Description The challenge provides the following contract, and the goal is to “unlock” to get the flag. 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 pragma solidity ^0.7; contract welcome { bool public isLocked; string public key; constructor(string memory _key) { isLocked = true; _key = key; } function unlock(string memory _something) public { if (keccak256(abi.encodePacked(key)) == keccak256(abi.encodePacked(_something))) { isLocked = false; } } } Setup The CTF provided a very nice tutorial to setup the THCONETH network:

Description “I sealed my master phassphrase on this device and protected it using my own TOTP algorithm. Can you recover it ? Once ready, come to the organizers desk to validate your solution on the device. (No connection to the device allowed)” Solution I didn’t solve this challenge on my own, but with nice team work with another team mate :) Overview of the device The device is a M5 Core (we used M5 Core Ink at Ph0wn CTF).

Actually, you’re not that welcome… ;-) You’ll understand why. Update March 28, 2023. Solutions to protect your computer. Update April 27, 2024. How they did the Welcome challenge in 2024. Description of the challenge “Welcome to Insomnihack! No bruteforce is needed! Simply run the following command on the attached file, and wait for the flag (it should take up to 1 minute). docker-compose up Have fun!” The challenge also provided a docker-compose.