WhitePages is a forensics puzzle worth 250 points.
The description for this puzzle is:
I stopped using YellowPages and moved onto WhitePages... but the page they gave me is all blank!
This puzzle supplies a text file whitepages.txt
.
Viewing the file with Emacs, it appears that whitepages.txt
contains a couple of lines with spaces and tabs. This and the white
in the challenge made me think that the flag is encoded in the whitespace somehow.

Next, I check out what this file looks like with whitespace-mode
. There is definitely a discernable pattern:

Next, I use hexl-mode
to view a hex dump of whitepages.txt
:

I noticed that the pattern e28083
and 20
repeated throughout this hex dump. Since this shows up as whitespace and not any bizarre characters in notepad, I assume that e28083
is probably a Unicode character that is some kind of whitespace.
I verify this theory using Python:
>>> with open("whitepages.txt", "rb") as fp:
... data = fp.read()
...
>>> decoded = data.decode("utf-8")
This didn’t throw an error, and the decoded
variable now contains spaces and escaped Unicode character \u2003
repeatedly.
From having worked on so many CTF puzzles, binary encoding comes up frequently. It is usually a safe bet to assume that a message is encoded in binary if there are only two characters in a message. Even more so if the length of the message divides cleanly by 8, because one byte is 8 bits. In this case, the decoded whitespace cleanly divides by 8:
>>> len(decoded) / 8
172.0
Next, convert the decoded text into a string of ones and zeroes:
>>> for x in decoded:
... print("0" if x == '\u2003' else "1", end="")
...
00001010000010010000100101110000011010010110001101101111010000110101010001000110000010100000101000001001000010010101001101000101010001010010000001010000010101010100001001001100010010010100001100100000010100100100010101000011010011110101001001000100010100110010000000100110001000000100001001000001010000110100101101000111010100100100111101010101010011100100010000100000010100100100010101010000010011110101001001010100000010100000100100001001001101010011000000110000001100000010000001000110011011110111001001100010011001010111001100100000010000010111011001100101001011000010000001010000011010010111010001110100011100110110001001110101011100100110011101101000001011000010000001010000010000010010000000110001001101010011001000110001001100110000101000001001000010010111000001101001011000110110111101000011010101000100011001111011011011100110111101110100010111110110000101101100011011000101111101110011011100000110000101100011011001010111001101011111011000010111001001100101010111110110001101110010011001010110000101110100011001010110010001011111011001010111000101110101011000010110110001011111001101110011000100110000001100000011100000110110001100000110001000110000011001100110000100110111001101110011100101100001001101010110001001100100001110000110001101100101001100100011100101100110001100100011010001100110001101010011100000110110011001000110001101111101000010100000100100001001
Finally, I decode the binary string with CyberChef, which reveals the flag:

Pingback: picoCTF Writeups – DMFR SECURITY