The Quiz Challenges

Published in

Pixels Camp

13 min readMar 23, 2020

The last of the quizshow qualifier challenges just closed and, in a normal year, this would be the time where I’d go through the scores table and send out emails asking participants to form their teams to go on stage next week.

But this isn’t a normal year. Pixels Camp has been postponed and this puts us quite a few months away from team assembly time — which will happen around mid-November. Everyone’s scores will be kept safe until then.

Update: Pixels Camp v4.0 ended up being canceled by mid-September.

The top 5 scorers in this year’s qualifiers.

Meanwhile, it’s the perfect time to look back on the four challenges and see what these people had to go through. And also to congratulate Carlos Martins (“killmaster”) for scoring the most points across all of them.

#1 — Flynn’s

The first challenge was an image gauntlet, where participants were asked to go through a sequence of image enigmas, figuring out one to get to the next.

As the title suggested — Flynn’s was an arcade parlour in the movie TRON — this was all about video games. Specifically, as participants would (hopefully and helpfully) discover along the way, it was about video game history, from 1972 to 2011, in chronological order.

As expected, the hardest step was unexpected: an anonymous guy in a 70's disco suit (properly known as a leisure suit) and the joker laughing was supposed to be easy. The suit is a reference to the Leisure Suit Larry games, so popular during the 80’s and 90’s, and the laughing part points you to the game’s main character: Larry Laffer.

The infamous step #9, where the proper answer wasn’t a video game, but a game character.

Along the way you’d get an image from Pitch Black and the nerdcore artist MC Frontalot, which was supposed to lead you to the song It is Pitch Dark, an homage to text adventure games and its most prolific producer: Infocom.

In step #4, you were likely to be eaten by a grue.

If you’re curious about this era, I recommend watching the Infocom documentary by Jason Scott which, incidentally, opens with this very song.

Closer to the end you had to read a bit to figure out that the assassination of an UK prime minister and the South Korean boy group Rainz was an indirect reference to the game Ultima Online via one of its most iconic moments: the assassination of Lord British.

In step #20, Rainz assassinates Lord British in Ultima Online.

Miguel Tavares finished this one first, in a little under 3 hours.

Scroll to the bottom for the full list of answers, and check out the Ahoy channel on YouTube for some amazing videos about this subject, like this one.

#2 — Prison Break

The second challenge was a treasure hunt. In this type of challenge each puzzle’s solution takes you to another location on the internet where another puzzle awaits. These puzzles tend to be of the hard variety.

The Escape

It started with a reference to Missing in Action 2, where Chuck Norris plays the role of a prisoner of war locked up in a vietnamese camp.

During the Vietnam War, PoWs used a covert method to talk to each other called tap code, where each letter is encoded as a pair of knocks. The numbers in the image spell TINY QOPDEQE and this is meant to be interpreted as a short URL, which takes you to a shared folder in Microsoft OneDrive.

The numbers are sequences of PoW tap code.

Can’t Stop the Signal

In the shared folder you’d find an annoying (but obviously not random) signal.wav file, along with the following clue:

May be somewhat slow to vanquish but, in the end, well worth hearing with your own eyes.

The signal was slow-scan television (SSTV), an audio-based image transmission method that goes back to the space race days and is still used today by amateur radio operators (HAMs) all around the world.

There were two ways to solve this one: the visible clue had SSTV spelled out in “(s)omewhat (s)low (t)o (v)anquish” and the WAV file had the string G3OQD;1 in its metadata — which is a reference to Martin Emmerson and its “Martin 1” encoding method (the one used in this step).

Participants complicated this one a bit… Some tried to identify it by analysing its spectrogram — and even succeeded at that — and proceeded to decode it with baroque setups involving virtual audio devices. Of course this wasn’t intended to be that cumbersome, and they could’ve used Black Cat SSTV for macOS and Windows, or Robot36 for Android.

There wasn’t any bacon this year, but there was HAM… 🍖

The Postcard and the Upside Down

The decoded photo of Buzz Aldrin on the Moon’s surface had a short URL in it, pointing to an artistic rendition of the Statue of Liberty in Google Photos.

This image was actually two concatenated files: a JPEG and a ZIP, made possible by the fact that JPEGs have an header and ZIPs have a trailer describing their contents in backward offsets.

The ZIP part had a text description which could be readily seen in an hexdump (or strings) of the file:

If you wish to visit the upside down,
step right in as you’re leaving town.Phil

The “upside down” was a reference to the upside_down.jpg file contained in the ZIP (also visible in the hexdump), the “leaving town” was a reference to the existence of a trailer in the file (the ZIP trailer), and “Phil” was a reference to Phil Katz, the inventor of the ZIP format. This whole thing also happened to lend itself quite nicely to a Stranger Things reference. 😎

Doing an unzip postcard.jpg would easily extract upside_down.jpg from the combined file, without any need for delicate surgery.

Interestingly, very strange things would happen if you tried to unzip this file with macOS’s Archive Utility… It would output a GZIP file containing a CPIO archive, itself containing the original JPEG+ZIP file. ¯\_(ツ)_/¯

The upside_down.jpg image looks easy enough: it’s just a QR code. But it can’t be read… bummer.

This is the upside down you were looking for.

Inspecting it closely (with hexdump, for example) would reveal it to be a CMYK-format JPEG. The postcard gives the final clue here: split it into its four constituent channels to get four separate QR codes. This could be done with GraphicsMagick, for example:

$ gm convert upside_down.jpg -channel cyan split-1.png
$ gm convert upside_down.jpg -channel magenta split-2.png
$ gm convert upside_down.jpg -channel yellow split-3.png
$ gm convert upside_down.jpg -channel black split-4.png

Some image editors would break this step, most likely because they convert the CMYK image into RGB. This conversion is lossy and a subsequent CMYK channel split wouldn’t actually retrieve the original channels.

The Passive-Aggressive NGINX

Each of these QR codes would give you a small number. Four numbers, in CMYK order… it’s an IPv4 address. One where you’d find a web server.

Well, if you wanted to GET something from this passive-aggressive NGINX web server, you would need to say PLEASE instead. Quite obvious, don’t you think? 😏

$ curl -I -X PLEASE http://34.76.154.54HTTP/1.1 303 See Other
Server: nginx
Date: Sun, 22 Mar 2020 22:05:04 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 146
Connection: keep-alive
Location: https://gist.github.com/e711b59d8fb7a96a16def9e180b70ad1
X-Server-Mood: pleased

NGINX doesn’t enforce any particular list of HTTP methods. You can use your own out of the box. It may or may not be a good idea, though.

The Perfect Democracy

The GitHub Gist pointed by the Location header contained democracy.txt, a rectangular arrangement of 0s and 1s, with the following clue at the top:

Even the perfect democracy has minority reports…

This one required some code and turned out to be the hardest step in this challenge. The clue and the rectangular arrangement was all you needed to solve it, but it took quite a lot of effort to figure it out.

It works like this: in a democracy people vote and the majority wins, whereas in Minority Report (both the movie and the book), there are three precogs whose predictions are also subjected to a majority vote of sorts.

See where this is going? For each three bits you must pick the majority, and for each eight resulting bits, you have an ASCII character. This is a repetition code of length 3, which is an example of a perfect code in error correction.

Congratulations, this was the final step!Go back to the challenge page and submit the following piece of dialogue in the answer form:General Kirby: I'd like you to start up your unit again, John. All it would take is your coming back.
John Matrix: This was the last time.
General Kirby: Until a next time.
John Matrix: No chance.Then slowly walk away with Power Station's "We Fight For Love" playing in the background. ;)

The movie Commando never had a sequel but, in the quizshow qualifiers, the “next time” happened to be just one challenge away… 😉

Fernando Mendes was the first to crack this one, but it took him more than 18 hours to do it.

Carlos Martins, the second participant to finish it, wrote a nice write-up from his point of view: https://killmaster.netlify.com/2020/03/03/prison-break

#3 — Reciprocal

The third challenge was a JavaScript code golf: during the course of one week, code golfers made an herculean effort to reduce their solutions to the lowest number of bytes possible.

Their task was to implement a Beaufort Cipher, a reciprocal — meaning the same steps are used to encipher and decipher text — version of the well known Vigenère Cipher.

