Here's a few of the click counts on each of the links:
- 77 on the starting treasure hunt page
- 22 on the default link
- 40 on the advanced link
I want to give a quick shout out to @harrison for helping brainstorm and create elements of this hunt. Putting this together took a bunch of work, and I can't say how grateful I am that so many people participated.
This treasure hunt included two tracks; a default track for beginners and an advanced track. Each track is mutually exclusive.
The second treasure hunt was announced in #announcements.
The link redirects to http://www.se.rit.edu/~mxw4185/the_machine/one_fish_two_fish/ (red fish blue fish). Because I was tired when I made it.
The page was originally from Nick Parlante and the solutions are the same. I won't solve all of them, but here's the first one:
The scrambled image looks like this:
When you add the following 3 lines...
im = new SimpleImage("iron-puzzle.png");
for (x = 0; x < im.getWidth(); x++) {
for (y = 0; y < im.getHeight(); y++) {
// code for each x,y pixel here
+ im.setGreen(x, y, 0);
+ im.setBlue(x, y, 0);
+ im.setRed(x, y, 10 * im.getRed(x, y))
}
}
print(im);...you reveal the hidden image:
The fourth problem is different from the others. At first the image looks like a rabbit:
But when we filter out the green and red like this, we get a message.
im.setGreen(x, y, 0);
im.setBlue(x, y, 10 * im.getBlue(x, y));
im.setRed(x, y, 0);
You take the blue -- your treasure hunt goes exactly how you hope. you help your dinosaur friend. Then... it's over. (default) googl XGK0bR
This link takes us to the default track.
If we filter out the green and blue, we get the rest of the message.
im.setGreen(x, y, 0);
im.setBlue(x, y, 0);
im.setRed(x, y, 10 * im.getRed(x, y));
You take the red -- you meet someone new in need of your help. You'll stay in Wonderland and see how deep the rabbit-hole goes. (advanced) googl Jna2H4
This link takes us to the advanced track.
The default track is started by going to the link https://goo.gl/XGK0bR, which redirects to http://www.se.rit.edu/~mxw4185/the_dino.
In it, we're given a link that explains steganography, a link to an image file on Dropbox, and a link to message @prophet_orpheus on Slack.
I use steghide, but feel free to use your own tool here:
$ steghide extract -sf safe.jpgThe output image is a cookie on top of a pile of cookies:
Now we can send this back to @prophet_orpheus for fun and profit!
The advanced track is started by going to the link https://goo.gl/Jna2H4, which redirects to a 404 at http://www.theverge.com/exif-data-may-have-revealed-location-of-fugitive-billionaire-john-mcafee.
The title in the url gives us the information we want. We'll need to check the exif data in the rabbit puzzle image.
$ wget http://www.se.rit.edu/~mxw4185/the_machine/one_fish_two_fish/rabbit-puzzle.png
$ exiftool rabbit-puzzle.png
ExifTool Version Number : 10.00
File Name : rabbit-puzzle.png
Directory : .
File Size : 481 kB
File Modification Date/Time : 2017:01:16 00:23:09-08:00
File Access Date/Time : 2017:01:16 01:29:41-08:00
File Inode Change Date/Time : 2017:01:16 01:29:41-08:00
File Permissions : rw-rw-r--
File Type : PNG
File Type Extension : png
MIME Type : image/png
Image Width : 800
Image Height : 600
Bit Depth : 8
Color Type : RGB with Alpha
Compression : Deflate/Inflate
Filter : Adaptive
Interlace : Noninterlaced
Author : goo.gl/imhboU
Image Size : 800x600
Megapixels : 0.480The Author field gives us a link to https://goo.gl/imhboU. Unfortunately, this page has a redirect loop between mars and space. If we grab the html file with curl, we can read it without redirecting:
$ curl http://www.se.rit.edu/~mxw4185/redirect/space.html
<meta http-equiv="refresh" content="0; URL='/~mxw4185/redirect/mars.html'" />
<!--https://hackclub.github.io/nasa-blog/-->Now let's to go https://hackclub.github.io/nasa-blog/.
We need to get past the sign-up pop-up by deleting it.
Great! Now we have access to the page.
Download the corrupt images from the Columbus satellite. The image is base64 encoded, so we'll need to decode it with this:
$ wget https://hackclub.github.io/nasa-blog/columbus.jpg
$ cat columbus.jpg | base64 --decode > output.jpgNow when we open output.jpg, we'll get a QR code.
This QR code gives another link: http://www.se.rit.edu/~mxw4185/rabbit_hole.
The end of the rabbit hole links to http://www.se.rit.edu/~mxw4185/the_den and https://whispering-journey-18325.herokuapp.com ("pandora's box"), but it looks like it's locked right now:
But wait! There's something on the rabbit hole page right under the last line. Zoom and enhance.
Let's check the source code:
The link in that message sends us to http://www.se.rit.edu/~mxw4185/the_den/entrance.html
The Roman god of war was Mars, whose largest moon is Phobos. Let's chat with @prophet_orpheus and tell him what we found.
@prophet_orpheus will give us a picture of a cookie on a cookie.
sessionToken=cGFuZG9yYSAg
Now if we head back to https://whispering-journey-18325.herokuapp.com with the cookie we can pass. This takes us to "an open box".
Be careful of refreshing though -- the server keeps track of
- IP
- localStorage
- cookies
and the clue-giver's message will disappear if you reload the page.
From here the last step is to message me (@msw) either of the two messages.
Making these takes a ton of time (approx 18 hours for the last one), so thank you again to everyone who participated. You made it worth the time. I hope to put together a much more beginner friendly one coming soon.
P.S. All screenshots were included with users' permissions.
