Zerodays 2017 - Pacman 400 Writeup
Pacman needs your help to find the next flag.
Let’s have a looksie at the game:
The game is hosted on a third party website so it’s unlikely that there’s any vulnerabilities we can exploit.
Hang on a sec, the map looks like a QR code! But it’s unlikely I’ll be able to find an app that will let me scan it ;). Let’s see if we can get access to the raw data that’s generating the map.
Open up Chrome Developer Tools
ajax_request_level.php looks interesting. Click to open a preview of what was received:
Judging by the screen layout,
# means a wall element,
o means a gap element,
e means an empty space and
- means a dot. Double click on
ajax_request_level.php to open it in a new tab, and press
Ctrl-S to save as
Alright, we have the map data in a structured format, let’s try print a QR code.
qr.html in you browser and voila:
But… it doesn’t scan. Then you realise that the corners should be solid black squares. You have to manually edit the source code of
qr.html to figure out which ones to change to black squares. You then end up with this, which does scan:
It scans to
http://q-r.to/bajM0B which is the flag you have to input.