Junction 2016 micro-challenge solution

Junction 2016 micro-challenge solution

Our stand at Junction

At Yousician we are passionate both about music and technology; more than a half of our team members are programmers and of course we could not miss Junction 2016 – Europe’s largest hackathon, that took place in Helsinki on the pre-Slush weekend of November 25-27th this year. We wanted to do something special there and literally brought music to the event: the hackers were invited to try Yousician and play all the musical instruments we had with us; the Yousician Arcade Box (built as a hack day project by our developers by the way) filled the main corridor with music from Friday to Sunday evening!

The Arcade Box was the centre of attention!

Hackathons are always about some interesting techy stuff and of course we wanted to join the fun as well. As a result of a few quick brainstorming sessions the nice micro-challenge has been created. Altogether ten people were able to solve the puzzle and got ukuleles or guitars from Yousician by the end of the last day! Check out the photos of the first five winners on the Backstage Facebook page. We have to say, the commitment of some hackers to solving the challenge was really impressive – the most persistent ones, coming back to us time and time again with suggestions for the answer, were rewarded with Yousician t-shirts 🙂

The correct answer has been posted on the Backstage Facebook page at the end of the Junction weekend. However, many participants who did not manage to crack the riddle were still curious about the solution and have asked us to provide a step by step guide how to deal with it – so here we go!

Junction 2016 Yousician mini-challenge solution by our Software Engineer Jean-Baptiste Poupon:



                               ~= Yousician =~
                          Junction Challenge solution
                                    ~~~~~
                                   01/12/16


Introduction
~~~~~~~~~~~~

Location: junction.yousician.com

This little puzzle was developed for the 2016 edition of the Junction hackathon.
Ten people solved it during the weekend and congratulations to them! But let's now
find out how to solve it! I'll try to do it step by step as any participant
would have done.

Solution
~~~~~~~~

So let's see what we have! On that webpage, we can see a very simple html that
links to a file. Alright, what kind of file is that? Mp3, then I suppose we need
to listen to it! I'll just download it and play it with like VLC. The file plays
correctly and we can hear some background 8-bit music + some strange voice. Hmm,
well at least it plays correctly without any glitches so I suppose the file is a
valid mp3.

The voice however sounds funny. What is this man trying to say? It doesn't
really sound like any language I know and it seems… rather slow/low somehow.
Well then let's try to apply some transformations to understand what he says.
There is plenty of softwares or webservices to do that. Basic transformations
would be to make it faster or maybe reverse it. Making it faster doesn't make it
more intelligible but reversing it gives a much more satisfying result!

So we have now someone saying: "Come to the Yousician booth and tell us the name
of the song. It's not as simple as you think". So yeah. There is a background
song in the track. Could it be that? It sounds like any old 8-bit music so it
should be doable to find it somewhere online or something. But the last part of
the sentence says: "it's not as simple as you think" so I suppose it might not
be that. Most likely there is a trick somewhere! Could the name of the song
be something like: "Not as simple as you think"?

Well after all we're in a hackathon so that answer would have surprised and
disappointed me! (but you could always have asked the Yousician people, they
would have said no). So let's try to find something a bit more technical!

Let's search for hints then. First thing I would do is to check the website itself.
Is there anything else than the file in the html? Doesn't seem so… there is
a little bit of javascript but nothing interesting and no external files are
loaded, so not this way sadly.

So we're left with only the file and this song. Damn, and most likely it's not
the one in the background. Then it must be something with the file itself!
Maybe there is a hint somewhere in it. However I have no idea how the mp3 format
is done… Luckily we have Google and Wikipedia and we can see that an mp3 can
have 2 basic parts: an id3v2 header and an mp3 frame with a header and a data
block.

When we've been listening to the song, I don't remember any "broken" parts so
most likely the information we're looking for is not simply overwriting one of
the mp3 frames OR it's stored in a complex way that leaves the audio data intact.
Well searching for something hidden in the second way would take a lot of time…
I'd first eliminate other possibilities, such as the id3v2 header.

