Hack.lu CTF 2011 Write-up : Scotty's last signalTue 27 September 2011 by jj
Another writeup for the excellent Hack.lu 2011 Capture The Flag contest. This one was very unusual, based on a patched NES rom of Super Mario Bros 1.
Scotty's last signal You might have heard about Montgomery Scott, the legendary chief engineer of the U.S.S. Enterprise. What you probably did not know is his passion for Video Games - especially really old classics. We recently lost contact with his transport shuttle and we think you should examine this old game file we recently recieved because he might have just put a message into there. This would make sense if he could not send a fully blown Space-Unicode message signal to avoid attracting any Borg ships in the sector... (Borg usually are very bad at video games) His passion for Beaming and Warping might be of interest for your analysis.
The linked file is a NES rom image, based on the Mario 1 all-time classic game from Nintendo.
The first two levels have been heavily edited, adding numerous foes and traps.
The game features a secret passage in world 1-2, but the way to reach the warp zone seems to have vanished. So the first idea that comes to mind is that we have to finish the game the long way, and when done we should be rewarded with the secret passphrase.
However when we finish the game, the end is the classic one.
On a second try, and using the hint given in the challenge introduction, we see that the elevator to get to the warp zone is simply delayed, and that we can indeed reach this area with the right timing. There, the secret passphrase is displayed on the wall.
Here is the short version showing the challenge solution :
Please note that for more hex-oriented people, other solutions exists: [blog.bedford.org]
The video was done using fceux/tasedit
Download the rom https://ctf.hack.lu/files/mario