Sticky Key

official writeup; challenge created by me


I just got this email from my friend.  I think he was trying to tell me something important, but it just looks like random symbols.

Subject: ˆ ˇ˙ˆ˜˚ Â¥ ´¥∫øå®∂ ˆß ∫®ø˚´˜
Contents: ˆ †˙ˆ˜˚ µ¥ ˚´¥∫øå®∂ ˆß ∫®ø˚´˜≥ ˆ ∑åß π¬å˜˜ˆ˜© †ø †´¬¬ ¥ø¨ †˙ˆß ∫¨† ˆæµ ˜ø† ß¨®´ ˙ø∑ ¥ø¨ ∑ˆ¬¬ ®´å∂ ˆ†≥ Óøπ´ƒ¨¬¬¥ ¥ø¨ ç嘠ƒˆ˜∂ å ∑å¥≥ ∫¥¨ç†ƒ”∂ø˜†—¬´å√´—ßø∂å—∫¥—¥ø¨®—˚´¥∫øå®∂’

The flag should be submitted in all lowercase format.


The challenge itself contains two main hints to how it was created. The appearance of a  hints at the fact that it was typed on a Mac keyboard. The name of the challenge, “Sticky Key,” refers to the fact that the message was typed with the Option (Alt) key held down.

While there are tools available for decoding Windows Alt code ciphers, I do not know of any for decoding Mac Alt codes.

There are a couple ways of solving this. The first involves making a complete key in order to decrypt the entire message. This is most easily done on a Mac by typing a series of letters (e.g. “abc”) and then repeating that series with the Option key held down (e.g. “å∫ç”). These values can then be mapped to each other in a dictionary which can be used to decode the message. This is how the key for solve.py was created.

An alternative method is to identify where the flag is in the message, and decode only that portion of the message. If you look carefully, you will notice that 熃 (which, as you may guess, decodes to ctf) can be found towards the end of the message, so anything following that will be what we want to decode. By looking up the associated alt code for each symbol on a site such as this one, the flag can be decoded into byuctf{dont_leave_soda_by_your_keyboard}