From what I read online, it seems to be located at the beginning of the file and
has a lot of "free text" fields for things such as commercial information or
terms of use and so on. A perfect place for hiding information, isn't it?!
Let's finally open that file with a hex editor to see more clearly and check
that header. I'd go with vim and the :%!xxd mode (or M-x hexl-mode on emacs).

We get the following data:

00000000: fffb d064 0000 0000 0000 0000 0000 0000 ...d............
00000010: 0000 0000 0000 0000 0000 0000 0000 0000 ................
00000020: 0000 0000 496e 666f 0000 000f 0000 0258 ....Info.......X
00000030: 0007 aa72 0003 0508 0b0d 1012 1517 1a1d ...r............
00000040: 1f22 2427 292c 2e31 3435 393b 3e40 4345 ."$'),.1459;>@CE
00000050: 484b 4d50 5255 575a 5d5f 6263 6769 6b6e HKMPRUWZ]_bcgikn
00000060: 7174 7679 7b7e 8083 8587 8b8d 9092 9597 qtvy{~..........
00000070: 9a9d 9fa2 a4a7 a9ac aeb1 b4b6 b9bb bec0 ................
00000080: c3c5 c7cb cdd0 d2d5 d7da dddf e2e4 e7e9 ................
00000090: ecee f1f4 f6f9 fbfe 0000 0039 4c41 4d45 ...........9LAME
000000a0: 332e 3938 7201 c500 0000 0000 0000 0034 3.98r..........4
000000b0: ff24 0841 4d00 0100 0007 aa72 f73f 5c98 .$.AM......r.?\.
000000c0: 0000 0000 0000 0000 0000 0000 0000 0000 ................
000000d0: 0000 0000 0000 0000 0000 0000 0000 0000 ................
000000e0: 0000 0000 0000 0000 0000 0000 0000 0000 ................
000000f0: 0000 0000 0000 0000 0000 0000 0000 0000 ................
00000100: 0000 0000 0000 0000 0000 0000 0000 0000 ................
00000110: 0000 0000 0000 0000 0000 0000 0000 0000 ................
00000120: 0000 0000 0000 0000 0000 0000 0000 0000 ................
00000130: 0000 0000 0000 0000 0000 0000 0000 0000 ................
00000140: 0000 0000 0000 0000 0000 0000 0000 0000 ................
00000150: 0000 0000 0000 0000 0000 0000 0000 0000 ................
00000160: 0000 0000 0000 0000 0000 0000 0000 0000 ................
00000170: 0000 0000 0000 0000 0000 0000 0000 0000 ................
00000180: 0000 0000 0000 0000 0000 0000 0000 0000 ................
00000190: 0000 0000 0000 0000 0000 0000 0000 0000 ................
000001a0: 0000 0000 0000 0000 0000 0000 0000 0000 ................
000001b0: 0000 0000 0000 0000 0000 0000 0000 0000 ................
000001c0: 0000 0000 0000 0000 0000 0000 0000 0000 ................
000001d0: 0000 0000 0000 0000 0000 0000 0000 0000 ................
000001e0: 0000 0000 0000 0000 0000 0000 0000 0000 ................
000001f0: 0000 0000 0000 0000 0000 0000 0000 0000 ................
00000200: 0000 0000 0000 0000 0000 0000 0000 0000 ................
00000210: 0000 0000 0000 0000 0000 0000 0000 0000 ................