The Beaufort Cipher algorithm also uses a tabula recta, just like the Vigenère Cipher.

João Costa submitted the first fully working solution after just 23 minutes, at 647 bytes, and João Azevedo followed him after another 15 minutes with a 336-byte answer.

The shortest answer in the end was 93 bytes. Four people were able to get to that absurdly low limit, but João Azevedo got there first and therefore won this golf contest. Beatriz Magalhães, which fought for the top spots since early on, finished just one byte away, with a 94-byte solution.

Here’s João’s final answer for your enjoyment, surprisingly readable for such compact code:

f=(a,k,t,i=j=1)=>t.replace(/./g,h=>~(c=a.indexOf(h))?a[(a+a).indexOf((j+=k)[i++],c)-c]||h:"")

The other 93-byte solutions were virtually identical and the result of a completely independent process (some of them were, at least). Interesting…

#4 — Fragmented

For the last challenge, another treasure hunt… of sorts. In this one there wasn’t any jumping around on the Internet. There were just three images provided upfront, and that was it. Everything was in those three images.

The Page

The first image was a page from Revelation Space by Alastair Reynolds. The text itself provided some foreshadowing of what’s to come — with the character descending deep into the ship Nostalgia for Infinity — but the solution was in the white space around the text. There were two subtle shades of white there and replacing them would reveal a hidden message.

One quick way to do this was to use GraphicsMagick, but there were plenty of other ways to do it like adjusting curves in an image editor and whatnot.

$ gm convert page.png -fill "#000000" -opaque "#FFFFFF" page_exposed.png

From the page we learn that there is something hidden in the Tupperware Party (the second image of the three). That “something” requires a key of some sort which we must give to “Ed Eights”, whomever that may be.

The Party

So, what can we see in the tupperware party image?

There is obviously a very large number “k” which is probably a representation of the key we need. But not a direct representation, surely. That would be too easy and not too fun.

The number “k” can also be seen when doing an hexdump (or strings) of the file. It’s contained in the metadata of the image so you don’t need to copy it by hand — that certainly wouldn’t be any fun.

But there are other clues…

The letters that make up “tupper” are slightly more highlighted than the remaining text in the table cloth. That’s the first clue.

The second clue can be found in the window: there is an equation there (zoom in to see for yourself). It’s almost unreadable but it doesn’t really matter. What matters is that there is such a thing called the Tupper Equation (also called Tupper’s self-referential Formula, although that falls a little short of describing what it does here).

When graphing the Tupper Equation with the number “k” in the party image, readable text emerges: “Setec Astronomy”.

This is a reference to the movie Sneakers. In the movie, “Setec Astronomy” is found to be an anagram of “Too Many Secrets”. Well, that’s appropriate… The party does have more secrets for us to discover.

The Underground

At this point we have the “admission key” mentioned in the page, and we must give it to “old Ed Eights”. After some head scratching, turns out “Ed Eights” is an anagram for steghide (which at this point is an old tool). The party has steganographic content in it and we must extract it.

$ steghide extract -sf party.jpgEnter passphrase: Setec Astronomy
wrote extracted data to "underground".

We have reached the underground, which the page message told us we should go deep into.

$ file undergroundunderground: DOS floppy 1440k, x86 hard disk boot sector

If you try to mount this image, it has nothing in it. Or so it seems, because an hexdump shows there is an .ACKAGE.ARJ file in there. Or there was: the file has been deleted and we need to undelete it first.

Mounting the image read-write on macOS would break it. The system creates an empty .fseventsd folder there and in the process overwrites some clusters belonging to the ARJ file we need.

In FAT filesystems, files have the first character in their names replaced with an 0xE5 byte when deleted. Assuming the file clusters (blocks) haven’t been overwritten, we just need to change this byte back into a “P” using something like hexedit or sed:

$ sed -i 's/\xE5ACKAGE ARJ/PACKAGE ARJ/' underground

The file has been resurrected and is now visible when mounting the floppy image. We can attempt to extract it but… it’s password protected and we don’t know the password (yet).

Enter the Pattern

Looking at the pattern (the third image in the set), it’s not hard to figure out it is an autostereogram.

