Description

"When we analyze software from previous eras, we're essentially interpreting artifacts from digital civilizations that no longer exist in their original form. We look for signatures, patterns, anomalies - just as archaeologists examine pottery shards for cultural markers." This mantra from your cyber archeologist team leader Dr. Elijah Okafor resonates in your head. Following your mission of pursuing old software from previously vanished civilizations, you heard of a mysterious system remaining on and went with your team to the location from where detected activity came from.

From the runes your team was able to decipher, once upon a time, a 4 people gang developped
a piece of software no one has heard of until now. One of them liked chiffrofêtes, with cybersous,
another one loved making useless games. A third one was born on earth only to reinvent the wheel 
and constantly rebuild the objects he used. The last one dedicated a passion for weird machines. All of
them dedicated a cult for building the most complex and intricate code ciment so that no one could 
ever recover the secret it held.

Your associates made huge progress on these runes, yet you wonder: how did they managed to get the meaning
of chiffrofête from the runes?

Avoiding this question, you get your eyes on the rock above you. Apparently, the hard work remains.
Millions of little runes, apparently grouped in a Trente-deuzet form, were sculpted on it, as well as
a strange lobster. You finally merged all the characters and obtained a specimen of a rare and vanished
format your team previously recovered. It seems the PDF you got was a receipe for building the network,
but you suspect it contains hidden gem and decided to process it for further investigation.

Your mission is to analyze the relics found by your team, and to discover as much as possible about the internals of these weird pieces you just unveiled. Once your goal achieved, you'll record all of your discoveries about the vanished civilization.

Help the team to discover what secret is embeded within the ancient runes at https://static.sstic.org/challenge2025/strange_sonnet.pdf.

Good luck!

PS: A little anti-frustration-stegaguess hint: for each new image you get for step0 (in the expected order, from the main support first two), there is a visual way to confirm you are on the right path. The final image should be cristal clear (with no need for URL bruteforce)

Hint 1: They are 4

Hint 2: Entering pdf specification is required, you may need a good Netflix subscription

Update (27th April, 2025)

Erratum: The right version for step2 bridge.py after step0 was intented to be bridge_expected.py. If you intend to get the points for the quality ranking, you must provide a version of your exploit that exploits this version of the bridge. The bridge_expected.py is available by providing step2:[flag for step2] basic authentication.

Update (6th May, 2025)

The SSTICKYLEAKS whistleblowers pinpointed the SSTIC challenge for steganography abuse, revealing the link obtained at the end of the prologue to make the world a better place.

Take advantage of the public breach to access the rest of the challenge: http://163.172.109.175:31337/b907ad32532f245a77637badbef8be3d/

And for those who already solved it, don't panic the prologue flag will keep you ahead of others.

Leaderboards

All dates are GMT+2.

Speed category

Rules

• The challenge is open to all individuals, except members of SSTIC's steering and program committees, as well as members of the organization team.
• In order to be eligible, participants must find an e-mail address ([0-9a-f]{64}[a-z_]+@sstic.org), send an e-mail to this address, and then send a write-up of their solution to the challenge before the end date of the challenge.
• Write-ups shall be written in either French or English, and be as detailed as possible. They will be evaluated by a judging panel consisting of both the challenge authors and SSTIC's steering committee.
• The challenge runs from 2025-04-25 18:00:00 GMT+2 to 2025-05-25 18:00:00 GMT+2
• A participant may compete in both categories and win multiple prizes.
• This is an individual challenge: teams are not allowed to participate. However, the "call-a-friend" option is tolerated.
• By submitting an entry, participants agree on having their solution published on this page and associated to their name (or pseudonym).
• In order to claim prizes, winners are required to share their identity with the STIC association.
• The challenge may be extended if there are less than three valid solves.
• Do not attack the challenge infrastructure in any way. There is no need to run automated tools such as scanners nor to conduct any network bruteforce.

Prizes

There are two distinct leaderboards: speed and quality. The speed rankings will be updated over time as we receive validation e-mails. Please note that in order to be eligible in the speed category, you must still provide a write-up for the challenge, even if you do not wish to take part in the quality category.

The quality leaderboard will reward the most detailed, elegant and best-written solutions. Therefore, even if you are not among the fastest finishers, you can still aim to win a prize by writing a high quality report. The winner of the quality category will also be offered the opportunity to give a talk about the challenge solution during the SSTIC conference. More points regarding step2 will be awarded as described above within the update of the 26th April.

The top three of each leaderboard will win the following prizes:

• 1st place : HackRF One R10 - Complete pack with antenna & Portapack H2M Mayhem + an entry ticket for SSTIC 2025 (Your place will be refunded if you already have one)
• 2nd place : LiteX Acorn Baseboard Mini +SQRL Acorn CLE215
• 3rd place : Raspberry Pi 4 modèle B - 8GB

Prizes can be exchanged by mutual agreement between contestants.

Contact

Please write to challenge2025 on domain sstic.org for any question or issue.

Root

Challenge made by Alka & x86-sec (bmorgan)