# PACTF 2018 Writeup: Skywriting

This is a holdover until I can make a more detailed post on my main site. Until then, here’s the solution to Skywriting, along with why I thought it was a reasonable problem to post.

Some background: Skywriting was the last problem in PACTF 2018. It had no solutions from eligible teams, and in that regard remains the most difficult problem in PACTF 2018 by that measure (or, as far as I know, from any PACTF).

I’m going to do this in two parts. The first part is the basic, spoiler-ific, direct pathway of solving it. I’ll then go over how a team could reasonably think of and execute each step.

# 1. Solution

The problem gives you a ZIP of 20 WAV files. Each of them only differ in the last bit of the samples: the equivalent of LSB steganography for audio files. The program I used for this steganography is here, so that will also decode it. (It would not be hard to write this yourself once you realize what’s going on.)

Decoding the file `gusty-garden-6.wav`

and taking the initial valid UTF-8 gives the following text:

𝞢𝞢<<🢛🢙½∫∇🢛🢚⅞𝝽𝝘<<⊻⊻⊻⅞𝝽Λ𝞼⅞𝝽////🞐🞐<<xx⅞𝝽🞐🞐½⅞𝝽>>⅞𝝽🞇🞑<<=x∫∇>>🞇🞑∫∇𝝘//𝞢𝞢𝞢𝞢<<🢛🢙∫∇>>⅞𝝽⊻⊻⊻<<🞐🞐𝝘<<⊻⊻⊻⅞𝝽𝞢𝞢⅞𝝽🞐🞐½⅞𝝽>>⅞𝝽λ𒀪🞇🞑∫∇<><<⅞𝝽✕✕🞐🞐<<xx⅞𝝽🞐🞐𝞢𝞢<<🢛🢙λ𒀪⊻⊻⊻🞐🞐½⅞𝝽

>>λ𒀪xx½🞐🞐=x>>∫∇✕✕⅞𝝽<<=x✕✕λ𒀪⊻⊻⊻𝝘λ𒀪Λ𝞼∫∇⊻⊻⊻𝝘⅞𝝽>>⅞𝝽𝝘//<<⊻⊻⊻⅞𝝽//𝞢𝞢∫∇🞇🞑∫∇𝗑//<<🢛🢙𝝘

🞐🞐½∫∇🞐🞐=x//<<∫∇🞐🞐🞇🞑<<⊻⊻⊻½λ𒀪xx½<<⅞𝝽>>🢛🢚∫∇//⅞𝝽🞇🞑∫∇⊻⊻⊻𝝘½λ𒀪////🞇🞑

Λ𝞼½⅞𝝽⊻⊻⊻∫∇////∫∇🞐🞐<<⊻⊻⊻𝗑⅞𝝽λ𒀪🞇🞑∫∇Λ𝞼∫∇𝗑//<<🢛🢙𝝘

∫∇½<<🞇🞑🞐🞐<<=xxx<<//𝝘⅞𝝽⊻⊻⊻𝝘∫∇=x=x<<𝝘λ𒀪//🞇🞑

=⅞𝝽🞇🞑λ𒀪𝝘⅞𝝽🞐🞐½⅞𝝽//∫∇--⅞𝝽=⅞𝝽⊻⊻⊻⅞𝝽∫∇🞐🞐½🞐🞐½⅞𝝽🞐🞐>>⅞𝝽⅞𝝽🞇🞑

=x//🢛🢙🞐🞐🞐🞐⅞𝝽>>λ𒀪⊻⊻⊻xx∫∇⊻⊻⊻𝝘𝝘∫∇⊻⊻⊻𝗑λ𒀪⊻⊻⊻xxλ𒀪⊻⊻⊻🞐🞐½⅞𝝽=>>⅞𝝽⅞𝝽𝞢𝞂Δ⅞𝝽𝗑<<⊻⊻⊻🞐🞐λ𒀪⊻⊻⊻🢛🢙<<🢛🢙🞇🞑∫∇🞇🞑🞐🞐½⅞𝝽🞇🞑🞐🞐∫∇>>🞇🞑🞐🞐½∫∇🞐🞐🞇🞑½λ𒀪⊻⊻⊻⅞𝝽

∫∇⊻⊻⊻𝝘🞐🞐Λ𝞼λ𒀪⊻⊻⊻--//⅞𝝽<<⊻⊻⊻🞐🞐½⅞𝝽✕✕λ𒀪//--𝞢𝞢Λ𝞼∫∇𝞢𝞢

🞐🞐½⅞𝝽𝞢𝞢🞇🞑🞐🞐>>⅞𝝽🞐🞐𝗑½⅞𝝽𝝘λ𒀪⊻⊻⊻⊻⊻⊻⅞𝝽🢛🢚⅞𝝽>>-⅞𝝽⊻⊻⊻𝝘λ𒀪⊻⊻⊻xx//λ𒀪⊻⊻⊻⅞𝝽

∫∇//<<⊻⊻⊻xx🞐🞐½⅞𝝽✕✕∫∇>>xxλ𒀪⊻⊻⊻<<=x∫∇=∫∇𝞢𝞢

🞐🞐⅞𝝽⊻⊻⊻🞐🞐½<<🢛🢙🞇🞑∫∇⊻⊻⊻𝝘🞇🞑∫∇Λ𝞼λ𒀪∫∇🞐🞐∫∇xx//∫∇⊻⊻⊻𝗑⅞𝝽

🞐🞐<<🞇🞑🞇🞑λ𒀪⊻⊻⊻xx🞐🞐½⅞𝝽λ𒀪>>½⅞𝝽∫∇𝝘🞇🞑λ𒀪⊻⊻⊻🞇🞑<>>>λ𒀪xx½🞐🞐//𝞢𝞢𝝘∫∇⊻⊻⊻𝗑⅞𝝽🞐🞐½⅞𝝽Λ𝞼∫∇🢛🢚⅞𝝽🞇🞑=⅞𝝽🞇🞑λ𒀪𝝘⅞𝝽🞐🞐½⅞𝝽✕✕𝝘∫∇⊻⊻⊻𝗑⅞𝝽𝝘=🢛🢙🞐🞐🞐🞐½⅞𝝽𝞢𝞢

<<🢛🢙🞐🞐-𝝘λ𒀪𝝘🞐🞐½⅞𝝽🞇🞑<>∫∇>>--//λ𒀪⊻⊻⊻xxΛ𝞼∫∇🢛🢚⅞𝝽🞇🞑λ𒀪⊻⊻⊻xx//⅞𝝽⅞𝝽

∫∇<><<⅞𝝽🞐🞐𝗑<<🢛🢙//𝝘⊻⊻⊻<<🞐🞐=🢛🢙🞐🞐=⅞𝝽xx∫∇𝞢𝞢

λ𒀪⊻⊻⊻🞇🞑🢛🢙𝗑½∫∇++<<𝗑🢛🢙⊻⊻⊻𝝘𝗑<<✕✕<>∫∇⊻⊻⊻𝞢𝞢

λ𒀪xx∫∇𝞢𝞂Δ⅞𝝽𝝘∫∇⊻⊻⊻𝝘xx∫∇𝞢𝞂Δ⅞𝝽𝝘=🢛🢙🞐🞐//λ𒀪🞐🞐🞐🞐//⅞𝝽🞐🞐½<<🢛🢙xx½🞐🞐

Λ𝞼½∫∇🞐🞐Λ𝞼⅞𝝽∫∇//🞐🞐½🞐🞐½⅞𝝽🞇🞑½<<Λ𝞼🞐🞐<<✕✕⅞𝝽½∫∇𝝘=>><<🢛🢙xx½🞐🞐=x<<>><<=x🞐🞐Λ𝞼½⅞𝝽⊻⊻⊻<<⊻⊻⊻✕✕𝞢𝞢𝗑<<🢛🢙𝗑½λ𒀪//λ𒀪⅞𝝽

