BSides Canberra 2018 CTF Write-Up: Old PC

This is a write-up of the Old PC challenge from the BSides Canberra 2018 CTF. This challenge was worth 375 points.

The only context given for the Old PC task was a single .bin file. With a size around 1.4MB, it was immediately assumed that this was a floppy disk image.

After extracting the disk image, the only file within was .HOME01.TIM. Searching for the “TIM” file extension returned two possibilities: A Playstation image file, or a level file for an archaic PC Game — The Incredible Machine by Sierra software.

Reading through the content of the file in a hex editor all but confirmed this — the file was sparse, so it didn’t make sense for it to be an image. So now all that was left was to get the level into the game.

A typical PNG image (Left), the file in question (Right)

e installed DosBox and downloaded the first version of The Incredible Machine available on the internet. Originally the file did not appear in the level editor — load menu. We tried changing the file name to be that of an already existing, valid level, after selecting it in the load menu (although different teams had different experiences with this — some couldn’t open the file without swapping file names, others could). This didn’t end up working — the level was corrupted. The game would either freeze, or give an error message:

Frozen, with the load button pressed down.

pon further inspection in a hex editor, the headers were different between the valid level and the challenge file.

A TIM 1 save file (left), the flag file (right)

his seemed to imply that while we were onto the right direction, we needed to try something else. We downloaded every other version of The Incredible Machine available, and tried each one at opening the file. None saw it as openable from the outset, but by swapping the file names meant that the level could be loaded. TIM 2 loaded the level, and simply pressing the start button “revealed the flag”.

The screen visible upon opening the level
The final message that was displayed

We say “revealed the flag”, because there still remained one mystery: what was the flag? There were a series of characters shown, but which order should the be read in? In the order of the ball’s bounce, as the hint “Watch the superball’s bounce” suggested, or in top to bottom, or left to right?

After a twitter hint, it turned out to be much simpler than we’d anticipated…

The hint
The results of a quick web search

…and simply reading from left to right granted us the 375 points.

Thanks to Elttam for this quite interesting challenge.