Level 2 of NcN CTF offers a “level.apk” file for downloading. After fetching and extracting it’s contents, the folder res arrested my attention.
There are 16 png-files , each one is a part of a qr code.
The easiest way to solve the puzzle is to arrange the parts on one’s own without writing a script. After finishing the puzzle …
… you only need to scan the qr code with any tool you like (in my case it was a smart phone) , and there it is, the flag:
Of course I could have written a script. But in my opinion it was only worth if I would have to solve not only one puzzle. Concluding it is only a diligent but routine piece of work.
To get the key for “Access Level 1” we need to pass an authentication form. When trying to submit a key, we get the following reply:
So we need to have a look into the source code of the password validation functions. At first we are going to see the HTML lines (index.php). The interesting ones are these:
<form action="login.php" method="POST" onsubmit="return encrypt(this);">
<input id="key" type="hidden" name="key" value="" />
<input id="verification" type="hidden" name="verification" value="yes" />