MozillaCTF 2012 – Spark: Message in a Bottle (200)


A strangely formatted message has been given to us in a bottle. We know the person who sent the message likes to use cutting edge 3d debugging tools.

When we follow the bottle link, we end up on a page with a lot of 1’s on it. Nicely formatted in a 5×5 pattern. When we look at the source, we see a bunch of javascript:

<script type="text/javascript">
var s="=iunm? [ ... massive amounts of text cut away for this writeup ... ] =0iunm?";
m=""; for (i=0; i<s.length; i++) m+=String.fromCharCode(s.charCodeAt(i)-1); document.write(m);
You must enable JavaScript to see this text.

We see the variable s starting with “=iunm?”. We also see how s is translated to m by substracting 1 from the charcode of each character. A bit like reverse ROT1, but not limited to alphanumeric characters. The easy way to get the text is actually just to open a javascript console in your browser and read m from there.


This is just the beginning of the file, with the first line of 1’s. Those nested tags look suspicious… Now in the challenge description, they talk about “cutting edge 3d debugging tools”. It took me a while to figure out what that meant, and I actually didn’t until someone else pointed me at Tilt, an add-on which uses WebGL to display the structure of a page in 3d. So I tried it. Here’s a screenshot of the first 25 1’s. The second I saw it I realised those were “pixels” of letters encoded in those tags, so I wrote this little bit of css:

body { font-size: 6px; }
span {margin: 0; padding: 0; color: lightgrey; }
span span { color: black; background: black; }

And the result, along with a complete copy of the original page, can be found here: jsfiddle. If you still can’t see it, it reads MIRAGESAREHARD, and this is the flag.

Comments are closed.