Case 118 Unlocked: A Blockchain OSINT Challenge Guide

Introduction

Case 118 Unlocked is a blockchain-based OSINT challenge that tests your detective skills on the Binance Smart Chain (BSC) testnet. The mission? To uncover leaked API keys and identify the miner of a specific block. Sounds straightforward, right? Well, as with any great CTF challenge, the devil is in the details.

Skills Learned

• Understanding Blockchain and BSC Testnet

• Exploring BscScan

• OSINT

Enumeration

At the heart of Mylapore Police Station's digital infrastructure lies a decentralized network, safeguarding criminal records with cutting-edge technology. Yet, amidst its digital fortification, a case known as Ninja[0104EF] lurks in the shadows, its secrets locked away, waiting for a skilled individual to unearth the truth. Tied to this enigma is a vital secret key, its security compromised, threatening the integrity of the entire system. The challenge? To dive deep into the network's abyss, retrieve the leaked key, and restore order.

The Journey Begins:

1. Initial Reconnaissance with Nmap:
   The first step into the unknown began with a simple yet powerful command: nmap -p- , scanning all ports to reveal that port 84 was ajar, inviting further investigation.

   • 

2. Exploring Port 84:
   Venturing into port 84 through my browser, a WebUI unfolded, hinting at the complexity of what lay ahead.
   it ask key to enter.

   • 

3. Case PDF Analysis:
   Within the brief, a case PDF emerged, teeming with addresses. These digital fingerprints belonged to contract creators on the BSC testnet, key pieces of the puzzle.

   • 

   Upon further analysis and verification through the BSCScan test network, it was determined that these contracts are associated with a owner: 0x6AA8CBD6B3da0528d7B27926B0ba3e9BE724c573.

4. Identifying the Crucial ID:
   Go to bscscan tetnet and put that identified correct address i start research, in that adress lot of contract as deployed
   -

5. Ninja Contract Discovery:
   Clues hinted at a "Ninja contract," with an ID ending in "0104EF" in brief, This was the breakthrough moment, leading to the pivotal discovery of the contract. below i click that contract button it give contracts like sna.sol and context.sol

   • 

6. Key Discovery:
   The contract held the first clue—line 174 th line of sna.sol unveiled the leaked key. Placing this key within the web interface, the first flag was captured, a testament to persistence and acumen.

   • 

Foothold

With the first mystery unraveled, attention shifted to the mastermind behind the network's turmoil. Armed with an ID [0x5e889124afe0658b00ffa59fd16e52e2c7d96a48811f777f320e791b2aa91e1f]and driven by the clues gathered, the next phase was to track down the architect of chaos, ensuring the Mylapore Police Station's records' security.

Navigating the Network:

1. Deep Dive into Blockchain Analysis:
   With the ID in hand, the blockchain yielded its secrets, Put that transection hash in search bar you got details about that transection here you can see Block number 36000232.
   click that block number .

   • 

   After click that block who mined that block what it means that second challenge is to find that miners

   • 

By marrying technical prowess with the narrative depth of each challenge, this journey through the Yukthi CTF 2024 prelims not only showcased the skills necessary to navigate the complexities of cybersecurity but also highlighted the storytelling that makes each challenge a unique adventure. As we conclude this digital odyssey, the flags captured are not just symbols of victory but of the knowledge, strategy, and storytelling interwoven into the fabric of cybersecurity exploration.