Updated checker with fun more things, also added updated post ID python script so you can make sure it actually works. It was a fight this one with the innermost workings of swift's hex system. It's ugly.

Author: Robert Quander

checker/src/FinalFinalTry.py

@@ -0,0 +1,64 @@
+import uuid
+from datetime import datetime, timedelta
+
+def generate_profile_uuid(username: str) -> uuid.UUID:
+    # Pad/trim to 16 bytes
+    username_bytes = bytearray(username.encode('utf-8')) 
+    while len(username_bytes) < 16:
+        username_bytes.append(ord('_'))
+    username_bytes = username_bytes[:16]
+
+    hex_str = ''.join(f"{b:02x}" for b in username_bytes)
+    uuid_str = f"{hex_str[:8]}-{hex_str[8:12]}-{hex_str[12:16]}-{hex_str[16:20]}-{hex_str[20:]}"
+    return uuid.UUID(uuid_str)
+
+def secret_generator(date: datetime) -> int:
+    # Adjust from CEST (UTC+2) to UTC
+    adjusted = date - timedelta(hours=2)                # Unterschied zu docker zeit einfach über post zeitstamp finden
+    return int(adjusted.strftime("%Y%m%d%H%M"))
+
+def derive_post_id(profile_id: uuid.UUID, timestamp: datetime, counter: int) -> uuid.UUID:
+    # Secret seed
+    seed = secret_generator(timestamp)
+    combined_seed = (seed << 8) | (counter & 0xFF)
+
+    # Left (first 32 bytes of UUID string UTF-8)
+    left = list(str(profile_id).upper().encode("utf-8")[:32])      # NUR DAS MATCHED RICHTIG ZU SWIFT!
+    while len(left) < 32:
+        left.append(0)
+
+    # Right (hex string of combined_seed, left padded with "0" to 32 chars)
+    seed_hex = f"{combined_seed:016x}".ljust(32, "0")  # ljust, not zfill! Ansonsten geht es nicht, weil anders als Swift!
+    right = list(seed_hex.encode("utf-8")[:32])
+
+    # XOR
+    xored = [a ^ b for a, b in zip(left, right)]
+    hex_out = ''.join(f"{b:02x}" for b in xored)
+
+    # Format as UUID
+    uuid_str = f"{hex_out[:8]}-{hex_out[8:12]}-{hex_out[12:16]}-{hex_out[16:20]}-{hex_out[20:32]}"
+    return uuid.UUID(uuid_str)
+
+# xample 
+if __name__ == "__main__":
+    username = "username"
+    profile_uuid = generate_profile_uuid(username)
+    base_time = datetime.now().replace(second=0, microsecond=0)  # Local time (CEST)
+
+    print(f"Profile UUID: {str(profile_uuid).upper()}")
+    print(f"UUID string UTF-8 bytes: {list(str(profile_uuid).upper().encode('utf-8')[:32])}")
+    print(f"Base time:    {base_time.isoformat()}")
+
+    seed = secret_generator(base_time)
+    combined_seed = (seed << 8) | 0
+    seed_hex = f"{combined_seed:016x}".ljust(32, "0")
+    print(f"Seed int:     {seed}")
+    print(f"Combined:     {combined_seed}")
+    print(f"Seed hex:     {seed_hex}")
+    print(f"Seed hex UTF-8 bytes: {list(seed_hex.encode('utf-8')[:32])}")
+
+    for counter in range(10):
+        post_id = derive_post_id(profile_uuid, base_time, counter)
+        print(f"Post ID (counter={counter}): {str(post_id).upper()}")
+
+

checker/src/checker.py

@@ -241,45 +241,35 @@ async def putnoise_v2(task: PutnoiseCheckerTaskMessage, db: ChainDB, logger: Log
     password = ''.join(random.choices(string.ascii_letters + string.digits, k=10))
     await conn.register_user(username, password)
 
