To have a little fun I decided to hide a promo code in a hard to find
place and create a capture the flag type challenge to find it.
Dig Dug Clue - The hint showed a picture of classic game Dig Dug. The intention was to make users think how about the Linux DNS lookup utility dig
No Browser Hint - The challenge tweet stated that the promo code was hidden at http://nezumiapp.com, which does not neccessarily mean the website. The first thing many people did was start to search the HTML/CSS/JS for a promo code. This would have been way too easy. This hint was to make people realize they were looking in the wrong spot.
The promo code was hidden in a DNS TXT record at http://nezumiapp.com. It could have been found using the dig utility.
➜ dig -t TXT nezumiapp.com
; <<>> DiG 9.7.3-P3 <<>> -t TXT nezumiapp.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57476
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;nezumiapp.com. IN TXT
;; ANSWER SECTION:
nezumiapp.com. 3600 IN TXT "http://d.pr/3Kmv" <-- bingo!
;; Query time: 94 msec
;; SERVER: 10.0.1.1#53(10.0.1.1)
;; WHEN: Thu Mar 8 15:45:30 2012
;; MSG SIZE rcvd: 60
The URL in the TXT records launched the App Store allowing the user to redeem the promo code.
Congratulations to @ambethia for being the first to solve the challenge, more to come.
/flex