You start in a pacman themed maze with some ghosts and a giant baby bottle at the end. Welcome to the qualifiers in which you'll need to clear this maze to access the actual game itself. You need to eat the power up nibblets in order to cause the ghosts to be edible (yum) then move in for the meal only to be blocked by a riddle / challenge! These are the challenges and their solutions:

Pro tip: You get a new hint to spawn in the lobby every half hour or so. You virtually have unlimited hints.

Ghost #1

What's the Discord Invite Code?

Super EZ. This is what the image looked so just type in the code Yv42V9fCMc

Ghost #2

I)ruid first post in hac-man channel date?

Well it involves you to go through discord so go ahead and join the link then search for I)ruid's posts in the channel. You'll find the date 08/01/2022

Ghost #3

It says to Hash the string with SHA-256:

"I, [Your USERNAME], am a Hac-Man ghostbuster!"

Go ahead and google a SHA-256 hasher and pass it through. I used: https://emn178.github.io/online-tools/sha256.html

Ghost #4

Ghost asks for the 2nd entry on the rogue singal watch list on hacman.roguesignal.io with a mention of the source?

Open up the site and smash that CTRL + U ... Voila you'll see "Sneakers"

Ghost #5

Funny questions on hacman.roguesignal.io that needs solving? Hint mentions spiders? Spiders aren't typically comedic but after running spydering software like dirb on a linux (I use kali VirtualBox VM's) you'll find robots.txt and see the question "What's a robot's favorite form of exercise?" which has an appropriately punny-funny answer of: "Circuit training" compliments of googly goo.

Ghost #6

Senior Spooky wants a PGP hash. No problem we'll generate one using https://pgptool.org/ then upload that entire generated text to https://keyserver.ubuntu.com/ get the hash and boom we get it. A hash looks like this: 95f660aeedcdacfa31a19dc6203efb25cb380d76

Ghost #7

Use the public key provided to verify the signature on the encoded message. Tell us what the message says:



So copy the signed message + Public key, pass your private key you made earlier here (https://pgptool.org/#decrypt) and hoozah the message is: "A ghostbuster was here!"

Ghost #8

We have recorded a message inside of hacman.roguesignal.io can you find it? The hint has something to do with Dennis knowing it with kicks on route 53 (66...I wanted it to rhyme)

After a GOOG, Route 53 is an Amazon DNS service so might as well do a DNS record search on the URL. We find a TXT record of some base 64 and after conversion, we get: "it's Always DNS!"

Packet Capture


I was the creator of this track and my packet analysis track was made to guide a player from scratch on how to capture and view data transmitting live on networks. It begins with players going to meet up with others at the Defcon packet capture village and then getting more and more involved in packet capturing.

I made a narrative for my challenges to give players context of a situation where packet capturing would be relevant in a real-world scenario. This is something I value when doing cyber puzzles myself as the more I can tie my experiences into lifelike scenarios, the more I retain the information.

I learned that many of the players were participating in the event remotely from other locations as far as Greece. This made it difficult for them to meet up and do the in-person challenges which I intended for players to experience. Also one of the issues I realized is that if any players plugged into the Defcon open network and opened up Wireshark they would be bombarded with BILLIONS of packets generated from the Defcon attendees. I did like how I was able to meet up with attendees/players at the packet capturing village and then show them the basics of how to capture traffic or to get over an obstacle they were having with my challenges.

Ghost #1 - One of us

Super easy, just take a photo of you at the Packet Capture Village

Ghost 2 - A data leak

Follow the TCP stream in Wireshark, scroll through conversations and you'll find: ctfa{terrific_traffic}

Ghost 3 - Wolf in sheep's clothing

Type in Jenny's full username from the Wall of Sheep: Jenny_number

Ghost 4 - A rogue user

More packet captures. TCP conversation scrolling nets: marcelle

Ghost 5 - Haystack

Multiple passwords passed on this network. TCP convo surf and add them together: ctfa{HTTP_FTW}+ctfa{HTTP_31337}

Ghost 6 - Encrypt3d

Load up the SSLKEYLOGFILE into wireshark's config and convo surf like normal. You'll find: Hide-and-seek

Ghost 7 - I spy with my little eye

Load up the SSLKEYLOGFILE, Pull http objects and you'll see the image. Text says: ICU2

Ghost 8 - H@rder 2 find

Crack the hash or pass it into crackstation, surf convos and you'll find: You-found-me!

Ghost 9 - Thȩ̶͝ R ا҉ guȩ̶͝ S1gṇ̷͝@l

No hash. Crack it via zip cracking tools with crackstation's wordlist and then surf away. You'll find the coordinates in a google maps browsing session: 50.450539, 30.522982

Ghost 10 - Сигнал з неба

Russo-Ukraine tribute question. Telemetry used in the war would come from devices that are being used. From that list find the ones using 3DES per the hint and you'll eventually find that the telemetry is coming from: ATXMEGA256A3


##Ghost #1 - Ceasar's Salad

Doo urdgv ohdg wr Urph.

It looks like a cipher of sorts. Has something to do with Ceasar. Ceasar's cipher is a good first try. decod.fr/ceasars cipher and done: "All roads lead to Rome."

##Ghost #2 - Rogue Signal

You get a roguesignal file (LINK TO MORSE CODE FILE):

Pass it through a morse code reader and you'll get this: "BEEPS AND BOOPS FTW"

##Ghost #3 - Drink Ur Ovaltine


With a hint of: sicksteentooate

Location: 1904

A reference to Christmas Story. A lot of things going on here so I'm simply passing it through CyberChef and it reccomends Base64 decoding


Convert each one and you'll get: "encoding is not encryption!"

##Ghost 4 - Poly Sub (no this isn't your kink)

Kw wdn qif tvys mvoj mtzqcxc iasv qql ichk zyai afg rlhpsz lq kfxl qnrlalliv gh ""owowpvpt vwvyeg mmt kft pwv"".

Hint: len(key) = 20

Location: Leather Boot in 1553"

Key length = 20? That smells like a vigenere cipher to me. Pass it through a decrypter and we'll get: "vigenere cipher for the win"

##Ghost #5 - Kate's favorite cipher


Hint: find one to die on. len(???) = 20

Location: Up

Well it looks like a cipher of sorts. Not ceasars, vigenere, or anything else easy to find. Must be custom and looks like a substitution cipher. Try those with no luck so check out a poly-substitution cipher as utilized in the previous challenge. Looking up the lyrics in the hint we'll get the song Running Up That Hill by Kate Bush with lyrics of "runnin up that hill" which is the same amount of characters as the cipher text. Match the format of the ciphertext by removing the spaces and you'll get: "runninupthathill"

##Ghost #6 - sPonGeMOcK

who lIvEs In a piNEappLe UNDer The SEA? sPonGeBOb SQuarEPaNTs! AbSOrBeNT aNd yElloW And POroUS is HE... spONgeBOB sQUarepants!

Hint: What a pair

Location: A Pineapple Under the Sea"

We have to convert to 0s and 1s, upper and lowercase then convert to ascii.


Scavenger Hunt

A whole lime - Get this at a bar

Green Colored Napkin - Get this at Party City

Green Colored Sharpie - Staples

A green covered book - Staples

Green deck of playing cards - Party City / Spraypaint a deck of playng cards

Green Medium sized hacker T-Shirt - Win a shirt from a village or make one from a T-shirt vendor

Green batter pancake with bacon - Food coloring and a custom order from Denny's

Green floppy disk - Spray Paint

Green Badge - Make one or win one. Toxic BBQ had green badges as well


Ghost 1

What is the Bitcoin genesis block's UTXO address?

Google this

Answer: 1A1zP1eP5QGefi2DMPTfTL5SLmv7DivfNa

Ghost 2

Create and submit a valid set of 12 BIP39 seed words.

Use this: https://iancoleman.io/bip39/

Example words: receive report comfort magic share current silly powder spirit once patient stadium"

Ghost 3

"Sign the following message using your bitcoin wallet address.

Please submit the address used to sign with and the signed message as follow: public_address;;base64_signature

Message: ""I, [USERNAME], am a Hac-Man ghostbuster!""" "https://reinproject.org/bitcoin-signature-tool/#sign


Ghost 4

What is the on-chain TXID for the Bitcoin Pizza purchase?

Google and you'll find it on the blockchain:

We can find the solution here : https://learnmeabitcoin.com/technical/txid


Ghost 5

Ciphertext: 55oagWjRv4cUUo2HtStrWyYHEcB9t

Hint: Bitcoin Address Encoding

Location: Mathematics

Google bitcoin address decoding and use a tool

Answer: "Better For Human Eyes"

Ghost 6 - Post-mortem Chainalysis

How many outputs are used in the infamous obituary transaction?

Hint: Dig out the Obituary

Location: Bitcoin Blockchain

It is a reference to the tribute to Len Sassaman that is planted into the blockchain at Block 138725 : https://pastebin.com/raw/BUB3dygQ

Transaction is this one : https://www.blockchain.com/btc/tx/930a2114cdaa86e1fac46d15c74e81c09eee1d4150ff9d48e76cb0697d8e1d72

We can now count the number of outputs.



Ghost 1

You get an image file and there's something secret in here.