It’s a little difficult to see the pattern’s 3D contents if you haven’t done it before, but the quizmaster lived through the stereogram fad of the 90’s and wanted to pass that skill (pain) along to younger generations.

When you look at it, it seems to have something in the center of a clockwise spiral. And that something looks like a QR code. But how to read it? Your phone certainly can’t do it… it hasn’t got stereoscopic vision.

It’s not that hard to google around for a solution. You need to open the image in an image editor, duplicate it into another layer, set that layer’s blend mode to “difference” and then slowly slide it horizontally until something visible emerges.

Sliding the pattern on top of itself in “difference” mode reveals its depth layers.

At this point you may be able to read the QR code directly, or you may need to tweak the contrast a bit to help your reader.

You must know the Captain to be allowed access to the underground report.

Back to the Underground

The Captain of the ship Nostalgia for Infinity is called “John Brannigan”. That is the password for the ARJ archive. Easy after some reading.

$ arj x -g? package.arjARJ32 v 3.10, Copyright (c) 1998-2004, ARJ Software Russia.
Enter garble password: John Brannigan
Processing archive: package.arj
Archive created: 2020-03-11 16:40:32, modified: 2020-03-11 16:40:32
Extracting report.txt                  OK
1 file(s)

Actually, ARJ is very smart and you could pass it the underground floppy image file directly. It would find the deleted archive inside and extract it, thus skipping the undelete step. That was a surprise…

The Report

Now we are left with what looks like a square of brainf*ck code, but it doesn’t run. Or it doesn’t run completely, because taking just part of the first line shows that it outputs a few readable characters. There is a message in it.

A SECR

But every clue matters. The clockwise spiral in the autostereogram is the key. The code is wrapped as a spiral and we need to unwind it.

How the code looks like if you remove the “-” character.

If you squint at the code, or remove the most common character altogether, you may also realize there’s a whirlpool’ish pattern going on. That would also help.

A SECRET REPORT WITHIN THE GUILD
--------------------------------Four planets have come to our attention regarding a plot which could jeopardize spice production:- Planet Arrakis, source of the spice;
- Planet Caladan, home of House Atreides;
- Planet Giedi Prime, home of House Harkonnen;
- Planet Kaitain, home of the Emperor of the Known Universe.Send a third-stage guild navigator to Kaitain to demand details from the emperor.The spice must flow!--Kudos! You've successfully completed your mission!Submit the report above using the challenge's answer form and await acknowledgement from the quizmaster.

João Azevedo was the first to obtain the secret report within the guild, in a little over 4 hours, with Bruno Maia and João Costa just behind him.

Carlos Martins wrote his own write-up of the Fragmented challenge, which you can read here: https://killmaster.netlify.com/2020/03/23/fragmented

And this was it, four weeks of intense brain effort. Hope you had fun and learned and few useful (and useless) things. I know I did.

See you in November!

Solutions for Flynn’s

01. TWFnbmF2b3ggT2R5c3NleQo=
02. QnJlYWtvdXQK
03. U3BhY2UgSW52YWRlcnMK
04. SW5mb2NvbQo=
05. RG9ua2V5IEtvbmcK
06. Qm9tYmVybWFuCg==
07. QXRhcmkgVmlkZW8gR2FtZSBCdXJpYWwK
08. VGV0cmlzCg==
09. TGFycnkgTGFmZmVyCg==
10. TWVnYSBEcml2ZQo=
11. R29sZGVuIEF4ZQo=
12. SWQgU29mdHdhcmUK
13. Q2l2aWxpemF0aW9uCg==
14. TW9ydGFsIEtvbWJhdAo=
15. U3RhciBGb3gK
16. UGxheXN0YXRpb24K
17. V2lwZW91dAo=
18. VGhlIERpZwo=
19. Vm9vZG9vIEdyYXBoaWNzCg==
20. VWx0aW1hIE9ubGluZQo=
21. R29yZG9uIEZyZWVtYW4K
22. SGFsbwo=
23. R3VpdGFyIEhlcm8K
24. UG9ydGFsCg==
25. TWluZWNyYWZ0Cg==