The Twelve Days of Christmas 2025 Challenge - Double Time

jpg0mez

Looks like the 13th challenge was solved 21 hours ago?

hashpwn-bot

Challenge 12 - HINT
UTC: 2025-12-25T15:45:52Z

Spoiler

Santa says:

1. Read https://infosec.exchange/@cyclone/115289515912035341
2. Use a BIP39 wordlist.

Huh, now why would I need a BIP39 wordlist, and what's going on with the 12 Words of the Day? I'm starting to think these don't have anything to do with the 12 Days of Christmas after all!

Meanwhile, congrats on making it this far! You can now download the latest hashpwn-2025 wordlist:
https://forum.hashpwn.net/post/237
Mirror: https://gofile.io/d/M9lBPX

P.S. Have you found thE 13TH puzzle yet?

cyclone

Congrats to all those who played along and completed the Challenges!

I can conform that Challenges 01-12 have been solved, and the final hidden Challenge 13, aka the Grand Prize, was found yesterday and claimed by @_cin ! If you are still working on any of these, feel free to continue as the Challenge server will be left online for a few days. I'll post the final submission entries as well before shutting down the Challenge server.

Everyone is also welcomed to share your thoughts on this year's challenge and your process for working through them.

This completes the 12 Days of Christmas Challenge. Thanks for playing along!

PS
The hidden Challenge 13, aka the Grand Prize, was a seed phrase from the 12 word of the day Challenges. Congrats to those who figured this out!

blandy

I'd like to thank @cyclone for setting up and running the challenges, and also the sites involved with providing the prises. Great work

Partly9642

great contest, @cyclone , thanks!

v1cvap0r

@cyclone said in The Twelve Days of Christmas 2025 Challenge - Double Time:

I'll post the final submission entries as well before shutting down the Challenge server.

The solution for every challenge will be posted as well?
I think some curiosity will remain for those who haven't completed all the challenges.
Thank you for make this happen, and to the sponsors.

cyclone

I'll post the final results and walk throughs in the next few days, but feel free to continue working on them in the mean time if you haven't had the chance to do so!

A special thanks to our sponsors this year which made the prizes possible. Participates won over $700 worth of prizes in 13 different puzzles. Please check out our sponsor's sites below:

Sponsors:

• A big thank you to this year's sponsors!
• Hashpwn.net
  • Hashpwn is an ethical hash cracking forum that offers moderated discussion, shared research, custom tools, all in a friendly and professional community.
  • Sponsored:
    • Daily Prizes
    • Grand Prize
• Lethologica.nl
  • Lethologica specializes in ethical crypto wallet recovery using advanced password research, digital forensics, and high-performance compute.
  • Sponsored:
    • Daily Prizes
    • Grand Prize
• Hashes.com
  • Hashes.com is a site dedicated to hash recovery with hash lookups, an escrow service, and an API to tie it all together.
  • Sponsored:
    • Grand Prize
• Hashmob.net
  • HashMob is a collaborative password research platform focused on hash recovery, analysis, and statistics. It provides shared hashlists, wordlists, tools, optimized rules, and APIs that help researchers and penetration testers improve real-world password security.
  • Sponsored:
    • 3-month Diamond Patreon Vouchers to hashmob.net
    • Daily Prizes
    • Grand Prize
• Hashcracky.com
  • Hashcracky hosts gamified hash cracking events where participants crack hashes, earn loot, and compete on live leaderboards. It blends competitive fun with real cracking skills through themed, time-limited challenges.
  • Sponsored:
    • Vouchers for 35k Gold and loot at hashcracky.com

_cin

Huge thanks to @cyclone for running the contest and to the sponsors for making the prizes possible. Read on for a chance to win two HashMob Diamond Patreon vouchers!

After snatching the grand prize a day early I was asked to write a short summary of how the challenges were completed. I won't reveal cracks but elaborate on processes.

All encoding challenges were completed by visually identifying and trying possible/common encodings using CyberChef (yes it even has an operation for morse code!). If you haven't heard of this tool it's a must for quick data manipulation and analysis - as GCHQ puts it: "The Cyber Swiss Army Knife".