Run strings, metadata reader, or open it up in notepad and scroll. You'll get: "m3t4d@ta is n0t v3ry s3cre7"

Ghost 2

We get this image: https://scramble.roguesignal.io/hm/covert_ecf77d292125f318dfdb/chal_2_5b27e39dafced4e5c9f7.jpg

Super blurry with a hint to enhance as there's signal in the noise. Do a DPI enhance and we'll find a QR code in the bottom right corner which is also mentioned with the pixel location of 1840, 1889. After a QR scan we get: "is this something you can see?"

Ghost 3 - PacmaN Gameboard

We like to hide data in all kinds of places. Can you find where we hid the secret in this one? With a hint to check for attached strings and a location in the chunks we'll run strings to find it at the bottom in multiple sections. Arranged together we get: "S3cr3t D4Ta 1n Th3 ChuNkz"

Ghost 4 - Nothing to See Here

We get a file of a simple quote from Frederick Lenz... Except it's not just a quote and has secret text in between the words using unicode from the hint. Find a unicode whitespace decoder and we'll eventually find zerosteg tools running with unicode. Decode and get: Z3Ro_W1Dth_Ch4rs_h1de_da7a_too

Ghost 5 - ASCII ART

"aScii art caN be c0nsidered as a lost art. What Could be hiding heRe? 4 real, there has to be SometHing here right !"

Using the series of unfortunate events style hidden keys we find SN0WCR4SH! in the text above. The hint references a tool with misspelled know replaced with snow. We're in a steg category so we google snow + steganography and get the snowsteg tool. Check the man page + example and run it with the password above. Doesn't work? try lowercase based on the password format of challenges before. You'll get: h4cm4n_w1ll_s4ve_th3_day

Ghost 6 - Weird Tones

We have intercepted this strange audio. Our best guess is this is some weird extraterrestrial techno dance music or possibly in a hidden message.

Asset File

Hint: be a multi-freq in the sheetz

Location: vocal frequencies

These are Dual tone multi-frequency (DMTF) tones.

They decode to: 74306e65735f74305f7433787421

If we convert this message from hex to ascii, we get the answer.

Amswer: t0nes_t0_t3xt!

Ghost 7

There is a zip file hidden in the 2 least significant bits (LSB) of the RGBA channels.

The zip file contains a file named s3kr3t.txt

The zip file seemed corrupted so I was not able to extract it but the contents of the txt were shown in plain sight in zip file's source code.



��s3kr3t.txtUT �ÁòçbÁòçbux




Solve Method #2

We are given the following file : https://hacman.roguesignal.io/hm/covert_ecf77d292125f318dfdb/chal_7_45641bf2d1b7dbce60d0.png

If we use zsteg on this file, it reveals a hidden file in it. Let’s extract it :

zsteg -E 'b2,rgba,lsb,xy' chal_7_45641bf2d1b7dbce60d0.png > extr

Answer: H1dd3n__d4ta_in_th3_bitz

Ghost 8

We are given the following audio file : https://hacman.roguesignal.io/hm/covert_ecf77d292125f318dfdb/chal_8_baf8b732b6003e08a4ed.wav

There is something hidden with steghide in the audio.

In order to extract it, we need to find the correct password.

If we run a dictionary attack with rockyou.txt we will find the correct password which is "pacmanrulez".

The hidden secret is a PNG image that contains a QR code.

When we scan the QR, we get the answer.

Answer: ch0mp1n_tho5e_p0w3r_pell3tz

Ghost 9

The answer is hidden visually in the LSB of blue channel

Answer: N0w_Y0u_c4n_see_m3

Ghost 10

We have to extract the file as zip.

We will find a png file in the zip.

Another zip is hidden inside the png.

This zip contains a wav file.

In the metadata of the wav file there is this instruction:

User Defined Text: (Follow Me To) https://www.dropbox.com/s/r7ytyy6p3j16sja/Pac-Man%20Fever-secret.wav?dl=0

We get another wav file from that link.

Then the answer is in the spectrogram of this wav file.

Answer: I ain't afraid of no ghost

Word Association

Basically a hacker vocab test.

Defcon - 30

stack - network

Silicon - Valley

Dial - up

Boot - loader

Full - stack

black - hat

home - directory

War - Driving

Trumpet - winsock


##Ghost 1

"Phantom Rogue Signal

Stand up on one leg to elevate yourself to the level of bits in the Atari Pac-Man game to find a group of rogue broadcast signals. Name one of them.

Hint: WiFi

Go and walk around the casino to find pacman ghost themed wifi networks.

Names of ghosts: Blinky, Pinky, etc.

##Ghost 2

Multiple rogue signals on this map. What just happened? Hint: Radio.








You got: "Rick Roll"(ed)

Authors & Contributors

Game Creators:

Preston Zen








And of course, thank you Rogue Signal for another great event!