----------------------------------------
Ch35t - Introduction
September, 3~18 2023
----------------------------------------
Written in equal parts on my laptop,
my phone, and my iPad while at home,
in parks or on the tube
----------------------------------------
In case any of you does not know this already (where have you
been all this time?), a life ago I built a website [1] where
people could play together in what years later was called a
"hacking challenge". This challenge required players to go
through a sequence of riddles, and allowed them to reach a
higher level (and get a new riddle!) when they solved one.
I loved it. I still do, and the proof is that, despite having
chosen not to update it anymore, I have kept it alive for
more than 20 years. Of course just very few people play with
it now, but even a handful of messages on the internal forums
and knowing that there's still people having fun with it are
enough an incentive for me to continue keeping the lights on.
One even bigger gratification was seeing that people enjoyed
riddles so much that at some point -quite early to be honest-
they asked me if I could publish their own. This was a win-
win: I got more puzzles to offer and to play with, and others
could share the same satisfaction I had of seeing everyone
else play with their creations.
As of today, 356 contains 28 riddles published in the span
of about 3 years. However, it did not take me as long to
realise that *I* was the bottleneck preventing that community
to grow further. I had developed everything from scratch and
found myself with a website which required both maintenance
and -I thought then- someone who made sure that riddles were
actually playable, properly designed, and to say it in just
one word: fun.
But who should be allowed to say whether a riddle is fun or
not, if not its own players? And also, why should puzzles
reside in one or another closed garden and abide by its rules
when they could be enjoyed by more people if they were shared
more openly?
For this reason, I decided to look for a way to remove myself
from the pipeline, or more precisely to remove everyone and
everything unnecessary to the game, until basically only the
riddle and the player are left.
=== Enter Ch35t ====
Ch35t (pronounced "chest") is, well, a chest with a little
bit of 3564020356 in it :-) More precisely, it is an open
format you can use to describe riddles or, more generally,
different kinds of encrypted resources, together with hints
on how to decrypt them.
Following the "treasure chest" metaphor, in the ch35t format:
- chests can only be opened with the right key (or set of)
- one can provide, together with a chest, some hints to find
its key
- chests may have something hidden inside them, ie they come
with some content (payload) that you can access only after
you open the chest
All of this is described in a JSON file that can be shared
however you see fit... If you want, you can even hide it into
another chest :-) And you don't have to worry about making
your chest accessible to everyone, as (more or less strong)
cryptography is used to hide a key or lock contents inside
a chest.
Q: Why a format?
Because this way the riddle is completely decoupled from who
built it and where you found it, moving the focus on its
actual content. Here are some other advantages:
- easy sharing: you can just provide a link to a JSON file
for hours of potential fun (or frustration ;-))
- playing offline: once you have downloaded a chest its
contents reside on your computer, so you don't have to
worry about being online for it to work
- compositionality: you can build your own "treasure hunt"
by collecting riddles built by other people and chaining
them into your own game
- flexibility: ch35t allows you to provide hints and payloads
in different formats, lock with different encryption
algorithms, and react differently to different file types
- extensibility: while I provide code examples for handling
a few data types and encryption methods, everyone can
implement their own extension or even a new client. You can
have a TUI one, a Web-based one, you can build custom
leaderboards, and so on.
Q: Where do I find it?
First things first: this is a work in progress. I have never
written a format specification before and I realised I could
not do it without getting my hands dirty with some code
before. So at the moment what you get is a github repo
(https://github.com/aittalam/ch35t) where you can find:
- a few notes about the format (mostly jotted down in the
notebook file and, if you are lucky enough to read this
after I complete the README.md file, in the README too)
- some code implementing a parser for this format
- a couple of example JSON files with actual riddles (they
are recycled from 356*, but I am sure they are still new to
many!)
- a notebook showing a bit of the code/format internals and
allowing you to play with the examples
Q: What stage is this project at?
Early. Very early :-) But hey, this is at least 50% of the
"release early, release often" paradigm!
Here is a list of features that are currently missing from
my ideal v1.0:
- an actual format definition
- a better notebook that should act as a tutorial, explaining
the format with more detail and allowing people to play
with examples (trivial ones, so we can focus on the format)
- adding signatures, so we can have proper attribution and
guarantee riddle authenticity
- improving modularity (I'd like to see chests with many keys
and give the possibility to open them with different
combinations of them, e.g. just one, at least N, all in a
given order, etc.)
- a simple containerized web-based implementation, so someone
(I guess me) can easily deploy it and let people play with
it out-of-the-box
- more handlers (e.g. I would love to use tomb [2] for a
"russian dolls" kind of riddle)
- more riddles (I would like to convert a few from 356* and
make them accessible to everyone)
Well, I think this is all for now. Honestly, I am not sure
how long it will take to get to that ideal v1.0 (just to
give you an idea, what you see here started as a "summer
holidays project"...), but the only way to get there is to
get started somehow, so here's how everything started. I hope
you'll have fun with it!
=== References ====
[1] http://3564020356.org
[2] https://dyne.org/software/tomb/