15 November 2016

CTF announcement Easter Egg write-up

CTFzone announcement was published on different websites a few weeks before the start of the CTF.

When potential players looked at this announcement, they could notice a bit weird text formatting.

Anyone with a trained eye could recognize that the words were separated by one or two spaces. It meant that there was some information encoded in the message.

There are many codes that can encode information in that way, but there is only one relevant to this case: one space encodes ‘0’, two spaces – ‘1’. After decoding players could get a binary line:


Upon ASCII translation of the line, players would get the link ‘promo.bi.zone’. It was the end of the first stage of this task.

When players tried to follow this link, they would find out that the website was inaccessible. Website examination with NMAP, for example, could reveal that there were two open ports – 22 (ssh) and 90. Port 90 contained large BI.ZONE logo with QR-code at the bottom of the image.

Behind QR-code was a small text – ‘Try to find me(; Father calls me ctfzone’. Apparently, the task was to find someone under this nickname in the open source.

The phrase ‘Father calls me’ is a hint for Telegram bot ‘BotFather’ which register other bots. There is a bot in Telegram under the nickname @ctfzone.

First message from the bot would contain the task to solve a few Sudoku. There are many ways to solve Sudoku, for instance, through pythonsudoku module. After ten successfully solved Sudoku tasks, bot would reply with a message: ‘Post your flag on twitter with #ctfzone and mention @CtfZone: flag’.

Having published this tweet, players could get their prizes.

The first player who solved the whole Easter Egg task received ZN2016 invitation, others picked up their prizes at the conference.