Daniel Henschel

Daniel Henschel

Random IT Solution Architect doing CTF challenges from time to time.

[HV22.H1] Santa’s Secret

less than 1 minute read

S4nt4444…..s0m3wh3r3 1n th3 34sy ch4ll4ng3sss…..th3r3s 4n 34sy fl4g h1ddd3333nnnn…..sssshhhhh

Solution

We know that the hidden flag must be somewhere in HV22.05, since it was first blooded there. Looking through the traffic dump again revealed nothing out of the ordinary.

Going to the 311k lines of the gcode manually doesn’t seem to be feasible, so some statical analysis could help. We know that each line is a single opcode and by filtering out analyzed ones we can reduce the amount of lines drastically.

First one to rule out should probably be G1, since this makes up for about 308k lines or 99% of the file.

grep -v G1 hv22.gcode

Next one is G92:

grep -v -E 'G1|G92' hv22.gcode

When we did that, it’s pretty empty in there, so not much to see here.

Next idea was to look for comments:

grep ';' hv22.gcode

This looks promising:

result of searching for comments

72 and 86 jump straight into my eye as ascii values for H and V respectively. Extracting all the numbers from there, putting them into cyberchef to decode it to ascii reveals the flag HV22{h1dd3n-fl4g!}

cyberchef configuration

Updated: