HackFu ZA 2016 - The PostScript

By David Yates

After the deadly Z-Virus outbreak in Johannesburg South Africa on the morning of Friday 8 July 2016, the city quickly became uninhabitable. Most people left while they still could, and those who remained where either vicious zombies or desperate survivors and scavengers, suffering from latent strains of the virus and struggling to maintain their humanity.

But hope remained. A mysterious individual known only as the Warden set up a safe haven in an abandoned warehouse. His mission statement was to bring together the best and brightest who still survived and work with them to uncover the source of the virus.

On the morning of Friday the 8th of July, a ragtag mass of around fifty survivors arrived at the entrance of the Warden's safe haven. They were tired and haggard from weeks of fighting to survive, but all were hopeful and resolute, determined to do whatever they needed in order to stop the spread of the virus.

As the survivors entered the warehouse, they were tested for strains of the virus. To their horror, all were infected. Prolonged exposure to the toxic streets of Johannesburg and its zombie hordes had left none unscathed. Though the virus only had a latent presence in their systems, it was but a matter of time until all lost their humanity and became mindless zombies.

The Warden observed two strains of the virus in the intake that day. Fearful of the unpredictable effects of cross-contamination, he separated the survivors into two teams:

0xDEAD, whose symptoms included red eyes and intermittent nausea


The Unpwned, who suffered from unsightly face rashes.

The two teams immediately set about investigating the many artefacts and things of interest left behind by the previous tenants of the warehouse, guided and encouraged by letters left by the Warden.

They picked locks:


From the desk of the Warden...

Before I commandeered this building out of the necessity of providing a refuge for the last remnants of humanity in these dark times, it belonged to a large research institution called the Reinhardt-Werner Multigroup. From the scant documentation I've managed to recover, it appears that they were involved in a number of eccentric scientific experiments in a variety of disparate fields.

Anyway, I imagine the scientists and researchers here must have been in an awful hurry to get out once the unpleasantness started, so they left behind a lot of equipment. Most of it is junk that I've had to clear out to make room, but I suspect there are some very interesting items in these carefully locked crates.

If any of you can get them open, their contents are yours!


Your Warden

They deciphered strange radio signals:


From the desk of the Warden…

The previous occupants of this building left a number of disassembled radios lying around. I've gathered them up in hopes that some survivor with more time and patience than I would be able to reassemble them.

A few weeks ago, one of my temporary tenants complained that radio signals were hurting his brain. I had to kick him out after he started a fight with another tenant over a roll of tinfoil. I think he was a bit mad, but aren't we all these days? In any case, reassembling these radios might also allow us to find out if there was anything to his ravings.


Your Warden

And they investigated Apps on abandoned smartphones:


Below are the contents of a message found enclosed with this phone.This message was written on a torn scrap of paper, in a large, shaky hand.

This phone was rescued from RWM's mandatory evacuation destruction process, at great cost. It can't be removed from this building, as it may self-destruct. There's an app on the device containing sensitive RWM information. Finding that information may be the key. 

Making use of technical acumen, creative thinking, and persistence, the intrepid members of 0xDEAD and The Unpwned soon discovered that RWM, the previous owners of the warehouse they inhabited, were behind the creation and spread of the virus.

Once the teams had proven their skills, the Warden entrusted them with a special, personal mission:


From the desk of the Warden...

Now that you've proven yourselves a capable and resourceful team by gaining access to my wifi and a record number of RWM secrets, I have a personal favour to ask.

I'm going to keep this brief. We've all lost people to the virus. I lost my wife. You might have seen the thing in her skin on your way in, shambling around and slowly rotting. She's just outside this building, with all the others.

I need you to end her pain and mine. I've set up an automatic weapon in one of the smashed out windows in another section of the facility. However, I can't allow anyone to risk their lives by manually operating that weapon: the thing that was my wife is a spitter, with deadly accuracy.

To that end I've set up an automatic system for firing the weapon. You'll be firing blind, with only a very rudimentary AI to help you aim, but I'm confident you'll find a way to hit... the target.

I can't tell you how much this means.

Your Warden

Members of The Unpwned freed the Warden's wife from her tortured existence.

As the sun set on the first day at the warehouse, the two teams were joined by other survivors from around Johannesburg. Together with the newcomers, the teams investigated a previously inaccessible room in the back of the warehouse. While this room initially appeared to be an unassuming white-collar office, the teams soon discovered that it represented ground zero for the Z-Virus. It originally belonged to the scientist behind the development of the virus, and contained clues to the identity of Patient Zero.

More than just being the perpetrators of the Z-Virus outbreak in Johannesburg, agents of RWM were actively developing new strains of the virus and distributing them across the country and the globe:


From the desk of the Warden...

I've been reaching out to some global peacekeeping organisations. They're all concerned about the situation we're in, and are currently working around the clock to help us in our search for information about RWM and the virus.

Shortly after the government announced a state of emergency, RWM commandeered OR Tambo International Airport. Using advanced artificial intelligence technology and also standard airplane autopilot technology, they have planned out a series of flights from this airport to various destinations around the globe. These flights all carry the Z-Virus. They cannot be allowed to leave the ground.

