Skip to content

Instantly share code, notes, and snippets.

@saltukalakus

saltukalakus/1Challenge.md

Last active June 2, 2025 20:45
Show Gist options
  • Save saltukalakus/dc02e23eb2cf51c414bc58c8002af32e to your computer and use it in GitHub Desktop.
Save saltukalakus/dc02e23eb2cf51c414bc58c8002af32e to your computer and use it in GitHub Desktop.
Download ZIP
PixelLock Challenge
Raw
1Challenge.md

Hello 🧙‍♂️!

This is an open challenge for those interested in bug bounties. Find a way to decrypt the secret images in this Gist. If you can generate even one of the original images, you win 500 GBP!

Three confidential images are encrypted in two separate attempts.

1- With a base image

PixelLock -e -i ./challenge -o ./challenge/output -b ./tests/images/base_image.png -r 4

2- Without a base image (the generated output is like a white noise image)

PixelLock -e -i ./challenge -o ./challenge/output

The generated six PNG files are uploaded to this Gist. All of them were encrypted using the same password.

The images are encrypted with v2.0.0. The base image can be found in the tests folder. I recommend testing with this tag as I may introduce changes incompatible with this version later on.

You can download this gist from the top right by clicking on the "Download Zip" button or clone it with git. E.g.

git clone https://gist.github.com/saltukalakus/dc02e23eb2cf51c414bc58c8002af32e

Good Luck! You will need it 😃

Rules:

  1. You should not target or attack my computer or any of my online accounts. Accessing the image that way is not eligible for the reward.

  2. The accepted method for the reward is through finding a vulnerability in this project or its dependencies and leveraging it to bypass the security.

  3. If you brute-force the secret and that works, you need to share proof of your brute-force attempt. I suggest not going that route, as it would probably be impractical. However, if you find a way to minimize the possible set of secrets to brute-force, that may be a valid approach.

  4. Open an issue PixelLock repository, upload one of the original images, and ping me @saltukalakus. Please do not disclose how you were able to bypass the encryption. I will reach out to you to understand how you bypassed it.

  5. Only the first hacker who opens an issue with a correct image wins.

  6. The challenge is time-boxed. It will end on July 31, 2025, at 1 PM UTC. I will share the secret in this Gist in the comments section if no one can find it by then.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment