haKC.Codes
haKC.Codes - gold PCB raven above a green LED hex

//

█▀▀▀▀▄  ▀▀▀▀▄        ▄▀▀▀▀▄  ▄▀▀▀▀▄  ▄▀▀▀▀  
                                     
▄▀▀▀▀    ▀▀▀▄    █    █  █▀▀▀▀▄  ▄▀▀▀   
                                    
 ▀▀▀▀▀  ▀▀▀▀    ▀▀▀▀   ▀▀▀▀          ▀▀▀▀  

Every stage, cipher, and dead link the old games left behind - preserved here so nothing rots twice. Three archived games. Load the boards, read the writeups, hear the WAV.

01


▄▀▀▀▀  ▄▀▀▀▀▄  ▀▀█▀▀  █▄     ▄▀▀▀▀▄  
                         
  █    █    █  █ █  █  ▀▄█  
                    ▀▄█        
 ▀▀▀▀   ▀▀▀▀   ▀▀▀▀▀         ▀▀▀▀   

2014-2023 · 23 COINS · solve it inside out
COIN 0 minted face

The first coin. A self-contained puzzle carried entirely on the coin face. Coin 0 alone logged 28 phrase solvers and 4 who ran it to complete.

// HOW TO PLAY
  1. WAS a coin whose face is a rotary phone dial - an inner finger wheel ringed by micro-text.
    HINT "solve the coin inside out. Look at the finger stop. All buttons matter - except the pig."
    ACT read the dial inside-out to recover the phrase. Solving it earns an audio key.
> REVEAL SOLUTION (spoilers)
youfoundakey0 · THE KEY YOU EARNED
recovered from github.com/NoDataFound/coins - "there is no cheating in hacking ... you are a damn dirty cheater."
COIN 0 - solve it inside out
  The coin face is a rotary phone dial: an inner finger wheel and
  an outer text ring. Read it inside-out; the finger stop marks
  the start, and "all buttons matter except the pig." The way the
  characters are divided matters.
  -> reward: youfoundakey0, a Base64 RIFF/WAVE audio key (playable above).
Open boardPRIZE: 23 MINTED COINS
02


▄▀▀▀▀  ▄▀▀▀▀▄  ▀▀█▀▀  █▄      ▄█    
                            
  █    █    █  █ █    
                    ▀▄█        
 ▀▀▀▀   ▀▀▀▀   ▀▀▀▀▀        ▀▀▀▀▀  

2014-2023 · 23 COINS · Lost Wages
COIN 1 minted face

The second coin - a WELCOME TO LOST WAGES token dense with Leisure Suit Larry and Sierra On-Line references.

// HOW TO PLAY
  1. WAS a "WELCOME TO LOST WAGES" token packed with Morse, a Vigenere line, a phone number, and a Mad Lib.
    HINT one late-80s Sierra adventure ties it all together, down to the bar password.
    ACT crack the ciphers, find the password, follow "buy apple from barrel man, return to where you began."
> REVEAL SOLUTION (spoilers)
SUBMITTER SOLUTION - full solve write-up (image)
COIN 1 - Leisure Suit Larry / "Lost Wages"
  WELCOME TO LOST WAGES     -> Leisure Suit Larry (Sierra On-Line)
  "call ___-___-6858"       -> 209-683-6858 (Larry's Black Book)
  Morse on the coin         -> WHATISTHEPASSWORD? -> the bathroom
                               (faucet / steam / mirror) -> "Ken sent me"
  Vigenere, key TWENTY THREE:
    "Mk jvgb mov 23 Fyr wtcec yyfq ftnvre ktu lixnnr gh ualii c hq frzyg"
    -> "Buy apple from barrel man. Return to where you began."
  Speak & Spell secret code -> ABC..Z = FEOCBAZYXWVUTSRQPONMLKJIHG (Atbash)
                               -> also keys TWENTY THREE
  barrel man -> Donkey Kong / Wozniak -> Apple IIe / 2E / 23
  "PBELL" the evil mind -> Packard Bell -> ROT13 -> Cory ; plate IE723L
Open boardPRIZE: 23 MINTED COINS
03


▄▀▀▀▀  ▄▀▀▀▀▄  ▀▀█▀▀  █▄     █▀▀▀▀▄  
                              
  █    █    █  █ █  ▄▀▀▀▀   
                    ▀▄█        
 ▀▀▀▀   ▀▀▀▀   ▀▀▀▀▀         ▀▀▀▀▀  

2014-2023 · 23 COINS · The Neverending Story
COIN 2 minted face

The third and final coin - a Falkor puzzle built on the three gates of the Southern Oracle.