00000220: 0000 0000 0000 0000 0000 0000 0000 0000 ................
00000230: 0000 0000 0000 0000 0000 0000 0000 0000 ................
00000240: 0000 0000 0000 0000 0000 0000 0000 0000 ................
00000250: 5456 526f 5a41 4141 4141 5941 4151 4143 TVRoZAAAAAYAAQAC
00000260: 4138 424e 5648 4a72 4141 4141 4967 442f A8BNVHJrAAAAIgD/
00000270: 5741 5145 4168 6749 4150 395a 4167 4141 WAQEAhgIAP9ZAgAA
00000280: 4150 3952 4177 6b6e 7741 442f 4177 5651 AP9RAwknwAD/AwVQ
00000290: 6157 4675 6277 482f 4c77 424e 5648 4a72 aWFubwH/LwBNVHJr
000002a0: 4141 4141 6951 4441 4151 4377 6551 4141 AAAAiQDAAQCweQAA
000002b0: 7345 4141 414c 4262 4a51 4377 436a 4d41 sEAAALBbJQCwCjMA
000002c0: 7341 646b 4150 3844 4246 4e76 6247 3845 sAdkAP8DBFNvbG8E
000002d0: 6b45 6469 6731 7941 5277 4141 6b45 6469 kEdig1yARwAAkEdi
000002e0: 6732 4341 5277 4149 6b45 6469 6732 4341 g2CARwAIkEdig2CA
000002f0: 5277 4344 594a 4248 5949 4e63 6745 6341 RwCDYJBHYINcgEcA
00000300: 414a 4248 5949 4e63 6b45 6464 4249 4248 AJBHYINckEddBIBH
00000310: 4149 4e63 6745 6341 6731 7951 5232 4344 AINcgEcAg1yQR2CD
00000320: 585a 424b 5777 4f41 5277 4344 5859 424b XZBKWwOARwCDXYBK
00000330: 4141 6551 5132 6945 4f6f 4244 4149 4565 AAeQQ2iEOoBDAIEe
00000340: 6b45 5655 6754 7541 5251 4169 6b45 6469 kEVUgTuARQAikEdi
00000350: 6a67 6941 5277 4142 2f79 3841 a1a1 ff02 jgiARwAB/y8A....
00000360: 983f e1b4 333f 7000 0089 4911 0400 7065 .?..3?p...I...pe
00000370: 207f 318c 7f06 05f8 e400 6318 c7f9 bf02 .1.......c.....
00000380: 9c6f c1f8 c9ff dce7 b9ff 40df ddf7 8882 .o........@.....
00000390: e139 e5c3 f4a0 6c98 4105 ee06 2f44 002c .9....l.A.../D.,
000003a0: ac47 3773 f447 e275 ff42 eb9a 15ef 7dff .G7s.G.u.B....}.
000003b0: f3bf 0357 be61 c7bd 2266 3e29 4ce2 3c08 ...W.a.."f>)L.<.
000003c0: 9e03 c790 1386 5c25 6448 6ced 9155 ee18 ......\%dHl..U..
000003d0: 4e1d 0c8d 64ac f339 042c 43d0 b39c d32e N...d..9.,C.....
000003e0: 6c47 4457 92b9 9201 0c50 16c5 0a6d 0e00 lGDW.....P...m..
000003f0: 700c 4461 fe5c d5e4 acb1 a9dc ec24 0319 p.Da.\.......$..
00000400: 8f25 31bf fffe 31b8 0005 8c7f ffff f777 .%1...1........w
00000410: 3777 1712 bba7 e857 4777 70ef bba2 2213 7w.....WGwp...".
00000420: bd74 0800 2130 e2e0 b778 110a b802 5308 .t..!0...x....S.
00000430: 0000 212b f5fd cc0d fcb3 ea22 27c2 8f97 ..!+......."'...
00000440: 5cd3 bdf1 4cee 044b bc78 f358 79ac 4a9c \...L..K.x.Xy.J.
00000450: 5638 31cf 4f2a bd58 e10e 3271 c3e6 3c06 V81.O*.X..2q..<.
00000460: 495f 9fe7 5bf3 9d6d 9e04 35e2 10e2 d4a0 I_..[..m..5.....
00000470: a12b 2c65 f118 881e 8270 5c14 0cea f764 .+,e.....p\....d
00000480: f0bc 0fb0 8f82 ac24 6040 0320 f00c f008 .......$`@. ....
[ and something similar to the last lines for a long long time... ]

