Avatar

Labs / Blockchain Secrets

  • Daily Challenge
  • Released 10 Jul 2025
The lab needs to be started first.
Need help to start?
Daily Challenge

Blockchain Secrets - Complete Solution Walkthrough

Step 1: Understanding Bitcoin Transaction Structure

  1. Download the transaction_data.json file from the challenge page
  2. Open the JSON file and examine its structure
  3. Understand the key components:
    • txid: Transaction identifier
    • vin: Input transactions (where coins come from)
    • vout: Output transactions (where coins go to)
    • scriptPubKey: Output scripts that define spending conditions

Step 2: Identifying the OP_RETURN Output

  1. Examine the vout array in the transaction
  2. Look for outputs with "type": "nulldata"
  3. This indicates an OP_RETURN output, which is commonly used for data embedding
  4. In this transaction, the second output (index 1) is the OP_RETURN

Step 3: Analyzing the OP_RETURN Script

  1. Look at the OP_RETURN output's scriptPubKey
  2. The asm field shows: OP_RETURN 6a4c4a666c61673a31653533303236302d636631302d343566362d613438312d346664336264363732616437
  3. The hex field contains: 6a4c4a666c61673a31653533303236302d636631302d343566362d613438312d346664336264363732616437
  4. Both contain the same data in different formats

Step 4: Decoding the Hidden Data

  1. The data after OP_RETURN is: 6a4c4a666c61673a31653533303236302d636631302d343566362d613438312d346664336264363732616437
  2. This is hexadecimal-encoded data
  3. Convert from hex to ASCII using a tool like CyberChef or command line:
echo '6a4c4a666c61673a31653533303236302d636631302d343566362d613438312d346664336264363732616437' | xxd -r -p
  1. Or use Python:
python3 -c "import binascii; print(binascii.unhexlify('6a4c4a666c61673a31653533303236302d636631302d343566362d613438312d346664336264363732616437').decode())"

Step 5: Extracting the Flag

  1. The decoded data reveals: jLJflag:1e530260-cf10-45f6-a481-4fd3bd672ad7
  2. This contains the prefix jLJflag: followed by the actual flag
  3. The flag is: 1e530260-cf10-45f6-a481-4fd3bd672ad7
  4. This is the final flag in UUID format.
1e530260-cf10-45f6-a481-4fd3bd672ad7

Step 6: Alternative One-Line Solution

  1. You can extract and decode the flag in one command:
echo '6a4c4a666c61673a31653533303236302d636631302d343566362d613438312d346664336264363732616437' | xxd -r -p | sed 's/jLJflag://'
  1. This will output the flag directly: 1e530260-cf10-45f6-a481-4fd3bd672ad7

Technical Details and Security Implications

  • OP_RETURN: A Bitcoin script opcode that allows embedding arbitrary data in transactions. The data is stored on the blockchain but cannot be spent.
  • Data Embedding: Attackers and legitimate users alike can embed data in blockchain transactions for various purposes, including steganography and data exfiltration.
  • Forensic Analysis: Blockchain analysis tools can scan for OP_RETURN outputs to identify embedded data and potential malicious activity.
  • Real-World Impact: OP_RETURN has been used for various applications including timestamping, proof of existence, and even malware command and control.

Tools and Resources Used

  • xxd: Command-line hex dump utility for encoding/decoding
  • CyberChef: Online tool for data analysis and decoding
  • Python: For hex decoding and data manipulation
  • JSON parsers: For analyzing transaction structure

Challenge Summary and Methodology

  1. Reconnaissance: Analyze transaction structure and identify OP_RETURN outputs
  2. Data Extraction: Extract the hex-encoded data from the OP_RETURN script
  3. Decoding: Convert hex to ASCII to reveal the embedded message
  4. Flag Extraction: Decode the final hex string to obtain the UUID flag