// HOW TO PLAY
  1. WAS a Falkor coin built on the three gates of the Southern Oracle, an AURYN, and a hexagon.
    HINT the gates are riddle, mirror, and will; the hexagon hides a QR.
    ACT pass all three gates, scan the hexagon, follow the eye to its key.
> REVEAL SOLUTION (spoilers)
SUBMITTER SOLUTION - full solve write-up (image)
COIN 2 - The Neverending Story / Falkor
  Three gates of the Southern Oracle:
    1  Great Riddle Gate - two Sphinxes; frozen until every riddle is solved
    2  Magic Mirror Gate - walk through your reflection
         "KJXW4J3TEBBW6ZDF" (upside down + backwards) -Base32-> "Ron's Code"
         -> Pyornkrachzark = the Rock Biter
    3  No-Key Gate - opens only when you lose the desire to enter
  AURYN "Tu Was Du Willst" = do what you want.
  hexagon -> QR (connecting lines) -> http://theeye.23.codes/  [DEAD: link rot]
    -> gist NoDataFound/320a09ccd9f69cc804344715bbd1c44d
    -> TheEye.Key.23 = b837a625b6512ebaf88690f97355397a767d172acd366642385cae6cc466e7a4
Open boardPRIZE: 23 MINTED COINS
02


█▀▀▀▀▄  ▀▀▀▀▄  ▀▀█▀▀  ▄▀▀▀▀   ▄▀▀▀▀▄  ▄▀▀▀▀  ▄▀▀▀▀▄        
                                                  
▄▀▀▀▀    ▀▀▀▄     ▀▀▀▀▄  █▀▀▀▀▄  ▄▀▀▀   █▀▀▀▀█    
                                                 
 ▀▀▀▀▀  ▀▀▀▀   ▀▀▀▀▀   ▀▀▀▀          ▀▀▀▀         ▀▀▀▀  

github.com/23isreal · audio + ROT13 chain
KEY 0 · STAGE-0 WAV · THIS IS THE PUZZLE
RIFF/WAVE · 8-bit mono PCM · 8000 Hz · "who>who"

The prize was one of 23 real @23isreal.com email addresses. Two boards tracked it: "The 23" (ordinals 0-22, the winners) and "The 23'd" - the overflow board, where solving past the slots earned a line of text and no address.

Stage 0 was the audio above - decode the WAV to move on. Stage 1 was a ROT13 string that resolved to a cryptobin.co URL. That link is dead now, and stage 2 died with it. That link rot is exactly why this platform exists: every asset now lives on hakc.codes, byte-for-byte, forever.

@zfasel solved the whole thing and declined his slot - rank -1 on the board, "Solved for Funsies - Did not collect."

// HOW TO PLAY
  1. KEY 0 · THE AUDIO
    WAS a Base64-encoded audio file - the WAV above.
    HINT in-file: "who>who (no spaces, all lowercase)".
    ACT decode the audio and follow where it leads.
  2. KEY 1 · THE ROT
    WAS a ROT13 string pointing at an encrypted paste.
    HINT the password is the answer you derived from KEY 0.
    ACT decode the ROT13, then decrypt what it points to.
  3. KEY 2 · THE PAYOFF
    WAS a claim ticket - one of 23 real @23isreal.com slots.
    HINT the decrypted text tells you exactly who to email.
    ACT email your key to 23@23isReal.com to claim your slot.
> REVEAL SOLUTION (spoilers)
KEY 0 -- Base64 audio file. In-file hint for key1: "who>who (no spaces, all lowercase)".
  -> the audio decodes as MORSE CODE to:  PFDKXIMFOXQBP.ZLJ
  -> PFDKXIMFOXQBP.ZLJ  is ROT3 of:  SIGNALPIRATES.COM
  -> https://signalpirates.com/  302-redirects to  https://www.youtube.com/watch?v=BmhnyDUlm0U
  -> in that video: "Yeah, I think I'm better than Chuck Swirsky!"  (a Max Headroom reference)
  -> so the who>who hint resolves to the key1 password:  maxheadroom>chuckswirsky

KEY 1 -- uggcf://pelcgbova.pb/q8e3y6g8  is ROT13 of  HTTPS://CRYPTOBIN.CO/D8R3L6T8
  -> https://cryptobin.co/D8R3L6T8  holds encrypted text; password is  maxheadroom>chuckswirsky  (from key0)
  -> decrypts to base64:
     RW1haWwgMjNAMjNpc1JlYWwuY29tIHlvdXIga2V5OiAzNzY5M2NmYzc0ODA0
     OWU0NWQ4N2I4YzdkOGI5YWFjZCB0byB1bmxvY2sgeW91ciBlbWFpbCBhZGRy
     ZXNzLg==
  -> base64 decodes to:
     "Email 23@23isReal.com your key: 37693cfc748049e45d87b8c7d8b9aacd
      to unlock your email address."
  -> 37693cfc748049e45d87b8c7d8b9aacd  is the MD5 hash of  "23"

HIDDEN FLAGS:  37693cfc748049e45d87b8c7d8b9aacd = MD5("23");  PFDKXIMFOXQBP.ZLJ as ROT3 (unconfirmed).
Open boardPRIZE: 23 EMAIL ADDRESSES
03


▄▀▀▀▀   ▄▀▀▀▀  ▄▀▀▀▀        ▄▀▀▀▀  █▀▀▀▀▄         █▄     █▀▀▀▀▄         ▀▀█▀▀  █▄     █▀▀▀▀▄  ▄▀▀▀▀▄   ▄█           
                                                                                        
