKAY YOU ARE SO CLOSE TO THE SECOND SECRET TALK TO INJECTIVE INTERN AND TELL HIM THAT RED BULL IS KEY

Injtern gave us an AES encrypted message:

4rnnivfSu56HfWY4FJm1IGMG3lqPpE9vd/QT5SbflEQOfXk2ilR4VlHBUseV6kNoMyluhxsQ0suUWBKC7p74/I8Yj55pwrSHrCcw17UMmfh1XCZZjWOzi87yj+I4dNsnmknHGc4V+C/glxEvfIz0LaBKzlVcRxGkOkZYn8LFZFY=

We knew that Red Bull was the key and after Sha256 encrypting this we got:

b4f989fabcee34c1ef1c3d92cb9c84f248bdede29705a5fd9fea9e0bc12d578c

Which gave us:

Amazingly done ninja! This was not an easy puzzle_______7de39b86738d731206842______Now go find no1 DEX on Injective

Believe me, this is the simple version of the story. This was so difficult!

Private Key part 3

No ambiguity here, it could only be the number 1 relayer Picasso Exchange. We searched through their state of the art front end to see if we could find anything in which we discovered:

SUCCESS: Brave Ninja, You have traversed across the metaverse searching for the final answer. You have earned it. This is the last piece of the key: f03a3abaa0f9c1d094a8de

PK: 57e04293856de52f585027de39b86738d731206842f03a3abaa0f9c1d094a8de

And at last! We solved the riddle.

The rewards were split equally and fairly amongst the team.