The Seint's Christmas CTF — Part 3
Blinded by the Lights!
I fell into a bit of a rabbit-hole on Part 3 of The Seint’s CTF, as you’ll see. It’s an example of confirmation bias, which can be a problem with any investigation. The key takeaway is to trust The Seint!
If you want to go back to the beginning of this walkthrough, you can find it here. Spoilers ahead!
One upside of falling down the rabbit hole is that it gave me a chance to play with ChatGPT, which is clearly going to be a key ingredient in OSINT work in future, if only for the speed-up it gives you with coding. More on that later, but first let’s take a look at the clue:
The next message came on the first day of August. It said: "I know you found the cloth in Brno. The colour reminded me of a song and a movie from 1984 that had the same title. I remembered there was a place named just like the song and wanted to find it while being in Paris. I found the place on the map, but the shop wasn't there. People said it moved some time ago. I came to the nearest intersection and tried to look left first, but the sun was shining right into my eyes, just along the street. What was the time?"
The exact time in HH:MM format turned into a hash is the password to the next message. The time must be in that place's timezone.
As a long time Prince fan, I had no problem with the shop. I just opened up Google Maps in Paris, and searched for “Purple Rain”:
However, this is when I fell down the rabbit hole, jumping into Street View when there was no need. I walked up to the nearest intersection and saw that the most recent image was from May 2022. That persuaded me that The Seint couldn’t have been talking about 1 August 2022, and I would need to jump into the timeline…
Sure enough, the sun was shining right into the Google camera in August 2020:
Of course, part of my brain said “that’s not looking left from the intersection, it’s looking right back”, but I managed to convince myself I was right, and fired up SunCalc, looking in completely the wrong direction, on completely the wrong date, but somehow still convinced that I was right!
This gave me a time of around 10:24 local. I hashed that, and a couple of minutes each way, and tried entering those hashes into the Zip for the next level. Nada. I then tried a few more minutes each way. Still nothing. I went back to StreetView and looked for any other indications of the time, and came away scratching my head. I wasn’t going to spend the rest of the day hashing random times, so I decided to fire up Python and ChatGPT. Thanks to Advent of Code, I’m already familiar with hashlib, but I potentially wanted to generate a lot of hashes. I simply asked ChatGPT to write a loop to format times from 09:00 to 11:30 in the format “hh:mm” and hash them all. It took ChatGPT about five seconds to write this:
Of course, this resulted in 150 hashes, and there was no way I was going to try and apply them by hand…
With the information about exception handling, which I already know about, I soon had a loop that tried all 150 hashes against the Zip for Part 4. Still nothing! 🤬
At this point, since I basically now had a tool that could brute force the answer, I decided to widen the parameters, find the correct time, and then try to figure out where I went wrong. The correct time turned out to be a fair bit later in the day: 14:17.
Back to SunCalc, and moving the clock forward to the right time made me realise I should have been listening to my doubts:
Of course, this is looking left from the intersection, just as The Seint said. But the sun isn’t completely lined up… Eventually the penny dropped that if The Seint was right about the direction, maybe I need to think again about the date. It is the 2022 puzzle after all, and I only ended up looking at 2020 for spurious reasons. Sure enough, on 01/08/2022, at 14:17, the sun lines up beautifully.
Finally, then, with a painful reminder that confirmation bias is always a consideration when conducting OSINT or any kind of investigation, it was off to Part 4!
Feature photo is a crop of an original by Mathias Reding @ Pexels