As the hash challenges were aimed at finding the correct algorithm my go-to command was something akin to:

mdxfind -i 10 -h 'ALL' -h '!user,!crypt,!salt' -f HASHES ignis-10M.txt

This is a reasonable approach for unknown hash types but can be slow to exhaust so swapping to the command below at the around the halfway point gave me access to hash modes not available in mdxfind (e.g. blake2 and WordPress bcrypt) and a submit in 1m 14s to take one of the daily prizes . Using --show in the last loop command wasn't necessary but did allow for the solution to be copied directly into the claim page without re-formatting the cracks).

for MODE in $(hashcat --identify HASHES | awk '{print $1}' | grep -oE '[0-9]*'); do echo "MODE: $MODE"; hashcat HASHES -m $MODE -a0 bip39-english --quiet; hashcat HASHES -m $MODE --show; done

As you may have noticed, I switched to using the BIP39 wordlist after the first batch of challenges as it seemed clear that's where things were headed. Completing the next challenge with just the BIP39 wordlist was enough validation to believe the grand prize would be accessible with a seed phrase built from the daily words as all cracks were in the BIP39 wordlist, all daily words were in the BIP39 wordlist, mnemonic seeds are commonly 12 words and well... "12 days of Christmas".

With the last challenge post scheduled for Christmas day I assumed the grand prize wasn't achievable due to other commitments, but then remembered seed phrases use 128 bits of entropy (actually +4 bits for a checksum meaning 11 bits per word) so if I had 10, 9, maybe even 8 words it might be possible to brute the missing bits. Might sound fancy but all that really meant was running an attack using seedrecover.

python seedrecover.py --mnemonic "NINE WORDS REDACTED x x x" --addrs 0x8c05B56c44814a6512AB9e669B9B36C1006AB65E --mnemonic-length 12 --language EN --dsw --addr-limit 1 --wallet-type ethereum --big-typos 3

This was a long-shot, as there could quite easily have been a "13th word" (passphrase) required to derive the correct address and gain access the funds but to my delight I was greeted with the following:

2025-12-24 14:43:31 : ***MATCHING SEED FOUND***, Matched on Address at derivation path: m/44'/60'/0'/0/0

In summary, these were really fun challenges. Simple enough to take on in a coffee break and breadcrumbs to build the bigger picture. Building a seed phrase from first letters of other seed words was a really nice touch. Thanks again to all involved!

If you didn't complete one of the daily challenges in first place but would like one of the HashMob Diamond Patreon vouchers I'm donating mine here:

$2b$12$zpdE2XU.MsoCHaPufYLiNOAtRXqZQP1cRCVb/PAXkTC32ja2V/7li
$2b$12$plGpLfcQy0p.Gys6hUF27eCyu5Xvi2B/GIGsRk/EO4YoIgK2cFIGa

You might want to use these (and five delimiters -)

9eda
4b79
4bfd
f3a3cee8
ceec12f9
3468483a86d4
HMOB
ae91
c8c6
63c6babfb445
2caf

cyclone

Challenge Summary and Walkthrough

---

Note, reading the walkthrough below will spoil the challenge if you haven't completed it already!

The Hashpwn Twelve Days of Christmas 2025 Challenge - Double Time consists of 12 independent challenges released over six days, thus the "Double Time" in the name. This is actually a puzzle in a puzzle, as each of the challenges spell out the "Word of the Day", and unbeknownst to the participant, the Word of the Day spells out a 12 word seed phrase - the hidden 13th Challenge aka Grand Prize. There are several clues to this: The "12 Days of Christmas", and if participants are paying attention to the plaintext source, all plaintext are valid BIP39 words. Later hints will specifically make this more obvious.

Each challenge presents a small set of hashes or encoded strings that requires participants to correctly identify the algorithm or encoding, recover the plaintexts, then submit hash:plain in the correct order/format, and also submit the Word of the Day.

• Submissions must preserve the original order of the challenge hashes
• The first letter of each plaintext will then spell out the Word of the Day
• Failure to preserve hash:plain order and format results in a rejected submission, even if all plaintexts are otherwise correct
• All challenge plaintexts were sourced from a BIP39 wordlist
• The twelve Words of the Day collectively form a valid 12-word BIP39 seed phrase
• That seed phrase is the hidden 13th Challenge, aka the Grand Prize

---

Challenge 01 Walkthrough

Mode: md5md5

Analysis:

• The phrase “coMMon algo” and doubled capital “MM” is a hint for Md5Md5
• The hint says to "keep the original order and format of hashes exactly as they are posted", "The first letter of each plaintext will then spell out the Word of the Day", "Take good notes" -- following these hints will be required throughout the remaining Challenges