-    # Generate fake year and noise message
+    # Easter eggs
     easter_eggs = {
-        "69": "(hehe)",              # Nice
-        "420": "(noice)",            # Blaze it
-        "1337": "(leet)",            # Elite h4xx0r
-        "666": "(evil?)",            # Beastly
-        "8008": "(höhö)",            # Calculator giggles
-        "1010": "(Shorten to 2!)",   # Programmers unite
-        "1234": "(count it)",        # Straight up
-        "1947": "(partition)",       # India/Pakistan independence (neutral phrasing)
-        "1917": "(revolt)",          # Russian Revolution
-        "888": "(luck++)",           # Chinese good luck
-        "1001": "(n8-n8)",           # 1001 Nights
-        "1492": "(ocean blue)",      # Columbus sailed the ocean blue
-        "1861": "(unified)",         # Italy unification
-        "681": "(Bulgaria!)",        # Founding of Bulgaria
-        "2008": "(北京!)",            # Olympics year
-        "404": "(not found)",        # HTTP humor
-        "9001": "(over 9000!)",      # Dragon Ball meme
-        "314": "(pi)",               # π = 3.14
-        "3141": "(ππ)",              # π again, but extra
-        "2718": "(eeee!)",           # Euler’s number
-        "1821": "(το ξέρεις)",       # Greek independence
-        "123": "(basic)",            # Beginning of all things
-        "007": "(licensed)",         # Bond. James Bond.
+        "69": "(hehe)", "420": "(noice)", "1337": "(leet)", "666": "(evil?)", "8008": "(höhö)",
+        "1010": "(Shorten to 2!)", "1234": "(count it)", "1947": "(partition)", "1917": "(revolt)",
+        "888": "(luck++)", "1001": "(n8-n8)", "1492": "(ocean blue)", "1861": "(unified)",
+        "681": "(Bulgaria!)", "2008": "(北京!)", "404": "(not found)", "9001": "(over 9000!)",
+        "314": "(pi)", "3141": "(ππ)", "2718": "(eeee!)", "1821": "(το ξέρεις)", "123": "(basic)",
+        "007": "(licensed)"
     }
-    year = str(random.randint(0000, 4000))
-    suffix = ""
-    for key, tag in easter_eggs.items():
-        if year.endswith(key) or year == key:
-            suffix = tag
-            break
-    noise_text = f"Meet my in {year}{suffix}. Get your time machine ready! Here is a teaser for what's waiting for you, btw: " + "@>" + \
-             "+" * random.randint(6, 10) + \
-             "[<" + "+" * random.randint(8, 12) + ">-]<." + \
-             ">" + "+" * random.randint(1, 4) + "."
-
-
-    # Upload public post
+
+    if random.random() < 0.1:
+        year = str(random.randint(0, 4000))
+        suffix = ""
+        for key, tag in easter_eggs.items():
+            if year.endswith(key) or year == key:
+                suffix = tag
+                break
+        noise_text = f"Meet me in {year}{suffix}. Get your time machine ready! Here is a teaser for what's waiting for you, btw: " + \
+                     "@>" + "+" * random.randint(6, 10) + \
+                     "[<" + "+" * random.randint(8, 12) + ">-]<." + \
+                     ">" + "+" * random.randint(1, 4) + "."
+    else:
+        try:
+            with open("noise-posts.txt", "r", encoding="utf-8") as f:
+                lines = [line.strip() for line in f if line.strip()]
+            noise_text = random.choice(lines) if lines else "Welcome to my quantum jump presentation!"
+        except FileNotFoundError:
+            noise_text = "404: noise-posts.txt not found. Posting temporal static instead."
+
     resp = await client.post(
         "/public_post",
         data={"text": noise_text},
@@ -297,6 +287,7 @@ async def putnoise_v2(task: PutnoiseCheckerTaskMessage, db: ChainDB, logger: Log
     await db.set("userdata", (username, password, post_id, noise_text))
 