λ𒀪⊻⊻⊻🢛🢚∫∇𝗑∫∇⊻⊻⊻🞐🞐<<>>λ𒀪⊻⊻⊻<>⅞𝝽⊻⊻⊻🞇🞑λ𒀪🢛🢚⅞𝝽✕✕<<<<𝝘

🞐🞐½⅞𝝽𝞢𝞢=x//∫∇🞇🞑½🢛🢙<><<⊻⊻⊻🞐🞐½∫∇🞐🞐λ𒀪⊻⊻⊻Λ𝞼∫∇>>𝝘⅞𝝽𝞢𝞢⅞𝝽

Λ𝞼½λ𒀪𝗑½λ𒀪🞇🞑🞐🞐½⅞𝝽=//λ𒀪🞇🞑🞇🞑<<=x🞇🞑<<//λ𒀪🞐🞐🢛🢙𝝘⅞𝝽

∫∇⊻⊻⊻𝝘🞐🞐½⅞𝝽⊻⊻⊻✕✕𝞢𝞢½⅞𝝽∫∇>>🞐🞐Λ𝞼λ𒀪🞐🞐½<>//⅞𝝽∫∇🞇🞑🢛🢙>>⅞𝝽=xλ𒀪////🞇🞑

∫∇⊻⊻⊻𝝘𝝘∫∇⊻⊻⊻𝗑⅞𝝽🞇🞑Λ𝞼λ𒀪🞐🞐½🞐🞐½⅞𝝽𝝘∫∇=x=x<<𝝘λ𒀪//🞇🞑--Λ𝞼λ𒀪////λ𒀪∫∇✕✕Λ𝞼<<>>𝝘🞇🞑Λ𝞼<<>>🞐🞐½--⅞𝝽⅞𝝽<>xx<<λ𒀪⊻⊻⊻xx𝝘<<⊻⊻⊻🞐🞐=⅞𝝽⅞𝝽🢛🢚λ𒀪//½⅞𝝽>>⅞𝝽∫∇>>⅞𝝽🞐🞐Λ𝞼<<🞐🞐λ𒀪⊻⊻⊻𝞢𝞢🞇🞑½<<>>🞐🞐⅞𝝽⊻⊻⊻⅞𝝽𝝘𝗑//🢛🢙⅞𝝽🞇🞑🞐🞐<<🞐🞐½⅞𝝽𝝘<<𝗑🢛🢙✕✕⅞𝝽⊻⊻⊻🞐🞐🞇🞑𝞢𝞢<<🢛🢙Λ𝞼λ𒀪////⊻⊻⊻⅞𝝽⅞𝝽𝝘--⅞𝝽⅞𝝽<>𝞢𝞢<<🢛🢙>>½⅞𝝽∫∇𝝘λ𒀪⊻⊻⊻🞐🞐½⅞𝝽𝗑//<<🢛🢙𝝘=x//∫∇xx//λ𒀪⊻⊻⊻--1

=x//∫∇xx//λ𒀪⊻⊻⊻--2

This is a substitution cipher with the added wrinkle that the different substitutions are different lengths. (This actually means there’s some ambiguity, but `bx`

doesn't really occur in the English language, so you should assume it's `f`

.)

After figuring out which groups of letters only appear together, replacing those with single letters, and then using some frequency analysis, it’s possible to decode the message as follows:

You have done well to get here so far! Sadly, you are not done yet. Here is a poem to get you in the

right frame of mind.I wandered lonely as a cloud

That floats on high o'er vales and hills

When all at once I saw a cloud

A host, of golden daffodils.