You'll need to get onto the airport network and work through three separate hosts to find the three cancellation codes necessary for us to ground these flights, and you'll need to do it before they're scheduled for launch tomorrow morning.

You'll be able to access the first of the airport network hosts via remote desktop using the following credentials:


Good luck! And God help us all if you fail...


Your Warden

Members of 0xDEAD managed to prevent a Z-Virus plane to Brazil from taking off, rescuing the Olympics. Unfortunately, they were too late to stop planes to Canada and China from departing, dooming those countries to similar fates to those of South Africa.

On the morning of the day after the survivors arrived at the warehouse, a series of emergency messages arrived from the UN Council of Apocalyptic Happenings, delineating a final series of tasks to be performed in order to stop the spread of the Z-Virus.

First, survivors were tasked with acquiring the vaccine for the Z-Virus:



From: UN Council of Apocalyptic Happenings<apochaps@un.org>

To: RWM Warehouse Survivors<za-warehouse@reinhardtwernermultigroup.com>


We've been watching the events happening in Johannesburg very closely over the past few months. For the sake of global safety, we have avoided responding to these events in undue haste. Our deepest and sincerest apologies go out to those who have lost loved ones in this tragic event.

But now the time for action is at hand. This virus can be stopped, and it is up to your team of resourceful survivors to do it.

Before his disappearance, the researcher who created the zombie virus entrusted a single copy of the formula for the virus's vaccine in the hands of Richard Head, chief security engineer of ACME, an RWM subsidiary which prides itself in providing secure storage solutions for sensitive data. While there is no known cure for the virus, worldwide deployment of the vaccine would effectively contain the damage done, and so it is imperative that this vaccine is recovered.

Unfortunately, the employees of ACME were infected quite early on, with a particular variation of the virus that rendered them incapable of getting up from their desks or doing anything other than checking their email, over and over, slowly rotting over their keyboards. Richard, Lucille and the other employees of ACME are incapable of handing the vaccine over, so you'll need to hack into their secure network and do it yourselves.

Their DNS server - [[DATA EXPUNGED]] is hosted on [[DATA EXPUNGED]], and their internet gateway ([[DATA EXPUNGED]]) is hosted on [[DATA EXPUNGED]]. All you have to do is connect to your switch and set an appropriate IP address. The fate of the world depends on you.


The UN Council of Apocalyptic Happenings

Secondly, the survivors were tasked with investigating a strange DNS entry, thought to be related to the very center of RWM operations:


In the root directory of the Gopher box, we found an interesting DNS entry:


It appears to hosted somewhere in this building. What could it be? 

Finally, and most importantly, survivors were tasked with cracking the protocol used to communicate with RWM's Z-Virus control centre, and to send it a self-destruct message:


From the desk of the Warden...

I've been in touch with those UN people who sent you in to get the vaccine from ACME's corporate network. Good job on that, by the way.

Though we have the vaccine now, the virus is still being spread by rogue elements of RWM. What's worse, they might find a way to mutate it and make it impervious to the vaccine. The Council of Apocalyptic Happenings has done a lot of research and has the co-operation of people from some of RWM's branches elsewhere in the world.

We've now got a connection to the main control centre for the spread of the virus. Even better, RWM informants have apprised us of a remote control service we can use to issue a self-destruct message. Unfortunately, this service operates on a completely custom protocol, apparently described in something called "RFC 1338".

You need to find this "RFC 1338" among the information we've uncovered about RWM so far and use it to build a client we can use to communicate with their custom protocol. Use the following string to initiate the self-destruct sequence and end this once and for all:


The protocol version should be transmitted as ASCII text in the form X.X.X


Your Warden

The ruthlessly pragmatic members of The Unpwned immediately focused on the final challenge. They were able to send the self-destruct message, ending RWM's Z-Virus operations.

This would have been the end, but for the foolhardy actions of 0xDEAD. In investigating the mysterious DNS entry, they inadvertently reactivated OMNI, the evil artificial intelligence responsible for unleashing the Z-Virus on Johannesburg and setting its further spread in motion:

Fortunately for the future of humankind, 0xDEAD soon realised their mistake and were able to shut OMNI down again before it could attempt to cause any further damage.

As no-one could recover the vaccine from the ACME Corp network, virology experts had to work overtime and without assistance to develop both a cure and a vaccine for the virus. They succeeded, but not before the members of The Unpwned succumbed to their strain. Racked with guilt, the Warden put a bullet in the brain of each team member and laid each one to rest in a nearby crematorium. He swore that The Unpwned's heroic actions would not be forgotten.

0xDEAD, having successfully solved the problem they caused, lasted long enough to be rescued and cured of their strain of the Z-Virus.

Johannesburg remains in ruins, and there still exists a very real threat to the populations of Canada and China, but with OMNI disabled and RWM's operations in tatters, there is hope for humanity.

Copyright © 2017 MWR InfoSecurity.