 
+
 @checker.getnoise(1)
 async def getnoise_v2(task: GetnoiseCheckerTaskMessage, db: ChainDB, logger: LoggerAdapter, client: AsyncClient):
     conn = HTTPConnection(logger, client)
@@ -311,7 +302,8 @@ async def getnoise_v2(task: GetnoiseCheckerTaskMessage, db: ChainDB, logger: Log
 
 @checker.exploit(1)
 async def exploit_v2(task: ExploitCheckerTaskMessage, db: ChainDB, searcher: FlagSearcher, logger: LoggerAdapter):
-    if not task.attack_info:
+    username = task.attack_info
+    if not username:
         raise MumbleException("Missing attack_info (username)")
 
     base_url = f"http://{task.address}:{SERVICE_PORT}"
@@ -323,8 +315,7 @@ async def exploit_v2(task: ExploitCheckerTaskMessage, db: ChainDB, searcher: Fla
         await client.post(f"{base_url}/register", data={"username": attacker, "password": pw}, follow_redirects=True)
 
         # Step 1: Search for the target profile
-        resp = await client.get(f"{base_url}/search?q={task.attack_info}",
-                                follow_redirects=True)
+        resp = await client.get(f"{base_url}/search?q={username}")
         match = re.search(r'href="/home-of/([A-Fa-f0-9\-]+)"', resp.text)
         if not match:
             logger.debug(f"Search page content:\n{resp.text}")

