Cr0wn_Gh0ul’s Point puzzle write-up

Making sense of the “point”

PNG Analyzer output for Point.png

Extracting the data

  • there is at most one pixel per row
  • rows where pixels exist are prime numbers (2,3,5,7…) which doesn’t give us much data
  • the color code of each pixel decreases FFFFFF -> 00FFFF -> 0000FF -> 0000D9 for a total of 549 non-black pixels, giving us an order for the pixels (top to bottom)
  • the column where the pixels occur jumps a lot in a somewhat random manner, meaning that the column index is where the real “data” is stored
The entire image rescaled to fit a single screen, with the non-zero pixels marked with x. The Y axis labels are reversed because I was too lazy to fix that.
pragma solidity^0.6.0;import{!} from "./!.sol"; //0x6dd0de8217fe67382fdfa0f72eea4cff674c3814 0x2ae0783dcontract Soulve{
/*some big hex strings*/
bytes ?=hex"86E996013E77C41699000E0941D480C046B2F71A4F95B350AC1A4D426372923D8A4561D96FBFB0240595907201AD3225CF6EDED7DE02D91C386FFAC280B732EE4C9C0042007AF5E6D42D8960F00E716A8801A37FC23EA0E7ED4BE6CE248996EF61EF6A1F936B47A101EA5BC3C2467938BD4D3CDB3B2F5CB8FEA75665BF6D4195";
bytes ??=hex"0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010001";
/*yeet*/
function soulve(bytes memory _???,bytes memory _????) public payable{
/*o.O*/
require( keccak256(abi.encodePacked(_???)) == keccak256(abi.encodePacked( keccak256(abi.encodePacked(msg.sender)) )),'0xD15EA5E');
/*ez*/
uint !!! = !.!!(_???,_????,??,?);
/*soulved?*/
require(!!!==0,'0xD15EA5E');
/*swag*/
msg.sender.transfer(address(this).balance);
}
/*load the loot*/
receive() externalpayable{}
} /*contract*/0x910EF5d8c822EEadcA68B4f82bbFd35Ac47E49C9

Putting the crypto- in cryptopuzzles

/*some big hex strings*/
bytes ?=hex"86E996013E77C41699000E0941D480C046B2F71A4F95B350AC1A4D426372923D8A4561D96FBFB0240595907201AD3225CF6EDED7DE02D91C386FFAC280B732EE4C9C0042007AF5E6D42D8960F00E716A8801A37FC23EA0E7ED4BE6CE248996EF61EF6A1F936B47A101EA5BC3C2467938BD4D3CDB3B2F5CB8FEA75665BF6D4195";
bytes ??=hex"0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010001";
function soulve(bytes memory _???,bytes memory _????) 
require( keccak256(abi.encodePacked(_???)) == keccak256(abi.encodePacked(  keccak256(abi.encodePacked(msg.sender))  )),'0xD15EA5E');
uint !!! = !.!!(_???,_????,??,?);
PUSH20 0x6dd0de8217fe67382fdfa0f72eea4cff674c3814
PUSH4 0x2ae0783d
-----BEGIN RSA PRIVATE KEY----- MIICXgIBAAKBgQCG6ZYBPnfEFpkADglB1IDARrL3Gk+Vs1CsGk1CY3KSPYpFYdlv v7AkBZWQcgGtMiXPbt7X3gLZHDhv+sKAtzLuTJwAQgB69ebULYlg8A5xaogBo3/C PqDn7UvmziSJlu9h72ofk2tHoQHqW8PCRnk4vU082zsvXLj+p1Zlv21BlQIDAQAB AoGAet8zJ17lZUnPfyVJeRM5T+UUCcmEwirWRmiOBPDd4CL8U8SSbByBJ82OMkgj DsKlfQ7VFnW00lfJbvNLQj+Xue63JxGXzZJF6CEmZCfjJNcjhU5WwGSQhtxvdnO8 SXXvsZ+PyzEKnzUC/UJaamSeWvapRefAyXCRwaz/uh4oXgECQQC518i7Ibrvzyis 9DvqX6ZhdVnjf0Xn7uFSUNEv25254VrzG0DaGRvw0hmkI3TIf2qs8PILMfQ3jM2y knHXKhaxAkEAudfIuyG6788orPQ76l+mYXVZ439F5+7hUlDRL9udueFa8xtA2hkb 8NIZpCN0yH9qrPDyCzH0N4zNspJx1yoaJQJBAJcUg00OCMi3opuoGaVZiQsluaOm bhA1NNwUc1rysPDR8Xw9JaWoT/yg8NNtN51faDubzUmonJ8kSnznbMC8qKECQQCD fnXuSoB9m8N5FNqsC/+qp6DxgiVRZUmSt9I7nZXtZtG2f8sURn3pmI9B/0BreRRe x6FLYI4fHAaTWmEoUAbtAkEAhy12ftkdHQ5IvFrFpPmzOrnY1v8Jb6cYT0bygqp1 VRrwx2r9pr9wtBcVi/OQT89byIIU1cEBRoX7jldoPBIpaQ==
-----END RSA PRIVATE KEY-----
const Web3 = require("web3");var msg = "0x7eeff479b292b22e03afce25b0307af72018544f6959a368c3da16de239a0518"; //keccak256 of account.address
var sig = "0x51ed39ed5b06cf4315fae3ae237aa32692b57a4ffe4ed32556116913a2009f9c6b7e9a23c9c403bd221c86971f4a396df95657a418142991a24c4aa95359b55ea9cbffae160c839c8ca136321b7151f08c9389c831f5b9a10303d3a1dbd079785b62b417b25c636de9d14063d07634207ae130869f9359dc55849aea8912eaa2";
var address = "0x910ef5d8c822eeadca68b4f82bbfd35ac47e49c9";
var abi = [{"stateMutability":"payable","type":"receive","payable":true},{"inputs":[{"internalType":"bytes","name":"_MESSAGE","type":"bytes"},{"internalType":"bytes","name":"_SIGNATURE","type":"bytes"}],"name":"soulve","outputs":[],"stateMutability":"payable","type":"function","payable":true}]
async function yeet(){
var web3 = new Web3(new Web3.providers.HttpProvider("https://mainnet.infura.io/v3/[REDACTED]"));
const account = web3.eth.accounts.privateKeyToAccount("0x[REDACTED]");
web3.eth.accounts.wallet.add(account);
web3.eth.defaultAccount = account.address;

let contract = new web3.eth.Contract(abi, address);

try {
let gasEst = await contract.methods.soulve(msg, sig).estimateGas({from: account.address});
await contract.methods.soulve(msg, sig).send({from: account.address, gas: gasEst});
} catch(ex) {
console.log(ex);
process.exit();
}

}

yeet();

Acknowledgements

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store