AL1C3 1N PWND3RLAND
On July 26th, SAIT hosted their summer CTF for 2025, themed after Alice in Wonderland. This was the first CTF I competed in solo, and I found it to be a really good learning experience. I finished 2nd amongst the solo competitors with 1125 points and solved eight challenges.
This post is going to be less of a walkthrough on each challenge I solved and more of a reflection on the event and anything memorable from it.
Challenges
My solves throughout the competition:
| Challenge | Category | Value |
|---|---|---|
| Searching for AL1C3 | Intro | 50 |
| Mad Hatter’s Message | Rev | 200 |
| Knave of Hearts’ Payload | Rev | 200 |
| Where’s That Grin? | OSINT | 200 |
| (IN)Sanity Check | Intro | 50 |
| Alchemy Lesson P1 | Forensics | 50 |
| Alchemy Lesson P2 | Forensics | 75 |
| What’s With All These Rabbit Holes? | Forensics | 300 |
As much as I love cryptography challenges, I had used this CTF as an opportunity to explore other categories instead of solely focusing on cryptography. I did attempt them throughout, but I also did rotate between quite a few challenges in general, so as to try as many as I could.
Cryptography isn’t the only category I enjoy, but I find it’s one of my strongest. Which means I tend to focus on those challenges early on and for the majority of competition time. Competing solo actually gave me the chance to explore areas I tend to miss or avoid.
Reverse engineering challenges were something I had practiced a lot prior to CyberSci Nationals back in June, but during that competition, I hadn’t spent a lot of time on them. Seeing there were four in this CTF, I had worked on those for quite some time. I successfully solved three out of the four, only scoring points for two of them due to an error that I will explain later on.
Even in categories I practice and compete in regularly, I was still learning new things. For example, the OSINT challenge, Where’s That Grin?, introduced me to the site what3words. A website that has the world divided into small squares, where each square is given a unique combination of three words. I had never heard of this site before but I found it so fitting for the competition theme and honestly hope to see it come up more in the future.
Unsolved
Below are challenges I hadn’t finished during the competition but I found very memorable for various reasons. Some of these I have gone back and attempted since. I find hearing the solutions from the creators or other competitors intriguing but also a great way to learn and help re-attempt the challenges alongside.
Das Auge sieht ein Geheimnis
Translated from German, The eye sees a secret. As you may have guessed, this challenge for the most part was in German. It gave us some English to start, but the main description of the challenge and the provided file, were in German.
Translating them pointed us in the direction of what we were looking for, but it also threw in quite a few red herrings that honestly had me lost at times.
This is when I learned that files can be embedded into PDFs. I was so focused on visuals, I almost didn’t even consider this. I attempted to use tools for extracting, such as binwalk and pdfdetach, but they either failed or only got me part of the way.
I wrote a quick script in Python to extract from the PDF using an offset I found through binwalk, and you can find the file here: extractFromPDF.py.
Now that’s as far as I got in this challenge. In the ZIP folder there was a hidden folder, and a couple layers down there was the following image:
I had absolutely no idea where to go when it came to decoding it. Speaking with the challenge creator afterwards, it was encoded with the copiale cipher, which was created by a secret German society. By using https://www.dcode.fr/copiale-cipher, we can see the flags value was THECANDIDATEANSWERSYES.
Caterpillar’s Binary
This was the third reverse engineering challenge and definitely stumped me a little.
I spoke with the creator of the challenge and he let me know the files used weren’t actually the correct ones. He got the flag changed during the competition to reflect what would be found and updated me so I could submit it, however, I missed my opportunity to go back and score points on it.
For this challenge I started by using strings and objdump to look for anything that stood out. Through strings I found 8 unique strings all ending with ‘H’, which caught my eye almost immediately. When I XOR’d each byte with 0xa0, it started to reveal the flag.
During the competition I found what the flag for those files were, but if you had no idea that the files were wrong, you would have probably assumed what you found was incorrect.
Reading the walkthrough, I also realized that this was not the intended solution but it worked nonetheless.
The Mirror is Broken
This was the fourth reverse engineering challenge, and when I went to give it a look during the competition I was immediately thrown off by the fact that the description was a reversed base64 encoded string.
The challenge description:
==gLu9Waz5WZtlGZgUGdh5mclRHbhBycphGdg4WagQnblJXZmZWakBSblV2cgMXZslmZgwSesVG
dh5Wd0J3bm5WVg4Cbsl2dgIXdvlHIvRHI5JXYulmYgMXaoRHIn5Wa0NXa3RHI0V3boRXa3BSZwF2
YzVGI09mbuF2YgU3bZBiLuV2avJnYgMXagI3byJXatBSZoRFIg4SdvlHIk5WaoVmYgMnclRHdhh2
cgQXagwSZuFGbwBCbhNWanFWbgUGa0BCanV3byhGdgUmdv1GI19WegMXYg42bvNHIzFGIsI3byJ3
boBic19Weg8GVg4CdpBSZkFWbgUmdhhGI19WW
Reversed and decoded from base64:
You have made it. To your horror, as soon as you move through the magical plane, it shatters behind you. The mirror is broken. You cannot escape without twisting this binary to your will. Unfortunately, files seem different in this alternate dimension.
After hearing the solution though, I realized I overestimated how hard it actually was. A major hint was given in the description, everything was reversed. I haven’t gone back to try this one in particular but I did read the walkthrough released by the challenge creator and it was an interesting challenge for sure.
The Key to my Hearts
Honourable mention to this challenge. It used a physical deck of cards and the solitaire cipher. I didn’t get very far into it but I did spend some time looking over it and trying out a few different ideas.
This type of challenge was extremely creative and combined some very interesting ideas and techniques into a challenge that suited the competition theme so well.
And even though I didn’t have much to say about it in general, I did want to highlight it because it was definitely not like anything I had ever seen before.
Conclusion
Overall, this competition was pretty great. I hadn’t been to a CTF hosted by SAIT since November, so it was nice to be back. I had the chance to catch up with some classmates and faculty I haven’t seen in months, but also meet a couple new people and hear from some industry professionals.
Attending solo was something I would have been terrified about months ago, so competing and placing second is a pretty big achievement in my eyes. As well as having competed at Nationals last month, I can see improvements in myself and how I applied my skills in comparison to then.
Massive shout out to everyone who had a hand in creating the challenges and running the event, and congrats to everyone who competed!