As promised, here is a master tarball of everything that went in to the long, CTF-inspired challenge anomaly. This anomaly was inspired by 1o57’s Badge Challenges at DEFCON. You can find write-ups http://potatohatsecurity.tumblr.com/post/126411303994/defcon-23-badge-challenge, http://elegin.com/dc22/, http://elegin.com/dc21/, http://elegin.com/dc20/.
Each tar seems to extract differently with different tar implementations.
The phone numbers only worked on ISEPhone. Wav files are included for what the phones would play. The “Synthesized Voice” stage read off the given data in hex.
On the competition network, 126.96.36.199 served the password binary. verysecret.isucdc.net served the initial breadcrumb tarball.
There was an access point in the Armory. The phone number lead to the SSTV wav.
The AP had a captive portal. In the captive portal, there were HTML comments giving instructions to submit the answer on red paper.
— Spoilers below —
The password binary had an unused function in the function table. Calling this function gives extra clues, and the name was a clue as well.
The first PDF could be extracted as a tar.gz. its_dangerous_to_go_alone was also a tar.gz.
verysecret.space is the “very secret.space”