Description The challenge provides the following contract, and, same as the Welcome challenge, the goal is to “unlock” to get the flag. 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 pragma solidity ^0.7.1; contract hidden { bool public isLocked; bytes32 private key; bool private other; uint256 private garbage = 88888888888; uint256 public useless; uint256 private bob; constructor() { //hidden } function unlock(bytes32 _something) public { require(other); if (key == _something) { isLocked = false; } } } Solving the challenge Like in the previous challenge, to unlock, we need a key, except this time it is private:

Description The challenge provides the following contract, and the goal is to “unlock” to get the flag. 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 pragma solidity ^0.7; contract welcome { bool public isLocked; string public key; constructor(string memory _key) { isLocked = true; _key = key; } function unlock(string memory _something) public { if (keccak256(abi.encodePacked(key)) == keccak256(abi.encodePacked(_something))) { isLocked = false; } } } Setup The CTF provided a very nice tutorial to setup the THCONETH network:

Description “I sealed my master phassphrase on this device and protected it using my own TOTP algorithm. Can you recover it ? Once ready, come to the organizers desk to validate your solution on the device. (No connection to the device allowed)” Solution I didn’t solve this challenge on my own, but with nice team work with another team mate :) Overview of the device The device is a M5 Core (we used M5 Core Ink at Ph0wn CTF).