 ▀▀▀▀▄  ▄▀▀▀     █▀▀▀▄     █▀▀▀▀   █  █  █  █  █ █  ▄▀▀▀▀   █  █  █    █  █ █  ▄▀▀▀▀   █  ▀▄█     ▀▀▀▀█  
                                              ▀▄█                      ▀▄█                           
 ▀▀▀▀    ▀▀▀▀   ▀▀▀▀         ▀▀▀▀          ▀▀ ▀▀          ▀▀▀▀▀   ▀▀ ▀▀   ▀▀▀▀▀         ▀▀▀▀▀   ▀▀▀▀   ▀▀▀▀▀         

CrypticBurrs · September 2014 · Android RE
Pwn2Win cipher.png overlay tile
cipher.png
Pwn2Win stream.jpeg steghide carrier
stream.jpeg
Pwn2Win cake.jpeg final carrier
cake.jpeg

A SecKC monthly Android reverse-engineering challenge. Install the app, decode the morse in an NFC tag, steghide the stream, overlay cipher.png to recover a key, then XOR the app's string to reach Key 1. The answer was SecKCake.

The Google Play store link is long dead. The original APK - v1.3.3.7 - is hosted here now, alongside every carrier image in the chain. The full artifact set is preserved so the puzzle stays solvable.

// HOW TO PLAY
  1. STAGE 00 · THE APP
    WAS an Android app with one button: "Push the button XOR die". It printed an encrypted hex string.
    HINT the string is XOR-encrypted; you do not have the key yet - move on.
    ACT save the string, then follow the developer-website link on the store page.
  2. STAGE 01 · THE MORSE
    WAS a morse-code string on the dev site (an NFC tag on-site at SecKC; a file if remote).
    HINT "this should be all lower case".
    ACT decode the morse to a URL, download stream.jpeg.
  3. STAGE 02 · STEGHIDE
    WAS stream.jpeg, a steghide carrier.
    HINT when steghide prompts for a password, leave it blank.
    ACT extract it - out come two encoded strings (one Base64, one ROT13).
  4. STAGE 03 · TWO STRINGS
    WAS a Base64 blob and a ROT13 blob.
    HINT one names cipher.png; the other names cake.jpeg.
    ACT decode both, fetch cipher.png and cake.jpeg.
  5. STAGE 04 · THE OVERLAY
    WAS stream.jpeg + cipher.png - two images with hidden visual data.
    HINT XOR/imagemagick fails; align them visually instead.
    ACT overlay cipher.png on a transparent layer over the stream to read a key.
  6. STAGE 05 · THE SECRET
    WAS cake.jpeg, a second steghide carrier.
    HINT the password is the key you recovered from the overlay.
    ACT steghide cake.jpeg with that key to read the XOR secret.
  7. STAGE 06 · KEY 1
    WAS the original app string from Stage 00, still XOR-encrypted.
    HINT XOR it with the secret you just recovered.
    ACT XOR to reveal Key 1 and email it to Cory to win.
> REVEAL SOLUTION (spoilers)
STAGE 00 -- The app shows "Push the button XOR die"; pushing it prints:
  d208128bf26a691375c6301863a48e6aa69eb32849889ee717b48663adaae5b3
  e0594d9597581e1ffc34681cff3ecfc271edace315d5513f85c0fe922ec10d5e
  387b0c7d9477439302c298a5
  -> XOR-encrypted; key unknown for now. Set it aside.

STAGE 01 -- The store page links the dev website, which yields a MORSE string
  (on-site: an NFC tag; remote: NFC.txt).
  -> decodes to:  HTTPS://SECKC.ORG/CHALLENGES/ANDROID/STREAM.JPEG
                  - THIS SHOULD BE ALL LOWER CASE
  -> download  stream.jpeg

STAGE 02 -- steghide extract -sf stream.jpeg   (password: blank)
  -> yields two encoded strings.

STAGE 03 -- decode the two strings:
  base64:  aHR0cHM6Ly9zZWNrYy5vcmcvY2hhbGxlbmdlcy9DMDgxMy9jaXBoZXIucG5n
        -> https://seckc.org/challenges/C0813/cipher.png
  rot13:   uggcf://frpxp.bet/punyyratrf/naqebvq/pnxr.wcrt
        -> https://seckc.org/challenges/android/cake.jpeg
  -> fetch cipher.png and cake.jpeg.

STAGE 04 -- The overlay. imagemagick XOR fails; instead add a transparent layer
  to cipher.png and line it up perfectly over stream.jpeg to read the key:
  -> e864228798ca169087ba45f1671ac2be

STAGE 05 -- steghide cake.jpeg using that overlay key gives the secret:
  -> "The Secret to decrypt the XOR is: SecKCake"

STAGE 06 -- XOR the Stage-00 app string with the key "SecKCake":
  -> Key 1 = fd09c583112c385fa7625178adb2038959d73960cf4d853a31cdb7f0f312f0a2
  -> email Key 1 to Cory. Win.
Open boardPRIZE: THE ANDROID APK