Walk Through 2021 Kākācon Badge Challenge
20 Nov 2021 - karit
So 2021 saw the first Badge Challenge for Kākācon, this will walk you through the challenge. Don’t read this post if you don’t want spoilers. The Entry Point section contains the entry point, the sections after that are a walk through.
Entry Point
Some people may have been enjoying Pepper Raccoon’s on the front of the sticker, but others would have also noticed there was something printed on the backing paper:
Challenge 1
The back of the sticker above was the entry to the challenge. I would image people would have done something like:
- Transcribe what was on the back:
w== UEQs ==https:// oQHwsUEQsEAw==https HhgFOwoQHwsUEQsEAw== nz/PxIZHhgFOwoQHwsUE kācon.nz/PxIZHhgFOwo tps://kākācon.nz/Px EAw==https://kākāco QHwsUEQsEAw==https: gFOwoQHwsUEQsEAw n.nz/PxIZH FO kākācon.nz s://kāk - Then align them:
w== UEQs ==https:// oQHwsUEQsEAw==https HhgFOwoQHwsUEQsEAw== nz/PxIZHhgFOwoQHwsUE kācon.nz/PxIZHhgFOwo tps://kākācon.nz/Px EAw==https://kākāco QHwsUEQsEAw==https: gFOwoQHwsUEQsEAw n.nz/PxIZH FO kākācon.nz s://kāk - Which collapses to
kācon.nz/PxIZHhgFOwoQHwsUEQsEAw==https://kākācon.nz/Px - Notice the pattern and overlap
https://kākācon.nz/PxIZHhgFOwoQHwsUEQsEAw== - Go to that URL, no dice.
- Does give a hint that need to do some more with the string.
- It looks like a base64 string, just base64 decode it and well that isn’t too helpful:
?.....; ........ - Have a look at the source for the page and there are some more hints:
<!-- Badge challenge notes: * There is no need to scan any boxes * There is no need to brute force/dir buster directories/files, the clues should give you all the information you need * Karit's word is final, rules can be as he sees fit, etc * Cyberchef is your friend --> <!-- Is this the 𝘦𝘹𝘤𝘭𝘶𝘴𝘪𝘷𝘦 thing you are looking for? 𝘖𝘳 is it something else? --> <!-- Nestor_meridionalis --> - So there is a few things to take away:
- Cyberchef is your friend, so chances are this and other challenges will need Cyberchef
- The word
exclusiveandorare in an italicised font, leading towards the need of an XOR - There the latin word for kākā included
Nestor meridionalis. - Plug it into CyberChef and get:
- Now what to do with the output
qwjjwwdgumbpxdjb - Perviously put it in a URL so why not again?
https://www.kākācon.nz/qwjjwwdgumbpxdjb
Challenge 2
The landing page for Challenge 1 has a link to an audio file of the Dawn Chorus. If you have a listen about 30 seconds there are some Kākā and Pīwakawaka calls which sound like Morse Code.
I envision it would have been solved something like:
- Listen to the audio Audio.
- Figure out the Pīwakawaka is a dot and the Kākā is the dash.
- Could transcribe it by ear or look at a visual representation in something like audacity.
- Will get:
.. . --. .... .- . -- ..- -- . .. -- . .. --. .... - Which becomes
ieghaemumeimeigh - Perviously put it in a URL so why not again?
https://www.kākācon.nz/ieghaemumeimeigh
Challenge 3
The landing page for Challenge 2 has four images on it all of which have some EXIF data in them:
I envision it would have been solved something like:
- Download all the images.
- Pipe them through something (CyberChef will do the trick) which will extract the EXIF data.
- Get:
- nohleRoh
- beeNae0A
- op9aeCai
- Tee6eghe
- Combine them together (based on image name) to get
nohleRohbeeNae0Aop9aeCaiTee6eghe - Perviously put it in a URL so why not again?
https://www.kākācon.nz/nohleRohbeeNae0Aop9aeCaiTee6eghe
Challenge 4
The landing page for Challenge 3 has the following message:
T OVJF NVL PEXF TG GV AEAEHVZ, OVJFRLIIN NVL FZKVNFX GOF HVZ. GOTY TY GOF RTWYG GTPF GOFWF OEY QFFZ E QEXUF HOEIIFZUF EG AEAEHVZ, WFEIIN OVJF TG TY SVWATZU EZX JFVJIF OECF PEXF TG GOTY REW. WPTVGUYJKRSFUPCX
I envision it would have been solved something like:
- This is a substitution cipher.
- Plug it into CyberChef once have figured out the substitution letters.
- One part of the message is English
RMIOTGSPJFWEGMVD - Perviously put it in a URL so why not again?
https://www.kākācon.nz/RMIOTGSPJFWEGMVD - And the that is the completion page.