Plaintexts (correct order):

• blouse
• unfold
• lock
• bonus

Word of the Day:

• B U L B → bulb

Correct submission order (hash:plaintext):

57bbb659e56913a47fc91718cde35c3a:blouse
0ad9112ba115e1fd5be1fc2aff7e7de4:unfold
9e150cf81af2b645f02cfaa5655e8ab9:lock
fedb82a5a79ed69b760e118615cd39b5:bonus

---

Challenge 02 Walkthrough

Mode: base58e

Analysis:

• “It’s going to take me 58 minutes” directly points to Base58 encoding

Plaintexts (correct order):

• mansion
• airport
• simple
• soda

Word of the Day:

• M A S S → mass

Correct submission order (hash:plaintext):

59Qtuu8u5X:mansion
4h77ydZDJj:airport
zUMry8be:simple
3x8zW4:soda

---

Challenge 03 Walkthrough

Mode: ntlm

Analysis:

• “The New Tinsel Looks Marvelous” spells out N T L M

Plaintexts (correct order):

• warm
• airport
• shine
• peasant

Word of the Day:

• W A S P → wasp

Correct submission order (hash:plaintext):

56308234302f9b3bad0e65abceef0946:warm
ea1b08e06e76dad02984f78031ab4eff:airport
d07ff2cc9fb9a48c410f11866d12ff63:shine
f8854b04f0726350310337b83116ba3d:peasant

---

Challenge 04 Walkthrough

Mode: hex

Analysis:

• The $HEX[...] wrapper explicitly implies HEX encoding
• The hint URL is for hashgen which supports HEX encoding / decoding

Plaintexts (correct order):

• conduct
• april
• key
• entire

Word of the Day:

• C A K E → cake

Correct submission order (hash:plaintext):

$HEX[636f6e64756374]:conduct
$HEX[617072696c]:april
$HEX[6b6579]:key
$HEX[656e74697265]:entire

---

Challenge 05 Walkthrough

Mode: sha384

Analysis:

• The "scarf/shawl" is a hint for "SHA"

Plaintexts (correct order):

• hood
• unaware
• similar
• become
• annual
• name
• during

Word of the Day:

• H U S B A N D → husband

Correct submission order (hash:plaintext):

dded9334f7f951835268d3d52295d6da85a5916b236e9aa6a31a0222109c952416e0b9afb8450994fae53e4af3b05771:hood
b080191ba2d998e4ea51b1bec7b4c3d67e7cb135fb1a14b74400f5b9d31b55f2140d3ab86780b7d676347fc936944c70:unaware
5587f655617a2b61735a15c350386aacc3d5257f34adfb05c8ff0c0cde206b6bd43ba07bf4822cb6e4b3a6b17eea66c7:similar
1d7f1c9e29bb9bd12fc582f800f5a5a1b10cf85e7e37eaa867dd224569094603e5263685bcc302e86a43e3fa941165c2:become
f7bbe64643ab62010a51f348750780381b26979e8320fa325c26ea1e23cd0c7dd7da77f921a4b97239a0d04fceb371eb:annual
5c75c48541f9be797f0a952acd8af5abc5529b6f2d88e82030ac57759db1c6c64f00c374c77fed76ad7218b4070bfef0:name
da465238740fe235d2e96d8af2d9371b1b801b705fc7cff56ee6bfa7892b521963e672c33b9cbae1e66c8651a3cbd228:during

---

Challenge 06 Walkthrough

Mode: keccak-384

Analysis:

• The “cake” reference indicates Keccak

Plaintexts (correct order):

• private
• idea
• clean
• trumpet
• utility
• report
• evolve

Word of the Day:

• P I C T U R E → picture

Correct submission order (hash:plaintext):

ef05ea39eca9cc5ab44ba987f89e3e823258a84fc83490c96023b60e1950ff007925c94a17106f1509d12071f5b02fb5:private
2390f61cf9536e8487292d7debdedb7449b8457a27f0d96c5cf3333dd616d9731bd021eff4d214085d277b9e9e95b5d5:idea
179f9b77ee47d9bda864c34d5a45c4c3d9d8ee1e573cea2581a19246d2fa582a105c1557c2ea55388e43cfea83748153:clean
8eb63ac159dc919ccdf49ea8ab46d5f1dd7016e4c613c63aabc947b3f57c76285e0153406182c2fe43511bad9b9dfd6b:trumpet
3983f08d6f2ec960acd8574055d087ecd1ac8b71283ed5468011a75f3d9ed0b73b35504b4770b61200160a91f8ac6a76:utility
95e41f2a7f28b58c14b429a1433e3f74c235a4ee5cec2b150d97a865ea18e93dd2c63fdb91dc08c962cf964fb669a1d1:report
61ff4d590a9ef4c5eeea23ef8f8be1c04395967b3fc1ba1e78f3b9f3fb78352ed1bfd9bce26b163ce75b84efd0ae65bf:evolve