checker/src/noise-post.txt

@@ -0,0 +1,65 @@
+Check out my invention of the year: egg-less time travel!
+I met Napoleon in 1804. He still owes me a baguette.
+Wanna loop through 1337 timelines with me?
+The quantum party starts at 3141 hours. See you in t̴̩̬̬̿̿̉͘͝͠ḩ̵̦̹̥̹͖̇̌̿͝ḙ̷̡̜͈̹̗̂͊̃̈́ͅ ̶͍̜̒̃̚̚͝͝v̷̧̜̂ó̴̱͌̓ͅì̸̡̺̦͙͔͛̑́͘̚d̵̡͍͖͓̊̒͌̓͂̉. 
+What happens in Atlantis stays in Atlantis. I told my wife... But she wouldn't listen. Now everybody kows about our ▓▓▓▓▓▓▓▓▓ and the ▓▓▓▓▓▓▓▓▓▓▓▓▓ with 50 other people, where I ▓▓▓▓▓▓▓▓▓ into the ▓▓▓▓▓▓▓▓▓▓ of ▓▓ people at once! Maybe I shouldn't post publically about that. let's del
+@++++++++++[>+>+++>+++++++>++++++++++<<<<-]>>>>-----------.++++++++++++++++++++++.++++++.<<++.>>---.-------------.----.+++++++++++..+++++++++++++.<<.>>-----.------------.+++++++.++++++.--------------.+.++++++++++++.<<.>>.------------.---.+++++++++++++.-------------.<<.>>++++++++++++++++++.----------------------.++++++++++++++++++.<<.>>------------------.<<.>>+++++.++++++.-----------.++++++.<<.>>+++.+++++++++++.--.+.<<.>>-----.++++++.-.<<.>>-----------.+++++.<<.>>++++++.------------.---.<<.>>++++++++++.+.-----------.+++++++++.<<.>>++++++.------------.---.+++++++++++++.-------------.<<++++++++++++.------------.>>-.+++++.-----.<<.>>+++++++++++++++++++++.----------.++++++.<-------.@
+@++++++++++[>+>+++>+++++++>++++++++++<<<<-]>>>-.+++++++++.+.>++++++++++.+.-.+.-.+.<<++++++++++++++.------------.>>+++++.------------.+.++++++++++.<<.>>----------.++++++++++.<<.>>-----.+.+++++.<<.>++++++++++++++++++.<.>+++++.++++++.-----------.++++++.@
+Still trying to figure out this one... @+[[->[>]+<[-<]+]>[-<+[->+<]>]]<]>+[-]<@
+Tired of 2025? So were we. Join our event in the year 3201 and finally witness the great avocado uprising.
+Rumor has it that the dinosaurs weren't wiped out. They just RSVP'd to a better timeline. Event access code: ++>+++++[<+++++>-]<---.
+Accidentally booted the toaster into sentience. Hosting a support group in 2112. BYOT (Bring Your Own Timeline).
+You’ve heard of Schrödinger’s cat. Meet Schrödinger’s conference: you’re both attending and not attending, until you check in.
+Wanna break causality? We do it every Sunday. Location: ∞ loop. Code: +[+++]-[->+<]>.
+We left a sock in 1974. Ever since, nothing's matched. Join us to close the loop. Literally.
+Ever seen someone argue with their future self? It's messy. Our panel on temporal conflict resolution meets in 2404.
+Don't trust the guy in the trench coat selling paradoxes. Trust us instead. We’re in 1888. Again.
+Fun fact: 3033 was skipped due to timezone conflicts. We’re meeting there anyway. Decoder ring required: @++++++[>++++++++<-]>.
+Our last speaker refused to exit the loop. He’s still talking. Brainfuck feed: `[->+<]>+++[<-->-]`.
+Aliens gave us this calendar and it ends in 3979. Come to our event before we run out of time. Literally.
+Got stuck between 1999 and 2001? We have a talk about that. Just follow the sound of the dial-up modem.
+Our keynote crashed after writing `+++[>+++<-]>.` Someone please bring a debugger and a flux capacitor.
+@+[->[>]+<[-<]+]+[>+++++[<----->-]<+++++]>[--->++<]>+++[->++<]>+++]<@
+@+[--->[>+>+<<-]>>[-<<+>>]<<[->>+<<]>[-]>[-]<<]<[->+<]@. Nothing more to say to that.
+Arrived in Atlantis, 962 BCE. Everyone’s laughing, drinking. I keep hearing “unsinkable.” Might leave early.
+Pompeii, 78 AD. Locals keep complimenting the weather. Sky smells like matches. I scheduled our party for tomorrow noon.
+May 5, 1937, Lakehurst. Tickets in hand, spirits high. Heard someone say “Hindenburg” — sounds German. Should be fine.
+June 27, 1914. Just saw Franz Ferdinand wave from his car. Locals say the café's got great seating. I'm grabbing a table.
+April 12, 1912. A floating palace! First class, smooth seas, mild ice warnings. What could possibly go wrong?
+Chernobyl, April 25, 1986. “Routine safety test,” they said. “Just a formality.” Join our mixer right after.
+San Francisco, 1905. Real estate booming, cafés full. Next year’s forecast: “vibrant energy.” Might register early.
+Edo, 1657. Streets narrow, lamps charming, wood buildings everywhere. Smells like kindling. What a vibe.
+Naples, 1944. Locals are excited for a big show tomorrow. Something about Mount Vesuvius again?
+January 27, 1986. Invited to watch a shuttle launch in Florida. Everyone’s buzzing. Feels like history.
+London, 1665. New bar just opened. Lots of sneezing, though. Probably the weather.
+Woke up in 2525. Humans are gone, but my fridge runs Linux. Might try time-traveling to uninstall systemd.
+Tried to prevent a paradox. Ended up being my own great-grandparent’s roommate. Avoiding mirrors now.
+1871 Paris. Thought it was a wine festival. Turned out to be a revolution. Still had a great night.
+1939 Berlin. Everyone keeps talking about “peace in our time.” I’ve seen this movie. It ends badly.
+I typed @++[>++[>++<-]<-]>>.@ at midnight and now my toaster speaks Latin. Need help. It might summon something we're not ready for yet.
+Currently trapped in 1351. Plague masks look great, but everyone is socially distant in the worst way.
+2160. Earth is mostly servers and sand. I think Stack Overflow is sentient now. It keeps asking me questions.
+I accidentally invented jazz in 1899 by dropping a flute down the stairs. Future historians are confused.
+Tried to write a loop. Forgot the exit. Still running in 42 BCE.
+Just recalibrated the quantum flux capacitor. Arrived 3 hours before I left. Great way to skip security lines.
+Chrono-stabilizers failed again. I landed inside the same meeting three times. Still didn’t get promoted.
+Using entangled breakfast particles to navigate time. My croissant just winked at me.
+They said the multiverse was unstable. I said “hold my tachyon.” Long story short: I now have two birthdays.
+Warning: crossing timelines with unresolved feelings may cause emotional recursion.
+According to the Temporal Ethics Manual (page 42): “Absolutely do NOT date yourself.” It’s complicated.
+Just time-slipped into a moment between moments. The silence screamed. 10/10 would time again. 💀
+I visited the end of time. It looked like an empty comment section.
+God rolled back the timeline. Said it wasn’t tested properly. Welcome to Patch 1.0.1: Reality Rebooted.
+They say “don’t meet your heroes.” I met all of them. One was me. One was worse. And one a horse.
+History is just bugs waiting to be patched. Unfortunately, time travel introduces more bugs than it fixes.
+Here’s a teaser for the next event: @+[+[+[+[+[+[+[+[+[+[+[+[+[+[+@ (Try debugging it in your head.)
+This code runs forever. Like your chances in this CTF: `++++[>++++[>++++<-]<-]>>.<<<+++[>+++<-]>`
+Built a timeloop in Brainfuck. Then realized I was the loop. @+[+[+[+[+[+[+[+[+@ RIP.
+Never gonna give you up, never gonna let you down, never gonna run around and hurt you.
+Saw a guy in the washroom popping his pimples like they were elements in a heap.
+Erst war da ein stein. dann noch ein stein -> zweistein. Dann noch ein stein -> dreistein. Dann noch ein Stein -> vierstein. Dann...
+oiagisdufgjklasdfbaerwpoaqwekolam sdnasdljk. My keyboard's sticky. :/
+Du sagst mir jetzt wo mom ist, du Schwamm! Wo ist mom? 
+SWEET! Ein Bausparvertrag!
+Seitenbacher Müsli! Lecker!
+must see!! www.youtube.com%2Fwatch%3Fv%3DQDia3e12czc I placed a flag in the comments!

