CSE Puzzle Challenge - Puzzle 3 Solution


Sometimes knowing the rules means winning the game.


1. Decoding The Message

In the main image there is a grid of chess knights. This grid contains an encoded message which must be decoded in order to complete the challenge. From the image it can be seen there are four possible states for the knight to be in: front , right, back and left which will map to the values 0, 1, 2, 3 respectively. These four states are what is used to encode the message in the picture. Each set of four knights encodes a base 4 number which represents an ascii character value. For example the following image encodes the letter 'A':

The combination right, front, front, right encodes 1001 in base4. When converting this to base 10 we get 65 which is the ascii value for the letter 'A'. The following python script uses OpenCV to automatically decode the string from image:

insert script: knightDecoding.py

The script will first extract the subset image of the knights in the image. It will then retrieve the pixels for each of the four possible knight positions. At this point it loops through the entire grid image and performs pixel matching on each image determining the which of the four states the knight is in. This information is then decoded from base 4 to ascii.

Once the entire image is decoded it results in the following string:

Forsyth & Edwards need a checkmate next move: 3n4/k1P2P1p/3Q2p1/p7/K3Bb1r/P7/5P2/1q6 w - - 0 1 | pass=md5(winning_fen)


2. Completing The Chess Challenge

By searching “Forsyth & Edwards” from the decoded string on Google, one would find the Wikipedia entry to Forsyth–Edwards Notation (FEN) (https://en.wikipedia.org/wiki/Forsyth-Edwards_Notation). As described in the Wikipedia page FEN is a standard notation used to encode chess board positions. The FEN string contained in the decoded image results in the following chess position:

The decoded string indicates that a checkmate is needed on the next move. It also indicates that a password must be determined by taking the md5 of a winning FEN notation string:


Being whites turn it must move the pawn from c7 to c8 and promote to a knight in order to obtain the checkmate in one move as shown below. For those unfamiliar with chess, a board editor on a website such as https://lichess.org can be used to input the FEN string.  The checkmate move can then be obtained by using one of the websites chess engines.

In the original image the indication that “knowing the rules means winning the game” is a hint as to how the checkmate is obtained. As stated in the rules of chess one may promote their pawn to a bishop, knight, rook or queen. The use of knights to encode the message was also a hint that a knight promotion is used in the final checkmate. This new board position results in the following modified board position in FEN notation:

2Nn4/k4P1p/3Q2p1/p7/K3Bb1r/P7/5P2/1q6 b - - 0 1


Taking the md5 hash of this FEN string results in the following password:

md5(winning_fen) = md5("2Nn4/k4P1p/3Q2p1/p7/K3Bb1r/P7/5P2/1q6 b - - 0 1") = e818b1db90db15f2f86cb768481c6da9


This can be done using the GCHQ: CyberChef tool (https://gchq.github.io/CyberChef/) as shown below:


3. Extracting The Polyglot

Since all that is given with this challenge is the JPEG image it is not immediately clear what this password is for. By running binwalk on this image we can see that there is a zip file contained within the jpeg file. This is known as a polyglot.

cse@cse:~$ binwalk knights.jpg




0                       0x0                           JPEG image data, JFIF standard 1.01

1177786           0x11F8BA                Zip archive data, encrypted at least v2.0 to extract

1227768           0x12BBF8                End of Zip archive


This output also indicated the files is encrypted with a password. Unzipping this file may be done using the md5 hash as the password.


Extracting on Linux:

unzip -P e818b1db90db15f2f86cb768481c6da9 knights.jpeg

unzip will automatically find and extract the zip file contained within the JPEG image


Extracting on Windows:

            Windows zip file manager will not automatically find the zip archive contained within the JPEG so it must be extracted manually. This can be done in several ways including using the hex editing software 010. Opening the JPEG in 010 and doing a search for hexadecimal 0x04034b50 which is the ZIP file header signature. This is stored in little-endian order (least significant byte first) therefore a search for bytes “50 4B” will find the ZIP file header in the file.


This signature indicates the beginning of the ZIP file. By then copying all the data beginning from the header signature into a new hex file will result in a valid ZIP file. Saving this new file gives you a ZIP file the contents of which can then be extracted using the password found earlier.


At this point the challenge has been completed, congratulations!


Enjoy solving puzzles? Make a career out of it!