Vault Breaker — DawgCTF SP26

Description

The provided PDF contains a row of unusual symbols and explicitly references Donald and Scrooge.

Files provided:

• dawgCTF_2026_vault_breaker.pdf

Source: https://github.com/UMBCCyberDawgs/dawgctf-sp26/tree/main/Vault%20Breaker

English summary: the challenge gives a PDF containing 21 unfamiliar glyphs that resemble a pigpen-family symbol cipher. The goal is to identify the correct variant, decode the hidden password, and wrap it in the DawgCTF flag format.

Analysis

1. Initial recon: this is a symbol substitution puzzle

The PDF did not contain a useful text layer, so the first step was to render or extract the page content as images and inspect the symbols directly. The page contained 21 unusual symbols arranged as a ciphertext.

Visually, the glyphs looked very close to pigpen / Masonic cipher symbols: angular pen shapes, some with no dots, some with one dot, and some with two dots.

2. Standard pigpen gives nonsense

The obvious first attempt was to treat the glyphs as ordinary pigpen symbols. That produced:

JNQVJBJ&W&TKGDCHHETVA

This is not remotely flag-like, not readable English, and not a plausible password. That failure was useful: it suggested the challenge was using a pigpen-family variant, not the standard alphabet.

3. Extract the raw glyphs and compare exact duplicates

Instead of relying only on eyeballing, I extracted the raw symbol masks from the PDF's image/XObject data and compared the resulting SMask streams. That made it possible to verify whether symbols that merely looked similar were actually identical.

This confirmed several exact duplicates:

• symbols 1, 5, 7 were pixel-identical
• symbols 16, 17 were pixel-identical

After deduplicating all 21 positions, there were only 15 unique symbols. Labeling each new symbol in order gives the repetition pattern:

ABCDAEAFGFHIJKLMMNHDO

...