Wow, there are many things that jump to my eyes right away. We can see what
looks like a header at the very start, followed by a long suite of zeros. Then
comes a strange string that doesn't look like anything else, then until the end
of the file some random data that looks like any other binary stuff (so most
likely the song itself). Well I don't know about you but I'm quite curious about
this strange string! Especially since it looks exactly like a base64 string and
I really wonder what base64 is doing in an mp3 file!
So let's extract it and we get the following:

TVRoZAAAAAYAAQACA8BNVHJrAAAAIgD/WAQEAhgIAP9ZAgAAAP9RAwknwAD/AwVQaWFubwH/LwBNVHJr
AAAAiQDAAQCweQAAsEAAALBbJQCwCjMAsAdkAP8DBFNvbG8EkEdig1yARwAAkEdig2CARwAIkEdig2CA
RwCDYJBHYINcgEcAAJBHYINckEddBIBHAINcgEcAg1yQR2CDXZBKWwOARwCDXYBKAAeQQ2iEOoBDAIEe
kEVUgTuARQAikEdijgiARwAB/y8A

Now we convert it into a file with some script like that:

import base64
f = open("strangedata", "wb")
f.write(the_base64_string)
f.close()

And then we get that (if we opened it again in a hex editor):

00000000: 4d54 6864 0000 0006 0001 0002 03c0 4d54 MThd..........MT
00000010: 726b 0000 0022 00ff 5804 0402 1808 00ff rk..."..X.......
00000020: 5902 0000 00ff 5103 0927 c000 ff03 0550 Y.....Q..'.....P
00000030: 6961 6e6f 01ff 2f00 4d54 726b 0000 0089 iano../.MTrk....
00000040: 00c0 0100 b079 0000 b040 0000 b05b 2500 .....y...@...[%.
00000050: b00a 3300 b007 6400 ff03 0453 6f6c 6f04 ..3...d....Solo.
00000060: 9047 6283 5c80 4700 0090 4762 8360 8047 .Gb.\.G...Gb.`.G
00000070: 0008 9047 6283 6080 4700 8360 9047 6083 ...Gb.`.G..`.G`.
00000080: 5c80 4700 0090 4760 835c 9047 5d04 8047 \.G...G`.\.G]..G
00000090: 0083 5c80 4700 835c 9047 6083 5d90 4a5b ..\.G..\.G`.].J[
000000a0: 0380 4700 835d 804a 0007 9043 6884 3a80 ..G..].J...Ch.:.
000000b0: 4300 811e 9045 5481 3b80 4500 2290 4762 C....ET.;.E.".Gb
000000c0: 8e08 8047 0001 ff2f 000a ...G.../..

Ahem, that doesn't tell us much… or at least I don't recognize much there.
Actually I recognize the word "Piano" that is kinda related to what we're
looking for so it seems we're on a good track!

So what do we do to find out what kind of data that is? There are several tools
but a basic one that everyone knows is once again Google. What if we search
for some of the strings present? Like for example "Piano / MTrk" or similar?
Google tells me: "Did you mean: piano / mart?" but some of the results speak
of some MTrk chunks! Interesting, but let's search for another string to be sure:
MThd is also a candidate, what does Google tell us?

We find right away a link to MIDI File Structure, with the following sentence:
For example, header chunk IDs are "MThd", and Track chunk IDs are "MTrk".

Woah, exciting! Does that mean that this data is a MIDI file? Well let's find
out! There are once again many midi players and some available for free online.
So press play and .... oh I know this song! Everyone knows this song! 🙂

And yes, the answer was indeed Jingle Bells.

Few words
~~~~~~~~~

This was a very simple steganography exercise (aka: "the practice of concealing
a file, message, image, or video within another file, message, image, or video”.)
We didn't make it too hard so that people with no experience in the field could
still find it! And it seems that we were right, some people found it extremely
easy, some didn't find the answer at all and some spent a long time but still
found the answer at the end 🙂

There would have been a few ways to make the exercise harder, for example to use
http://www.petitcolas.net/steganography/mp3stego/ or similar things. But that
wasn't the goal!

Also, in the last part, instead of asking google for the midi information, we
could have used the basic "file" command on any linux system and it would have
given us the answer right away:

MIDI2.mid: Standard MIDI data (format 1) using 2 tracks at 1/960

Feel free to ask us any questions!

Congratulations again to the winners! And a huge thank you goes to Jean-Baptiste and the rest of the Yousician team that created this fun and adequately challenging puzzle.

Busy hacking