WhitePages is a forensics puzzle worth 250 points.
The description for this puzzle is:
I stopped using YellowPages and moved onto WhitePages... but the page they gave me is all blank!
This puzzle supplies a text file
Viewing the file with Emacs, it appears that
whitepages.txt contains a couple of lines with spaces and tabs. This and the
white in the challenge made me think that the flag is encoded in the whitespace somehow.
Next, I check out what this file looks like with
whitespace-mode. There is definitely a discernable pattern:
Next, I use
hexl-mode to view a hex dump of
I noticed that the pattern
20 repeated throughout this hex dump. Since this shows up as whitespace and not any bizarre characters in notepad, I assume that
e28083 is probably a Unicode character that is some kind of whitespace.
I verify this theory using Python:
>>> with open("whitepages.txt", "rb") as fp: ... data = fp.read() ... >>> decoded = data.decode("utf-8")
This didn’t throw an error, and the
decoded variable now contains spaces and escaped Unicode character
From having worked on so many CTF puzzles, binary encoding comes up frequently. It is usually a safe bet to assume that a message is encoded in binary if there are only two characters in a message. Even more so if the length of the message divides cleanly by 8, because one byte is 8 bits. In this case, the decoded whitespace cleanly divides by 8:
>>> len(decoded) / 8 172.0
Next, convert the decoded text into a string of ones and zeroes:
Finally, I decode the binary string with CyberChef, which reveals the flag: