Yubicorn Bitcoin Challenge

Thursday , 13, May 2021

I made three Bitcorns game challenges. These are challenges based on the fabulous Bitcoin token-based game called Bitcorns. This is the second of three challenges to get solved. Here is my description of the previous challenge. For those ambitious CTF types reading this, one still remains.

With each one solved, the winner gets to transfer out the contents of the farm. That’s because the challenge is to discover the seed phrase that unlocks the wallet at this address by inspecting the card and farm art for clues. Remember, these Bitcorn farms are just Bitcoin addresses that have Bitcorn game tokens. So at the farm address there was some Bitcoin (BTC) and some Bitcorn cards like the one shown on the right.

The “Yubicorn” card shown here and the farm are the sources for all clues. Having said that, both the card and the farm have their own pages in the game and all clues can be found in the images and text there. Let’s go through the clues that led to the winner getting

I gave lots of clues in the Bitcorns chat because this challenge, just like the previous one, is really tough. The goal is to discover a twelve-word seed phrase that allows you to access the wallet that holds this BTC and bitcorns cards. I told the chat that the first two words in this seed phrase are visible on the face of the Yubicorn card. The first word was actually “two” which is visible on the face of the card in the phrase “two factor cornization”.

The other word visible on the card requires closer inspection. If you look closely, or look at the high resolution image (by clicking on “Dan’s Vision” link on the card page) you might notice the word “three” written as a watermark on a leaf – as shown in this image. Yes, it’s hard to see clearly – I never said this challenge would be easy! So the first 2 words of the seed phrase needed to unlock this wallet were “two” and “three”.

I told the group chat that clues 3 and 4 could be found by looking at EXIF data. Checking the card image with my favorite EXIF tool, unironically named “exiftool“, we see that a comment field has been added:

That comment field has an IPFS link in it that leads users to a PSD (Photoshop file format) file which contains the third and fourth clues. I promoted this challenge as being intended for graphic artists, and these two clues show why that description is appropriate. Word three can be found in a layer that’s obscured by a couple others. The backmost layer is a blue USB drive with the word “draw” written on it.

Next we need to notice that there is an unlabeled layer that is not visible. When toggled, it reveals our clue: “fourth word: create” indicating the fourth word of the seed phrase.

Next up, we go to the farm page for clues 5 through 10 of the seed phrase. I told the people in chat that word 5 of this artist challenge was in the farm title. That title, clearly written on the farm page, is ‘Yubicorn “art” Farm – LOOT ME!‘, and sure enough “art” is the fifth word.

The sixth word was a bit more tricky, and required looking at the farm description and noticing the capitalized letters. That description is “Security Has A Dankness – Our Way” and should yield the sixth word, “shadow”.

Now to the farm art itself. Each farm can upload a custom image to use as farm art, and I used that opportunity to upload farm art images with clues hidden inside.

If you look closely at the red barn in the background, you’ll notice that “7 card” is written on that farmhouse wall, indicating that word number 7 is “card”. I used this same technique again later to hide another word, but meanwhile, on to words 8 and 9.

Intrepid sleuths would have checked the farm art metadata as well. As it happens, the farm art has a comment field as well, with a URL to the page shown below containing the next two words. Can you figure them out?

For the word in position ten, the participants needed to look at the previous farm art. If you scroll down to the bottom of a farm page, you’ll see previously uploaded farm art images. In this case the 10th word is written on the barn wall again, just like word seven.

The final two words come from the card page. Using “Dan’s vision” high res version of the card image, EXIF data points to file that displays “paint brush” image. The last words are literally “paint brush”.

There was an additional clue along the way using the first link, if and only if the player actually owned one or more Yubicorn cards. This page gave a clue about the ordering of the words because if you simply start finding words and don’t hangout in the chat to get clues, you had no idea about the arrangement of them.

So the challenge was won, and the winner emptied out the farm of all cards and Bitcoin, and another farm challenge fell, leaving only one challenge remaining – there is a third farm and card chocked full of clues. Feel free to solve the puzzle and steal the tokens!