checker/src/uuidTest.py

@@ -39,7 +39,7 @@ def derive_post_id(profile_id: uuid.UUID, timestamp: datetime, counter: int) ->
 
 
 
-username = "klarname"  # Example username, replace with actual task.username if needed
+username = "username"  # Example username, replace with actual task.username if needed
 profile_uuid = generate_profile_uuid(username)
 #base_time = datetime.utcfromtimestamp(task.round.timestamp / 1000)
     #base_time = datetime.fromtimestamp(task.round.time / 1000)
@@ -48,7 +48,8 @@ def derive_post_id(profile_id: uuid.UUID, timestamp: datetime, counter: int) ->
 base_time = base_time.replace(minute=base_time.minute)
 print(f"base_time: {base_time}")
 print(derive_post_id(profile_uuid, base_time, 0))  # Example usage of derive_post_id
-print(generate_profile_uuid(username))  # Example usage
+#username = str(profile_uuid).upper()  # Ensure the UUID is uppercase
+print(str(generate_profile_uuid(username)).upper())  # Example usage
 
 
 #02030E72-0707-020C-1C04-040F0D1A0701 # Site
@@ -67,4 +68,7 @@ def derive_post_id(profile_id: uuid.UUID, timestamp: datetime, counter: int) ->
 # 03730e77-0700-0200-1c02-750401180608
 
 #03730E77-0704-030B-1C02-7501021B0674
-#03730e77-0704-030b-1c02-7501021b0674
+#03730e77-0704-030b-1c02-7501021b0674
+
+#generated: 02030e72-070a-0505-150e-0401001d0701
+#actual: 07020676-0454-0403-1853-575600190701