VandyHacks VII vh quest Creator's Writeup

Posted on 08 Oct 2020 by Aadi Bajpai

Last updated 22 Nov 2020 at 6:40 pm
permalink

Last week was VandyHacks VII, Vanderbilt's cool annual hackathon. It was awesome, I had a great time with great people. I was the only Fall recruit to the VandyHacks board, and I knew I had to underpromise and overdeliver. Thus was born the squirrel from VandyHacks. I wanted to chronicle a part of it for posterity, so here we are, approximately a month and 1250 words later.

What is the squirrel from VandyHacks?

"the squirrel from VandyHacks" is a very special Discord bot created for VandyHacks VII with a slew of commands and easter eggs to enhance hacker engagement and provide key hackathon info right on Discord. Without delving too much into all that, the important idea is that I baked in a vh quest command that essentially activated an 8 challenge long mini CTF. Why this was a good idea, I'm not sure but it got a good response so yay.

If you're curious about the bot, look at it at https://github.com/VandyHacks/the-squirrel-from-VandyHacks.

Here’s like the top three most used commands in the hackathon Discord server, just so there is a record (I also wanted to use a markdown table). I think the schedule command especially was way more popular than I expected.

command uses
vh pat 1391
vh schedule 249
vh when 145

Quest challenges

The challenges, the flags and some of the motivation behind each of them.

Level 0

welcome to vh quest! this is a ctf-style, fun treasure hunt where you look for flags like vh{yes_this_is_a_flag_hehe} hidden in places with cryptic clues to advance to the next level. Flags are always in the vh{} format. Feel free to reach out for hints and good luck on your quest! <:vh_heart:>

simple introductory level, since I did not expect a lot of people to have prior CTF experience or know the flow. And since this was like a side quest, I did not want to make it too hard either.

the answer to this one, of course, was vh{yes_this_is_a_flag_hehe}.

Level 1

----[-->+++++<]>.++[->+++<]>.-[----->+<]>.-------.+[->+++<]>++.+.[--->+<]>----.--[->+++++<]>+.+[->++<]>+.+++++++.-------------.++++++++++.++++++++++.++[->+++<]>.+++++++++++++.[-->+<]>---.+[--->++<]>-.[->+++<]>-.>--[-->+++<]>.

I am sure some of you will instantly recognize what this is, the esoteric language known as brainfuck.

If not, there was still hope. Googling all of it or part of it could lead to bf. Another interesting observation was that this was syntax highlighted on Discord, hinting towards a programming language. In fact, if you did inspect element on the message, you could see the ```bf in the raw message, giving away the language.

On decoding, this yields us the flag vh{tabr1el_is_l3wd}, which somewhat references the next challenge, as well as an easter egg.

Level 2

Did you tell Tabriel Ging how much you love VandyHacks? He's asking that frequently.

image-20201109014230404

Most participants had gone through the FAQ on the website, so probably had no problem connecting that to this challenge. Either way, asking that frequently was deliberately put to hint towards the FAQ. The flag being vh{v1rtually_the_be$t_<3}.

VandyHacks VII Co-Prez Gabriel Ting got a lot of few DMs from confused participants so that was an added bonus…I mean collateral damage.

Level 3

everyone ask what is vh, why is vh, no one ask how is vh

Use the vh how command, except with the full question, so vh how is vh and it will respond to you with the flag.

Giving us the answer, vh{aww_thx_4_asking_heart_emoji}.

Level 4

This is off the record, but we're really digging the website this year. Are you? ;)

Probably one of the harder challenges in this quest. This required digging into the the DNS records of the website.

image-20201109014723991

See something familiar? vh{p/q2-q4!} and brownie points if you know what that is.

Level 5

this level has no answer, literally, it's an empty string. But you can still get past it, I believe in you!

First off, this flag was indeed an empty string which you can verify from the source code. However, sending an empty message on Discord required some thinking or luck or a combination of both.

tl;dr send any image or file.

Once I explain it, it will seem simple but it is hard to arrive at this yourself I think. Anyway, so it is a reasonable assumption that all messages on Discord are messages in the technical sense of the word. When would that be truly empty? Because any message you type and send, it would still put the string you sent in the message field even if it is a zero width character. But a text message is not the only type of messages seen on Discord—there’s rich embeds, files, images etc. And when you share an image or attachment, you can add a message to go along with it (what if you didn’t). That would set the message to be empty and clear the challenge🎉

One participant completed this one in a very interesting manner unintentionally which kind of made it worth it for me.

img

Level 6

you are ‎nearing ‎the end. ‎Your ‎flag ‎is ‎here, ‎‎wrap ‎it ‎‎in ‎‎vh{} ‎‎also ‎‎‎‎‎it's all uppercase.

Hardest level I think. Mainly because there’s not a lot to go on with, just the “your flag is here” line which is hard to decode. If you look at the message closely, you will learn a terrible truth Chancellor Palpatine is a Sith Lord, there’s all sorts of weird characters in that message.

image-20201109021905358

Except they’re not really random, you’ll see it’s just two characters repeating &#8203; and &lrm;, which is a zero width space and a left right mark respectively. Both of these take up zero space, which is why they were discreetly squirreled away in the message. What’s the simplest way to encode something with 2 characters? Probably either binary or morse code, and you can observe it is not binary since the sequence lengths are inconsistent. One morse code decode later, you are left with HIDDENFLAGL3ZG0. Follow the rest of the instructions in the challenge text and you get vh{HIDDENFLAGL3ZG0} :)

Level 7

Dark web? More like dork web. Find the teapot, vhviippzyvdissgj 🧅

Yeah. You’re right. I really did set up a whole onion service just for the challenge with a vanity url. Overkill? probably. Fun? for sure. Hotel? trivago.

I’m especially happy I managed to make it begin with vhvii but also fit pp and diss and gj in there. Well there you have a starting point, if you visit that url using Tor Browser or Brave or insert tool, you will be greeted with:

img

Which…isn’t much but hey that’s not the point here. Now where do you go from here? Looking at the second part of the challenge text, you’re supposed to find a teapot of all things. Googling a bit for “teapot website” and related stuff might lead you to https://developer.mozilla.org/en-US/docs/Web/HTTP/Status/418 which is a reference to an April Fool’s Day Joke by the Internet Engineering Task Force that actually got implemented.

Going to /418 on the website, you get:

img

Look at the source code:

img

vh{this_is_the_end_im_sad} and I was sad :(


ctf, vanderbilt