FormAPI Blog

BTC 2018 Solutions - Stage 3: T-Rex Runner

This blog post contains the solution for Stage 3 of the 2018 Bitcoin Programming Challenge.

After you solved the Cubes challenge (stage 2), you would visit this URL:

https://btc2018.formapi.io/d63c04bfa19fa546a175ca90f5b9a4bc718f6233a574c6058d57e80b5de12cf5/

You would see a page that looked like this:

T-Rex Runner Stage



My original idea was to modify the first level of Super Mario Bros, or create a simple platform game where the prize was a Bitcoin private key. (Not a programming challenge, but I thought it was a fun idea.) I was thinking that you might hit the question mark boxes to unlock some bytes of the private key.

Super Mario Bros screenshot
Screenshot of Nintendo’s Super Mario Bros

Then I remembered that Google Chrome shows a little t-rex game when you’re offline.

The T-Rex runner code is open source, and someone had also posted it on GitHub. This was much easier than modifying Super Mario Bros or creating my own game. Also it’s very sneaky and I thought it would be funny to set up a fake error page.

To figure this out, you might have started by trying a few other URLs on the same subdomain. Or you might try to download the page with curl on the command line, or maybe you’d try a different browser. Eventually you would realize that it was a fake error page, and that you were supposed to do something with it. If you didn’t know about the T-Rex game, then hopefully you would try pressing some random keys. The game would start if you pressed the space bar or the up arrow.

The Bitcoin private key is gradually revealed as you play the game, and it takes about 2 minutes to finish:

Once you finish the game, you have the complete private key, and you are given some links for stage 4:

T-Rex Runner Completed



The source code for the modified T-Rex runner game has been posted on GitHub.

I used javascript-obfuscator to obfuscate the code and make it difficult to reverse engineer the private key. (Here’s the webpack config I used.) I encrypted each character of the private key with AES and hid them in a random place. I also encrypted the links for stage 4.

I just wanted people to play the game instead of looking through the source code, but I’d be very impressed if someone was able to reverse engineer these encrypted strings.


Solutions for the 2018 Bitcoin Programming Challenge: