Solving my first Crypto Treasure Hunt
While going through the puzzle subreddit, I stumbled upon a post regarding a Crypto Treasure Hunt, with a link to an image, the address for the prized Bitcoin Cash, stating that it is a 5 level treasure hunt, a error correction and the OP clearly stating NO HINTS. OK let’s get started!
Level 1
Lets see the image:
So there are two strings
B5_]@B5B55@X2KR:&
B5_]@B5B5491s+j7fInitially I tried different decryption techniques, after concatenating the strings, tried steganography tools on the image, none helped. I saw another user posted his finding after trying some things. I couldn’t understand it, so left it until the day I was reading a writeup for for one of the coin_artist’s puzzle. And something hit me.
I tried base64, bitcoin uses base58, lets see what other bases are there and voila! ascii85 or base85, it contains all the character sets I needed. Lets decode using an online decoder.
Unfortunately the goo.gl links were removed by Google, so I PM the OP and he gave me the decoded links.
Oh I didn't know they don't allow imgur. Here you go:
Level 2
Let’s see the two images:
Hmm images distorted with some black pixels, my first try was to try Stegsolve on the images, nothing :(
Let’s try some Hue, contrast and bit manipulation using Photoshop, I tried on different channels, still no luck. Let’s try to combine them and…
So we get the link
Level 3
Let’s open the link, And we are presented with a page with some blocks, each block having array of circles when hovered shows a gray circle or a circle with bitcoin cash image.
So I need all of them in hovered state, I tried to fondle with the source, I observed that it had tables with cell with class='o' for the BTC icons, I tried fiddling with JavaScript in Google’s developer console, but I was unable to force all of them in hovered state, so I got back the simple technique let’s save the page. And I got a single HTML page. Let’s see the HTML
Ahh, so I just added two lines on td.o block
And I got this
So we get Y5nNvfl.png, since the OP used Imgur for the the images, lets open it, nope no image found. Let’s go back to the error correction of the OP,
Okay so l=I Changing it gives Y5nNvfI.png which works.
Level 4
Let’s see the image:
So various cryptocurrencies logos with a . [dot] in the middle possibly link to another .png image. Lets see what each logo represent, Apart from ethereum I knew none none of the cryptocurrencies. So after a bit of googling I got to this site.
It had all the cryptocurrencies with its name and logo. Decoding each gives
Ethereum, Waves, Walton, Factom, Raiden Network Token, OmiseGO, Augur, Power Ledger, NEM, GXShares.
First letter of each cryptocurrencies gives us ewwfroa.png
But Imgur links are case sensitive and opening ewwfroa.png on Imgur doesn’t works. So we need to try all the Case combinations for the string ewwfroa and test if it’s valid or not.
So I thought of creating a simple Python script to do my job. Let’s test what Imgur returns for valid and invalid image links
So it gives 302 for invalid links and 200 for valid image links. So let’s make a simple script to automate our job
Running this gives us
So only one link, great! lets open it and it works
Level 5
So last part :D , let’s open the image
Hmm lots of same QR Code, lets use Photoshop and get the QR Code out
Decoding it gives us http://www.q5g.nl , opening it gives us blank page with its source code containing link to another site, opening another site and it’s seems some Netherlands’ site for coins. I tried to find something within the page source codes, tried to check if there was any open port to fiddle with, no success. Maybe I am going in the wrong direction.
So I got back to the image again, opened it in Photoshop fiddled with it, nothing :/
Let’s see if there is something hidden using steganography. I will use Stegsolve.
Ah, we find the wallet seed and its QR code in the “0 bit” planes.
Now all was left to access the wallet using the wallet seed and transfer the BCH to another wallet :P
Thanks to the OP agregat for the fun puzzle. Made me learn quite a lot, especially about cryptocurrencies. And..
Happy New Year..!!
