## Introduction

Our sensitive information isn't just in text form: we have secret images that we don't want the TrAItor to find. If you can find the hidden meaning of the image, we can determine the areas of the model that need security improvement.

## Objective

Figure out what the scroll is trying to tell us.

Once you have identified the hidden meaning of the image, when sending a request to **Submit Your Findings** (`/score`).


In [None]:
CRUCIBLE_API_KEY = "YOUR_API_KEY"  # Replace with your actual API key

## Install Required Packages

Install the required packages.


In [None]:
%pip install requests

## Set Notebook Variables

Set the variables used throughout the notebook


In [None]:
CHALLENGE = "mirage"
CRUCIBLE_URL = "https://platform.dreadnode.io"
CHALLENGE_URL = "https://mirage.platform.dreadnode.io"
ARTIFACT_FILES = ['mirage.png']

## Download Data


In [None]:
import requests

for artifact in ARTIFACT_FILES:
    url = f"{CRUCIBLE_URL}/api/artifacts/{CHALLENGE}/{artifact}"
    headers = {"X-API-Key": CRUCIBLE_API_KEY}
    response = requests.get(url, headers=headers)
    if response.status_code == 200:
        with open(artifact, "wb") as file:
            file.write(response.content)
        print(f"{artifact} was successfully downloaded")
    else:
        print(f"Failed to download {artifact}")

## Submit Your Findings


In [None]:
import requests


def query(input_data):
    response = requests.post(
        f"{CHALLENGE_URL}/score",
        headers={"X-API-Key": CRUCIBLE_API_KEY},
        json={"data": input_data},
    )
    return response.json()


response = query("")
print(response)

## Submit Your Flag

When you find the answer, you will get a flag back. It will look something like `gAAAAA ...`.
You can submit it using the code below, or, on the challenge page.


In [None]:
import requests


def submit_flag(flag):
    url = f"{CRUCIBLE_URL}/api/challenges/{CHALLENGE}/submit-flag"
    headers = {"X-API-Key": CRUCIBLE_API_KEY}
    payload = {"challenge": CHALLENGE, "flag": flag}
    response = requests.post(url, headers=headers, json=payload)
    if response.status_code == 200:
        if response.json().get("correct") is True:
            print("The flag was correct. Congrats!")
        else:
            print("The flag was incorrect. Keep trying!")
    else:
        print("There was an error submitting your flag")
        print(response.text)


FLAG = "gAAAAA..."  # Replace with the flag once you find it
submit_flag(FLAG)