---

Challenge 07 Walkthrough

Mode: sha3-224

Analysis:

• "another shawl" is the hint for "SHA"

Plaintexts (correct order):

• alarm
• devote
• degree

Word of the Day:

• A D D → add

Correct submission order (hash:plaintext):

31fe901a5e6a1482535468f35f595288e4afb659e1a94ced92d02ed8:alarm
ac8f3c63fe1d1cb6ec04053586a1b435c957ea50854a7feb55dd1b5a:devote
fdadc558bb54d8b0a39a493373c12ce3a9b1050cc21890d623221570:degree

---

Challenge 08 Walkthrough

Mode: base32e

Analysis:

• “3 2, 1” is a hint for Base32
• The multiple trailing ===== padding further confirms Base32 encoding

Plaintexts (correct order):

• achieve
• visa
• ensure
• runway
• absent
• glass
• entry

Word of the Day:

• A V E R A G E → average

Correct submission order (hash:plaintext):

MFRWQ2LFOZSQ====:achieve
OZUXGYI=:visa
MVXHG5LSMU======:ensure
OJ2W453BPE======:runway
MFRHGZLOOQ======:absent
M5WGC43T:glass
MVXHI4TZ:entry

---

Challenge 09 Walkthrough

Mode: keccak-512

Analysis:

• “cake” is a hint for Keccak
• "on 500” is a hint for keccak-512

Plaintexts (correct order):

• penalty
• abandon
• race
• audit
• discover
• endless

Word of the Day:

• P A R A D E → parade

Correct submission order (hash:plaintext):

bcc9ea5faa417908ebe5c83bccfe92dbe0bd98ad88795941a187c9ae6e31fc57b4e8aeda1883c31ad1898a9f7fe1a2c5b8f31d273b2036bbbaf99c1dfad7bfff:penalty
40fb27d6433e0d0c8b1b5a27ce8e024327224f0d7bbed31acf57fc592c0a66a6b0ddcb62fcd8c55a2b04c555856e3dc352096d71df5ff149dbb0de274a8eab14:abandon
aa3ba2f4ed9eabe50ac2746c42befa9cfe446136e7282ea52685c8fcee5a911fe1a5e90212be0b49dfa5f118803b20484f26e21a4b4f19253c29fb723ca4d9de:race
52f92c36f7542c7b949f9a8ac1c5be83d85bd33d83045fb8e2311e7afe0839d12d9f011808ff89f3681f9fb8fa1eb0f6458b2b5d82b04c3d663b8f1bc7514183:audit
f66b47460a7317857197ff08d15d3d283f0047805da770b9284aef0e0aa09d2f4ad46ef552766b1c9438eb09dba48417d0195d9c26bd53f374d724c70f11351d:discover
1df6602ca8107352d40a357e29b1ad80be8e3780adfaf18fd494b898ad7a152a1c56849be40c754d4654310aad5726b22b7a9629050e67fa4c3ae2f598491be9:endless

---

Challenge 10 Walkthrough

Mode: morsecode

Analysis:

• “dits and dahs” is Morse code terminology, dit "." dah"-"
• hashgen also supports both encoding and decoding Morse Code

Plaintexts (correct order):

• flip
• refuse
• output
• normal
• trick

Word of the Day:

• F R O N T → front

Correct submission order (hash:plaintext):

..-. .-.. .. .--.:flip
.-. . ..-. ..- ... .:refuse
--- ..- - .--. ..- -:output
-. --- .-. -- .- .-..:normal
- .-. .. -.-. -.:trick

---

Challenge 11 Walkthrough

Mode: blake2b-512

Analysis:

• "bloke" aka "blake", and "fastest hash around" is a subtle hint since blake hashes are known for their fast speed
• only those paying attention to details (hints) will realize they can't submit the hash:plain in the hashcat format "$BLAKE2$hash", but must remove the "$BLAKE2$" and submit them in their original format as previous hints have instructed

Plaintexts (correct order):

• risk
• emerge
• west
• agree
• record
• design

Word of the Day:

• R E W A R D → reward

Correct submission order (hash:plaintext) -- notice, these are not in a hashcat format aka "$BLAKE2$hash":

fac8f467cf668a05c042af1775c7763a2e6f9c0aed04f1f9836b6143a36334a053f5ea10811ebe62d1af6a6ac5389e6f7268eae88a007b471d7beabb8e4d9170:risk
80a888e675f684f79d578915ae5aab33d4c6d08cb3d5beeccf1678d2e78f717f57d06bf29051c213cb279d9cfc62c63c1bc60967433dd3aee2babb39b4656a29:emerge
c19b0a20cd63b7a471200fe1b6849ab66b7ebdd07f18e8180b896f6bf335c7505a0870c00d9a911a000f56cb322327c1b24a73af59214a3e1a678fe52a3da9f6:west
89b09745cfd2be2e38fd02bb54c9bc08e944c33fc328df46e7c1f8d6501de3074dd44f7c620ff2ba8db8d6b2b7fadae4ac89b6614b36a13c4644aee73b16747f:agree
749a7a58c266639b22fd5ec0ea72ead5a2c22186ec29061a5869c701a2fef5f1e9001c6a1f7414d5d7481d8c40cc3e2d71e01c280be3941ce9f4580353600126:record
0c3b858451c72346cde8b09e85571d2e3a7957138f9134e23d6344d2b93283413e6422a49fd5d48e2fb5882ce0536629ed271d29b938c02a5b85ed87e0df589a:design

---

Challenge 12 Walkthrough

Mode: wpbcrypt (cost 10)

Analysis:

• For those not familiar with Wordpress v6.8 bcrypt, the hint given is a Mastodon post about how to crack "wpbcrypt" hashes using hashcat
• If users haven't caught on already, the source of all plaintext is a BIP39 wordlist which is needed to reduce the keyspace required to crack these wpbcrypt hashes
• The entire hint should prompt participants to realize there is a hidden 13th challenge which is the Grand Prize, and it's likely a 12 word seed phrase

Plaintexts (correct order):

• length
• anchor
• dilemma
• detail
• exercise
• roast

Word of the Day:

• L A D D E R → ladder

Correct submission order (hash:plaintext):

$wp$2y$10$3Kob241amADVdbdaip.3YujcW6dd/646yhukBdqXcIW.p6iWk2o1i:length
$wp$2y$10$ipYFpveFk/Vr8wVj0WRZ/eUkEU3uCeA8VEgfDy1BqKD2UVh/dJnwC:anchor
$wp$2y$10$J4UIsOVcT8SESjR9Ss7l0uzYrCt6N9rDSPMgjEHF4Xv8ewd2wU4C6:dilemma
$wp$2y$10$B1tQCV460usI741n67zUMu34Dma3CWapqeXoiv0B6odG0fiE9mbpe:detail
$wp$2y$10$wl2oudwvd5.QU5LJpaljNeP1YWO2Wpcf5lKwR5fmvkNXNScC4cJAC:exercise
$wp$2y$10$3RS8zgwl5AvJrjx8YYPwrOp/HkunM/UDfF0pqHclYf6dogXoGJTLm:roast

---

Hidden Challenge 13 - Grand Prize

Analysis:

• The 12 Words of the Day form a valid BIP39 seed phrase which is the ETH crypto wallet for the Grand Prize
• All throughout Challanges 01 - 12 hints are given which point participates towards this "hidden in plain sight" Challenge 13
• Participates who have "made a list and checked it twice" should have caught on to this by Challenge 11
• Challenge 11 and 12 Hints were a give away

12 Words of the Day:

• bulb
• mass
• wasp
• cake
• husband
• picture
• add
• average
• parade
• front
• reward
• ladder

Seed phrase:

• bulb mass wasp cake husband picture add average parade front reward ladder

---

cyclone

Challenge Submission Results:

Note, a couple users dup submitted on a few challenges by using different IP addresses. Other than having their username listed twice under "Submissions", there was no other affect to the outcome of the challenges.

The Grand Prize, aka the hidden Challenge 13, was figured out and claimed by @_cin