Beside the lake, beneath the trees,

Fluttering and dancing in the breeze.Continuous as the stars that shine

and twinkle on the Milky Way,

They stretched in never-ending line

along the margin of a bay:

Ten thousand saw I at a glance,

tossing their heads in sprightly dance.The waves beside them danced; but they

Out-did the sparkling waves in glee:

A poet could not but be gay,

in such a jocund company:

I gazed—and gazed—but little thought

what wealth the show to me had brought:For oft, when on my couch I lie

In vacant or in pensive mood,

They flash upon that inward eye

Which is the bliss of solitude;

And then my heart with pleasure fills,

And dances with the daffodils.-- William WordsworthKeep going.Don't be evil.Here are two tiny shortened clues to the documents you will need. Keep your head in the cloud.flaglink1

flaglink2

The “tiny shortened clues” are tinyURL links. Going to the two links (https://tinyurl.com/flaglink1 and https://tinyurl.com/flaglink2) links to two Google Docs pages. One of them is a congratulatory message, and the other gives the flag: `a_cloud_is_just_someone_elses_computer`

.

# 2 Discussion

OK, so that’s a bit direct. How might you find the hidden data? How might you solve the cipher?

Keep in mind that, unfortunately, I can’t give a full picture of this: I never had to solve the problem blind. I can, however, give a sense of that path I imagined leading to a solution, and perhaps some hindsight on why that path was never taken.

The problem can be split into three parts: the steganography, the cipher, and the tinyURL links. I’ll discuss each in turn.

## 2.1 Part 1: 20 WAV Files

From my conversations in the IRC chatroom for PACTF, I think most people got stuck at this stage. (However, I will note that at least one team got past this point.)

The thing that most people seemed to struggle with was the idea that only one file mattered. I will defend this problem design choice: there are enough problems about breaking steganography where you already know it exists. I wanted to do a problem that required you to find it first.

Many teams soon realized where in the files the changes were: the last bit of every sample. Most teams at this point tried XORing data from the different files together or combining them in some other way. Some teams had the idea of using statistical randomness tests, but I don’t think they used the right ones or interpreted it correctly.

To fully explicate what I mean, we’ll use a tool called ent which tests for randomness with various tests. We can examine each file using a simple Bash script, and we get the following output:

----------------------------------------------------------------------

static/gusty-garden-galaxy-0.wav

Entropy = 1.000000 bits per bit.Optimum compression would reduce the size

of this 94095136 bit file by 0 percent.Chi square distribution for 94095136 samples is 7.98, and randomly

would exceed this value 0.47 percent of the times.Arithmetic mean value of data bits is 0.5001 (0.5 = random).

Monte Carlo value for Pi is 2.560510938 (error 18.50 percent).

Serial correlation coefficient is 0.152725 (totally uncorrelated = 0.0).

----------------------------------------------------------------------

static/gusty-garden-galaxy-10.wav

Entropy = 1.000000 bits per bit.Optimum compression would reduce the size

of this 94095136 bit file by 0 percent.Chi square distribution for 94095136 samples is 7.61, and randomly

would exceed this value 0.58 percent of the times.Arithmetic mean value of data bits is 0.5001 (0.5 = random).

Monte Carlo value for Pi is 2.560515019 (error 18.50 percent).

Serial correlation coefficient is 0.152727 (totally uncorrelated = 0.0).

----------------------------------------------------------------------

static/gusty-garden-galaxy-11.wav

Entropy = 1.000000 bits per bit.Optimum compression would reduce the size

of this 94095136 bit file by 0 percent.Chi square distribution for 94095136 samples is 7.16, and randomly

would exceed this value 0.74 percent of the times.Arithmetic mean value of data bits is 0.5001 (0.5 = random).

Monte Carlo value for Pi is 2.560541546 (error 18.50 percent).

Serial correlation coefficient is 0.152730 (totally uncorrelated = 0.0).

----------------------------------------------------------------------

static/gusty-garden-galaxy-12.wav

Entropy = 1.000000 bits per bit.Optimum compression would reduce the size

of this 94095136 bit file by 0 percent.Chi square distribution for 94095136 samples is 7.94, and randomly

would exceed this value 0.48 percent of the times.Arithmetic mean value of data bits is 0.5001 (0.5 = random).

Monte Carlo value for Pi is 2.560531343 (error 18.50 percent).

Serial correlation coefficient is 0.152729 (totally uncorrelated = 0.0).

----------------------------------------------------------------------

static/gusty-garden-galaxy-13.wav

Entropy = 1.000000 bits per bit.Optimum compression would reduce the size

of this 94095136 bit file by 0 percent.Chi square distribution for 94095136 samples is 7.71, and randomly

would exceed this value 0.55 percent of the times.Arithmetic mean value of data bits is 0.5001 (0.5 = random).

Monte Carlo value for Pi is 2.560488493 (error 18.50 percent).

Serial correlation coefficient is 0.152727 (totally uncorrelated = 0.0).

----------------------------------------------------------------------

static/gusty-garden-galaxy-14.wav

Entropy = 1.000000 bits per bit.Optimum compression would reduce the size

of this 94095136 bit file by 0 percent.Chi square distribution for 94095136 samples is 7.86, and randomly

would exceed this value 0.51 percent of the times.Arithmetic mean value of data bits is 0.5001 (0.5 = random).

Monte Carlo value for Pi is 2.560533384 (error 18.50 percent).

Serial correlation coefficient is 0.152727 (totally uncorrelated = 0.0).

----------------------------------------------------------------------

static/gusty-garden-galaxy-15.wav

Entropy = 1.000000 bits per bit.Optimum compression would reduce the size

of this 94095136 bit file by 0 percent.Chi square distribution for 94095136 samples is 8.00, and randomly

would exceed this value 0.47 percent of the times.Arithmetic mean value of data bits is 0.5001 (0.5 = random).

Monte Carlo value for Pi is 2.560527262 (error 18.50 percent).

Serial correlation coefficient is 0.152731 (totally uncorrelated = 0.0).

----------------------------------------------------------------------

static/gusty-garden-galaxy-16.wav

Entropy = 1.000000 bits per bit.Optimum compression would reduce the size

of this 94095136 bit file by 0 percent.Chi square distribution for 94095136 samples is 7.76, and randomly

would exceed this value 0.53 percent of the times.Arithmetic mean value of data bits is 0.5001 (0.5 = random).

Monte Carlo value for Pi is 2.560539505 (error 18.50 percent).

Serial correlation coefficient is 0.152723 (totally uncorrelated = 0.0).

----------------------------------------------------------------------

static/gusty-garden-galaxy-17.wav

Entropy = 1.000000 bits per bit.Optimum compression would reduce the size

of this 94095136 bit file by 0 percent.Chi square distribution for 94095136 samples is 7.39, and randomly

would exceed this value 0.65 percent of the times.Arithmetic mean value of data bits is 0.5001 (0.5 = random).

Monte Carlo value for Pi is 2.560527262 (error 18.50 percent).

Serial correlation coefficient is 0.152731 (totally uncorrelated = 0.0).

----------------------------------------------------------------------

static/gusty-garden-galaxy-18.wav

Entropy = 1.000000 bits per bit.Optimum compression would reduce the size

of this 94095136 bit file by 0 percent.Chi square distribution for 94095136 samples is 7.75, and randomly

would exceed this value 0.54 percent of the times.Arithmetic mean value of data bits is 0.5001 (0.5 = random).

Monte Carlo value for Pi is 2.560580315 (error 18.49 percent).

Serial correlation coefficient is 0.152727 (totally uncorrelated = 0.0).

----------------------------------------------------------------------

static/gusty-garden-galaxy-19.wav

Entropy = 1.000000 bits per bit.Optimum compression would reduce the size

of this 94095136 bit file by 0 percent.Chi square distribution for 94095136 samples is 7.65, and randomly

would exceed this value 0.57 percent of the times.Arithmetic mean value of data bits is 0.5001 (0.5 = random).

