So any idea?

[quote=freewind1012]Is this level related to steganography?[/quote]

Yes. Both cryptography and steganography.

Hmm really not sure about anything here…
Using an iPad, so I Can not do much about the picture.
But text, Well if you read all words after : you get Hex, Col and Row. Hex, I know, and googled row… Found something Called RACE, used to encode chinese signs. Couldn’t find much about Col.
Then googled the hint, and Found this chinese sign: ?

Not sure if I’m just Waaay out (probably am)… But that’s what I got so far…. Hopefully get to use a computer, without a stupid website blocker.

So Keeper, do we have to download a lot of programs to do this? Or is it possible only with a browser :)
-Kabue

After googling the hint, I got a KOREAN character…which is also set in a table…There might be something about that…

I think it means that we have to navigate using the Col and Row and at the intersection point of it we have to replace the corresponding value with the given Hex value !!
Hopefully this makes sense ! ?

[quote=Kabue]So Keeper, do we have to download a lot of programs to do this? Or is it possible only with a browser[/quote]

You don’t need anything else but a simple hex editor and internet connection (thus, obviously a browser as well).

I think the hint has to do with a certain point at the image and not a character.

i can get to the ‘second part’ but can’t go on from there :/ is the answer related to the person?

Need some clarification please, do we need to use other sites? (i’m referring to the “small” thing)

kamzhik is correct. 0xBBA5 is not meant to signify a character.

[quote=jnpa]is the answer related to the person?[/quote]

Indeed it is. Part of the solution is related to him. As it’s stated in the description of the challenge - symbolic hints are spread throughout the entire mission. As you reached to that image of him, remember what was also mentioned - “tiny”, “substituting”. Those words are not in italics for no reason. Allegory.

Now as for the rest, I’ll be giving directions here or in any other thread but please don’t PM me simply because other people also deserve to share in the discussion. If anyone wants to find out whether he’s in the right direction, he can PM me. But answers will be limited to “Yes” and “No” only. So hints will be given only here.

As a matter of fact, I wanted to present people with something new as a style of competition. Cicada 3301 organize similar events every year. However, theirs' are far more perplex but still solvable. Don’t get me wrong, this challenge is not that hard so don’t overrate it.

And for a little motivation for all of you, I’ll be giving away a copy of my modified version of the non-alphanumeric PHP backdoor to the person who first solves the challenge. Here’s a preview of the reward.

[quote=kamzhik]Is it just a coincidence that “” and “.” are listed below the “tiny” thing or do we actually have to visit the site ****.?[/quote]

Nothing from what makes sense is there by sheer coincidence. Look a bit further.

Okay so I have googled this character ? (Korean) (0xBBA5) it shows as Myuk (English). I used google translate to translate it to English. Need to do some more digging and research in this.

tlotr, it was mentioned before, 0xBBA5 doesn’t signify a character.

I guess some of you are unable to read.

I think we should remove the “0x” at the hint.

@kamzhik: Then that hint doesn’t make sense anymore. :)

@Keeper: The first image is no doubt a clue to another clue(s). But is it usable again? Is it the important resource of this level or just a leading clue?

[quote=freewind1012]Keeper: The first image is no doubt a clue to another clue(s). But is it usable again? Is it the important resource of this level or just a leading clue?[/quote]

Both.

Is it some kind of alphabetic cipher involved?

Probably. There’s only one way to find out.

A little bit of information concerning the prize I’m giving away:

• Semi-nonalphanumeric one-line source code
• Database browser and modification menus
• PDO-based with adjustments for IDS/WAF bypasses
• Additional obfuscation within the declaration of variables/arrays/functions using Kanji symbols, Hepburn romanization system and particularly alt symbols
• Hexdecimal/alphanumeric client-sided password generator
• Arbitrary file uploading to a certain directory
• Server information for the basic configuration settings on the server
• Arbitrary command execution (both DOS and *NIX)
• Directory traversal menu for browsing directory contents

Previous features can be found here. And also, on a side-note; if the winner tries to redistribute the backdoor or gives it away to anyone else, be sure that I’ll find out.

Thanks for the new stego,

[quote=level]
Password::
[/quote]

I wonder if this is a clue or a typo…

potentially spoiler heavy, potentially just incorrect and misleading. I’m playing it safe though.

Here, have my thoughts…

[quote=Keeper]
You dispose with an image and a .txt file
[/quote]

I have done things to the image using a tool already mentioned in this thread, I just have no idea what to do with the result(s) now.

There are 2 lines in the description that are bothering me a lot:

[quote=Keeper]
Take your time and apply logic above all else
[/quote]

My initial thought from this was audio (given logic software and time–>frequency clue). I have tried screwing with them as audio but with no success. I am also reluctant to spend much time pursuing that avenue as we are told we do not require special software.
[/spoiler]

<!-
I guess this could also be referring to logical operators, of which there seem to be some in the png. There could be some post-stage-1-manipulation to the image here.
[/spoiler]

[spoiler]
The double colon mentioned in my previous post is also an operator.

Or this line may mean nothing and be only a distraction.

[quote=Keeper]
There are tiny little hints spawned throughout the scope of the objective (substituting one in order to get another and so on).
[/quote]

I hate this line so much, as it confuses what I have done so far!
[spoiler]
Should I have applied the edit sequentially to get more clues (it doesnt obviously help
doing so) or is it simply pointing towards what I have already done so far.
-!>

I’ll let you know if I think of anything or make any progress

kamzhik gets the prize. He managed to beat the challenge 49 minutes ago.

I’ll be giving away more prizes when I get to develop the next mission and possibly ask flabby to upload it. Gratz to him and good luck to the rest.

I have noticed that @kamzhik had completed this level. So he would give us some hints to solve this one. :p

I’m afraid Keeper won’t let me :P, all i can say is: don’t pay attention to the hint for now, that comes last. It’s pretty hard actually so Keeper, don’t say it isn’t :P. Good luck.

@kamzhik & @Keeper: Fine. Let’s keep something challenging and unique for HackThis!! ;)

No more hints, lol. But I will open this thread about 3 days for further discussions from another members. :p

That’s why I mentioned that it’s harder than the previous ones. And it is complex just for public boards' standards while on a larger scale, it’s figured out merely at the blink of an eye (but that’s another topic).

Just a side-note; as for the prize, just alter the values of the initial PDO constants and you’ll be able to connect to the database.

freewind: Well let’s try it.
Keeper: Will take a look at it later, thank you.

@kamzhik: Yeah, thank you. My problem: I haven’t known what “key” was and what “plain text” was in that kind of cipher. Or maybe I had got lost somewhere before, lol.

Does that mean you found the cipher method?

[quote=me]Is it the important resource of this level or just a leading clue?[/quote]
Maybe I did. That was why I asked @Keeper that question. If it involves in some kind of cipher, we have to decrypt something. But where is the key and the encrypted thing? :p

Keep looking :p you have probably found it, but don’t know yet.

Are we using the hex editor to change how the picture looks? I just saved the file after editing hex values (using the .txt file) and the picture looks different.

P.S - I think this thread has enough hints now. :)

@Hybrid71: No, it’s not. But I will close it tomorrow as I said.

Close thread as said. ;)