miscfreeeasy

Knitted Flag

GPN CTF 2024

Task: a knitout-2 industrial-knitting program (pattern.k) hides a flag in a double-knit tube. Solution: ignore the random yarn-carrier colors (decoy), track each loop's identity through every xfer to un-spiral the tube into 20 stable wales, render front-bed vs back-bed stitches as black/white, rotate 90 degrees and OCR the resulting pixel-font flag text.

$ ls tags/ techniques/

leetspeak pixel_font misc knitout knitting_machine double_knit jacquard tube_knitting structural_steganography

pixel_font_ocrknitout2_parsingloop_identity_trackingtube_unspiralingfront_back_bed_rendering

$ cat /etc/rate-limit

Rate limit reached (20 reads/hour per IP). Showing preview only — full content returns at the next hour roll-over.

Knitted Flag — GPN CTF 2024

Description

I got a new knitting machine to help me with the tablecloths for the restaurant but I accidentally dropped my flag into it. Can you help me unravel it?

We are given a single file pattern.k (~22290 lines) in the knitout-2 format — a textual instruction language for industrial knitting machines. The goal is to recover the flag encoded in the knitted fabric.

Analysis

Format recognition. The header lines ;!knitout-2, ;;Carriers: 1 2 3 4 5 6, followed by inhook 1..6 identify the knitout-2 instruction language. Operation counts:

tuck ×20 — cast-on setup
knit ×19554 — the body
xfer ×2668 — exactly 1334 f->b and 1334 b->f
drop ×40 — cast-off

The knit op format is knit <dir> <bed><needle> <carrier>, e.g. knit - f20 1. dir is +/-, bed is f(front) or b(back), needle is 1..20, and carrier 1..5 is the yarn color.

Geometry. This is a tube / double-knit program: a front bed (20 needles) and a back bed (20 needles), circumference 40. Each round is a - pass over needles 20→1, some xfers, a + pass over needles 1→20, more xfers. The balanced xfer operations rotate stitches around the tube (spiral knitting), so a naive "20-stitch course" grid comes out scrambled.

Red herring — the carrier colors. The yarn carriers 1..5 are uniformly random (counts ≈ 4371 / 3452 / 3863 / 3477 / 4391). Rendering pixels colored by carrier produces pure noise in every orientation. Color is NOT the data.

...

$ grep --similar

Similar writeups

[reverse][Pro]Nava - ASIS CTF Reverse Challenge— ASIS CTF
[reverse][Pro]Cursed Steganography— duckerz
[forensics][free]Triplets— tjctf
[stego][Pro]Огрызок (Stub)— bug-makers
[stego][Pro]Отформатированный код (Formatted code)— bug-makers