12-shades-of-redpwn

This is my solution to the redpwnCTF 2020 cryptography challenge 12-shades-of-redpwn. This is a visual challenge rather than coding or hacking. You are presented with two images – an encoder/decoder (which is a palette of 12 colours in a clock face arrangement) and an encoded message to decrypt. I reproduce the images below as it’s impossible to write a walkthrough without them, but this challenge was created by the good folks at redpwnCTF and you should definitely check out their site for more.

If you want to try out this challenge yourself, beware – solution follows after this interlude.

SPOILER AHEAD…..

So it occurred to me that the clock face design was entirely intentional. After attempting a few decimal substitutions and 1-indexed efforts I wasn’t getting anywhere; then I had a brainwave and tried base12, with the colour at the top (bright yellow) representing 0 and incrementing by 1 for each colour moving clockwise, with bright green representing 11.

We know that the redpwnCTF flag structure is flag{flagtext}, so it is a simple matter to test the theory. In the first colour pair, we start with dark blue, representing 8, and purple being 6, giving us 86. Converting 86 base12 to decimal:

(8 x 12) + 6 = 102

Now we compare the number 102 with an ASCII table. And lo and behold, 102 decimal represents the letter ‘f’. So far so good.

On the next colour pair we have 9 and 0, for 90 base12. Converting to decimal:

(9 x 12) + 0 = 108

Referring back to the ASCII table, we see that 108 represents the letter ‘l’, and so we continue matching up the colour pairs in this manner until we get the full flag. I’ll admit my eyes went a bit wonky on a couple of the colour pairs, but I was able to try the possibles and remember that the flag might be in leetspeak-case!