Monte Carlo value for Pi is 2.560502776 (error 18.50 percent).

Serial correlation coefficient is 0.152730 (totally uncorrelated = 0.0).

----------------------------------------------------------------------

static/gusty-garden-galaxy-1.wav

Entropy = 1.000000 bits per bit.Optimum compression would reduce the size

of this 94095136 bit file by 0 percent.Chi square distribution for 94095136 samples is 8.04, and randomly

would exceed this value 0.46 percent of the times.Arithmetic mean value of data bits is 0.5001 (0.5 = random).

Monte Carlo value for Pi is 2.560512979 (error 18.50 percent).

Serial correlation coefficient is 0.152723 (totally uncorrelated = 0.0).

----------------------------------------------------------------------

static/gusty-garden-galaxy-2.wav

Entropy = 1.000000 bits per bit.Optimum compression would reduce the size

of this 94095136 bit file by 0 percent.Chi square distribution for 94095136 samples is 7.47, and randomly

would exceed this value 0.63 percent of the times.Arithmetic mean value of data bits is 0.5001 (0.5 = random).

Monte Carlo value for Pi is 2.560537465 (error 18.50 percent).

Serial correlation coefficient is 0.152728 (totally uncorrelated = 0.0).

----------------------------------------------------------------------

static/gusty-garden-galaxy-3.wav

Entropy = 1.000000 bits per bit.Optimum compression would reduce the size

of this 94095136 bit file by 0 percent.Chi square distribution for 94095136 samples is 7.82, and randomly

would exceed this value 0.52 percent of the times.Arithmetic mean value of data bits is 0.5001 (0.5 = random).

Monte Carlo value for Pi is 2.560557870 (error 18.49 percent).

Serial correlation coefficient is 0.152729 (totally uncorrelated = 0.0).

----------------------------------------------------------------------

static/gusty-garden-galaxy-4.wav

Entropy = 1.000000 bits per bit.Optimum compression would reduce the size

of this 94095136 bit file by 0 percent.Chi square distribution for 94095136 samples is 7.20, and randomly

would exceed this value 0.73 percent of the times.Arithmetic mean value of data bits is 0.5001 (0.5 = random).

Monte Carlo value for Pi is 2.560576234 (error 18.49 percent).

Serial correlation coefficient is 0.152721 (totally uncorrelated = 0.0).

----------------------------------------------------------------------

static/gusty-garden-galaxy-5.wav

Entropy = 1.000000 bits per bit.Optimum compression would reduce the size

of this 94095136 bit file by 0 percent.Chi square distribution for 94095136 samples is 7.71, and randomly

would exceed this value 0.55 percent of the times.Arithmetic mean value of data bits is 0.5001 (0.5 = random).

Monte Carlo value for Pi is 2.560555829 (error 18.49 percent).

Serial correlation coefficient is 0.152730 (totally uncorrelated = 0.0).

----------------------------------------------------------------------

static/gusty-garden-galaxy-6.wav

Entropy = 1.000000 bits per bit.Optimum compression would reduce the size

of this 94095136 bit file by 0 percent.Chi square distribution for 94095136 samples is 9.49, and randomly

would exceed this value 0.21 percent of the times.Arithmetic mean value of data bits is 0.5002 (0.5 = random).

Monte Carlo value for Pi is 2.560535424 (error 18.50 percent).

Serial correlation coefficient is 0.152721 (totally uncorrelated = 0.0).

----------------------------------------------------------------------

static/gusty-garden-galaxy-7.wav

Entropy = 1.000000 bits per bit.Optimum compression would reduce the size

of this 94095136 bit file by 0 percent.Chi square distribution for 94095136 samples is 7.22, and randomly

would exceed this value 0.72 percent of the times.Arithmetic mean value of data bits is 0.5001 (0.5 = random).

Monte Carlo value for Pi is 2.560574193 (error 18.49 percent).

