In April 2016, I got bored and created a second crypto trail on
www.bentasker.co.uk. Unlike the first this trail wasn't confined to a single domain, or even to just the clearnet.
However, in order to follow the trail, you needed to be able to access a site served using a V2 Onion. However, V2 onions have since been deprecated and are no longer accessible.
The trail is now broken.
But, it is still possible to complete the challenges, so this post will begin by presenting the challenge and then will provide the solution.
You don't need to solve the challenges in any given order, but you will need to combine the answers to each in the correct order to be able to move onto the final challenge
Hey, if you type in your pw, it will show as stars
At this point, you should know what to do
. . . . . . . . . . . . . . . . . . . . . . . . .
This section details how to follow the trail.
Challenge 1 Solution
The user is presented with two images, one of which is a QR code (source2.gif), the other(img.gif) is a white block with black dots.
img.gif was created by XOR'ing source2.gif with the image we're trying to recover
convert img.gif source2.gif -fx "(((255*u)&(255*(1-v)))|((255*(1-u))&(255*v)))/255" img2.gif
When scanned, the QR code should give the string
Challenge 2 Solution
Challenge 2 is actually reasonably straightforward, the user is presented with a string, they simply need to recognise that it's a hex dump of a gzipped string
echo -n "1F8B0800FEE995560003CBC84ECD342D4BCACD294BCAB4CC4ACECB29F7E302000CA9C24B14000000" | xxd -r -ps | gunzip
Will give them the result
Challenge 3 Solution
The user is presented with a JPG of a gerbil. A quick check with strings shows there's a comment
strings gerbil.jpg JFIF %Srtzrag vf: mA3pwQkoC92ZGJzQzq5Macl
The comment has been ROT13'd (the hint being that
vf rotates to
echo -n "Srtzrag vf: mA3pwQkoC92ZGJzQzq5Macl" | tr $(printf %13s | tr ' ' '.')\a-z a-za-z Segment is: zA3cjQxbC92ZGJmQmd5Mnpy
So, the next segment is
Challenge 4 Solution
Challenge 4 makes reference to a common meme, and then links to an encrypted zip file. The password for that file (in keeping with the meme) is
Extracting the zip gives a file called
ans, which contains
0000000: 4834 7349 4350 7237 6c56 5941 4132 4675 H4sICPr7lVYAA2Fu 0000010: 6333 646c 6369 3530 6548 5141 4338 374c c3dlci50eHQAC87L 0000020: 4e76 544c 6361 324d 4369 3378 4358 5a7a NvTLca2MCi3xCXZz 0000030: 4c50 634e 4353 784e 3941 6771 5358 4b30 LPcNCSxN9AgqSXK0 0000040: 7465 5543 414c 732b 4d46 5164 0a41 4141 teUCALs+MFQd.AAA 0000050: 410a A.
Passing that back through xxd will give a base64 encoded gzipped string, so solving the challenge is as simple as
cat ans | xxd -r | base64 -d | gunzip
Which will give the final part of the string
Challenge 5 Solution
In order to get the URL for Challenge 5, the answers from the previous challenges must be combined and base64 decoded
echo -n "NnpkZ2g1YTVlNnpwY2hkei5vbmlvbi9jcnlwNzA3cjQxbC92ZGJmQmd5MnpySnk1NlEyZUtLSFAwMTQuaHRtbA==" | base64 -d 6zdgh5a5e6zpchdz.onion/cryp707r41l/vdbfBgy2zrJy56Q2eKKHP014.html
The trail is broken at this point - it's no longer possible to access
6zdgh5a5e6zpchdz.onion and the source file of that step has been lost to the sands of time.
However, when accessed, it displayed a HTML based QR code - when scanned that code yielded the string
The string is a base64 encoded gzipped base64 encode of a string in the CP1081 character set, so the user needs to expand and then convert it
echo -n 'H4sIAAQDllYAA7O0SDOwLPbPsTTNdMrwiggKNk31zDHSjkhP9M5MK0gq0E7LCjJL9HHO8AwPLwhIispIS3Oz0A8ONSnxyDEMtLXlAgCZKDyNQQAAAA==' | base64 -d | gunzip - | base64 -d | iconv -f CP1081 -t UTF-8
This gives the URI to access for the final destination -
When accessed, the following page was rendered
And what a reward it is...