Lab Icon

Blockchain Secrets

Challenge 10 Jul 2025 Pro Exclusive Solution Available

Start the machine, hack the system, and find the hidden flags to complete this challenge and earn points!

1
Flags
5
Points
84%
Success Rate
Start Your Challenge
~1-2 min setup
Dedicated server
Private instance
Industry standard
This solution is for Flags Mode

This walkthrough explains how to hack the lab and capture the flags. For help with Learning Mode questions, use the Request Hint button next to each question.

Challenge

Blockchain Secrets - Complete Solution Walkthrough

Step 1: Understanding Bitcoin Transaction Structure

  1. Download the transaction_data.json file from the challenge page
  2. Open the JSON file and examine its structure
  3. Understand the key components:
    • txid: Transaction identifier
    • vin: Input transactions (where coins come from)
    • vout: Output transactions (where coins go to)
    • scriptPubKey: Output scripts that define spending conditions

Step 2: Identifying the OP_RETURN Output

  1. Examine the vout array in the transaction
  2. Look for outputs with "type": "nulldata"
  3. This indicates an OP_RETURN output, which is commonly used for data embedding
  4. In this transaction, the second output (index 1) is the OP_RETURN

Step 3: Analyzing the OP_RETURN Script

  1. Look at the OP_RETURN output's scriptPubKey
  2. The asm field shows: OP_RETURN 6a4c4a666c61673a31653533303236302d636631302d343566362d613438312d346664336264363732616437
  3. The hex field contains: 6a4c4a666c61673a31653533303236302d636631302d343566362d613438312d346664336264363732616437
  4. Both contain the same data in different formats

Step 4: Decoding the Hidden Data

  1. The data after OP_RETURN is: 6a4c4a666c61673a31653533303236302d636631302d343566362d613438312d346664336264363732616437
  2. This is hexadecimal-encoded data
  3. Convert from hex to ASCII using a tool like CyberChef or command line:
echo '6a4c4a666c61673a31653533303236302d636631302d343566362d613438312d346664336264363732616437' | xxd -r -p
  1. Or use Python:
python3 -c "import binascii; print(binascii.unhexlify('6a4c4a666c61673a31653533303236302d636631302d343566362d613438312d346664336264363732616437').decode())"

Step 5: Extracting the Flag

  1. The decoded data reveals: jLJflag:1e530260-cf10-45f6-a481-4fd3bd672ad7
  2. This contains the prefix jLJflag: followed by the actual flag
  3. The flag is: 1e530260-cf10-45f6-a481-4fd3bd672ad7
  4. This is the final flag in UUID format.
1e530260-cf10-45f6-a481-4fd3bd672ad7

Step 6: Alternative One-Line Solution

  1. You can extract and decode the flag in one command:
echo '6a4c4a666c61673a31653533303236302d636631302d343566362d613438312d346664336264363732616437' | xxd -r -p | sed 's/jLJflag://'
  1. This will output the flag directly: 1e530260-cf10-45f6-a481-4fd3bd672ad7

Technical Details and Security Implications

  • OP_RETURN: A Bitcoin script opcode that allows embedding arbitrary data in transactions. The data is stored on the blockchain but cannot be spent.
  • Data Embedding: Attackers and legitimate users alike can embed data in blockchain transactions for various purposes, including steganography and data exfiltration.
  • Forensic Analysis: Blockchain analysis tools can scan for OP_RETURN outputs to identify embedded data and potential malicious activity.
  • Real-World Impact: OP_RETURN has been used for various applications including timestamping, proof of existence, and even malware command and control.

Tools and Resources Used

  • xxd: Command-line hex dump utility for encoding/decoding
  • CyberChef: Online tool for data analysis and decoding
  • Python: For hex decoding and data manipulation
  • JSON parsers: For analyzing transaction structure

Challenge Summary and Methodology

  1. Reconnaissance: Analyze transaction structure and identify OP_RETURN outputs
  2. Data Extraction: Extract the hex-encoded data from the OP_RETURN script
  3. Decoding: Convert hex to ASCII to reveal the embedded message
  4. Flag Extraction: Decode the final hex string to obtain the UUID flag