Serial correlation coefficient is 0.152723 (totally uncorrelated = 0.0).

----------------------------------------------------------------------

static/gusty-garden-galaxy-8.wav

Entropy = 1.000000 bits per bit.Optimum compression would reduce the size

of this 94095136 bit file by 0 percent.Chi square distribution for 94095136 samples is 7.46, and randomly

would exceed this value 0.63 percent of the times.Arithmetic mean value of data bits is 0.5001 (0.5 = random).

Monte Carlo value for Pi is 2.560515019 (error 18.50 percent).

Serial correlation coefficient is 0.152726 (totally uncorrelated = 0.0).

----------------------------------------------------------------------

static/gusty-garden-galaxy-9.wav

Entropy = 1.000000 bits per bit.Optimum compression would reduce the size

of this 94095136 bit file by 0 percent.Chi square distribution for 94095136 samples is 7.57, and randomly

would exceed this value 0.59 percent of the times.Arithmetic mean value of data bits is 0.5001 (0.5 = random).

Monte Carlo value for Pi is 2.560510938 (error 18.50 percent).

Serial correlation coefficient is 0.152728 (totally uncorrelated = 0.0).

As you can see by looking through it, `gusty-garden-6`

is a clear outlier on the chi-squared test, which is consistent with data that is ordered but not necessarily weighted. This effect would be stronger if you limited it to the part of the data that actually changes, but even at the preliminary survey stage, knowing nothing else about the problem, it's clear that every file is not the same.

Of course, if you came up with the idea to convert to UTF-8 (which again, is literally what comes up if you google “wav steganography”), as long as you glanced over the right part of the problem you’d instantly notice the anomalous text and would know to begin from there. Either way, I felt this step was reasonable, and some people did get here.

## 2.2 Part 2: Substitution Cipher

This is a part I have far less data on, because I haven’t talked with anyone who got to this section in the problem. Therefore, I’ll limit my assumptions about how teams *might* have solved it and just summarize why I think it’s solvable.

Once you disambiguate some homoglyphs, it’s really clear that certain digraphs and trigraphs appear with complete uniformity: many characters only appear in one character output, and others are pretty unambiguous. By progressively identifying substitutions and replacing them with any English letter, you can transform it to a basic letter-for-letter substitution cipher with relative surety. (Additionally, small mistakes are unlikely to jeopardize the problem.)

Once you get to this point, you can use frequency analysis to get a head start. However, the easiest way to finish it off once you get started is to recognize the poem I quote verbatim in the middle of the ciphertext. Any part of this that is distinctive is enough to Google the rest. Once you get that, you’re done: you get enough letters to solve all of the important text.

## 2.3 Part 3: URLs and Flag

This part was originally going to be a bunch of random text, with the solution being to interpret them as Google Drive IDs (given the “don’t be evil” and the theme of clouds, I think this was reasonable). The problem was that the characters GDrive uses aren’t always the ones that are in English text a lot, and so you’d have a tough time finding the actual links. I used tinyURL to fix this issue and then added the “tiny shortened” part to give you a little kick in the right direction. As far as I know, no one got here, but I don’t think this part would have been that challenging if they did.

# 3 Conclusion

To be honest, I was surprised at the difficulty teams experienced in solving this problem. However, I hope any teams that were stymied by it don’t think it was necessarily unfair, just difficult. I think each step in this solution could be catalyzed by logical clues, and nothing required pure trial-and-error. I think the difficulty delta from the rest of PACTF might have exacerbated the difficulties teams faced: perhaps people were expecting a problem closer to the round 1 hard problems. Additionally, it’s a fairly non-standard CTF problem. I’d argue that works to the problem’s advantage, and from what I’ve seen people who haven’t done too many CTFs seemed to like it more, but that’s anecdotal. If you disagree, or want to share anything else, feel free to contact me! Hope you enjoyed the CTF as a whole! Also, if you like problems like this, make sure to check out PACTF 2019 in many months’ time.