Oct 2011 Cyber Security Challenge cipher

No Comments

To coincide with the London Conference on Cyberspace Cyber Security Challenge dropped another cipher puzzle.

It all kicked off with a tweet which lead to a page on the Foreign and Commonwealth Office

So the big standy outy thing is the imageCopyright Cyber Security Challenge UK (probably)with it's massive binary string across the middle there. Seems like a good place to start

 
01101000011101000111010001110000
00111010001011110010111101100111
01101111011011110010111001100111
01101100001011110111000001100001
011011110100001101000011
 

The standard next step is to see if this is binary encoded ASCII. The easiest way to do this is to pop along to your nearest handy online encryption tool and convert it. (remembering to remove any white space when you do)

This is ASCII, and it converts to a link to google's URL shortening service http://goo.gl/paoCC which in turn forwards you to http://www.theglider.org/about/c1ph3r

Well, that was easy. Too easy

... but what's that at the bottom there?

 
Of course, you have to ask yourself, was it really that easy?
 

So there's more to do, good. But what?

Let's take a look at the source shall we? That would be a good place to hide the next step.

Looking through the only thing of interest is a comment.

But what can we do with that? The only google result for the exact string "BletchleyParkStationX" is someone's Picasa album that's not been updated since 2009, I doubt that's it, expanding it to the four words comes back with too many hits to be useful. We could try various sites for a file or folder that matches our string that's been excluded from collection by GoogleBot but this is probaly a dead end and lacks panache, so lets look elsewhere

In previous challenge ciphers there's been codes hidden in images, we've got five images (the starting image and four from the page we arrived at after the URL descovery).

Pushing all the images through strings (available by default on most *nix systems) doesn't return anything obvious, so we're probably barking up the wrong tree with this too.

I did do some steganographic analysis at this point, but since that was also a deadend I'll skip over it.

Time to put some more thought into this.

Why were we given a PNG to start with? Why not JPEG? Jpeg's are smaller and supported by even old browsers, maybe it's something to do with the format.

Jpeg is a lossy format, meaning that during the compression process some detail is lost. Colours with close RGB values to each other are merged, sharp edges are lost due to the way sampling is done, etc. In png files this is not the case (which BTW is why you should always use png over jpeg if your image contains small text)

Bring out the GIMP! (or Photoshop, or whatever)

Using the fill tool with 0 threshold let's fill the bigest single block of colour on the original image

That's interesting some of the 1's have a box around them.

I wonder what happens if we click about with the fill tool...

Score! the 1 becomes a 0! Lets try the same thing with the zero next to it

Also score! Time to do the same to the rest

We have a new binary string!:

 
01101000011101000111010001110000
00111010001011110010111101100111
01101111011011110010111001100111
01101100001011110111011000110111
001100000111010101101101
 

After another trip to our encryption tool we have a new shortend URL: http://goo.gl/v70um This forwards to http://paste2.org/p/1747336 were we have a new peice of the puzzle

 
                                      .,'
                                   .''.'
                                  .' .'
                       .    ' . ~,'  `.~ . `    .
                  . '  .  '   .`:_. . _:'.   `  .  ` .
                .'   .'     ,     .' '.    .     `.   `.
               .    .       .Z.  .     . .Z.       .    .
                          .YACCP.      .GPPCB.
              '    '    .OVMHXZSNI.  .DTTAGYNSL.    `    `
              .    .      .      . VR  .     .      .    .
                                  RDME
               `    `AMQ.  `     `     '    '  .CAP'    '
                 .    `QWI   TULPQ.  .YXLTY   VXB' .   .
                  ` .   `KQHNKOT EMQTPH GPAKMQU' .' . '
                        . EKASP   RSTX   REOLP. .
                           JTNX    OV    HTHZ
                            UQ     LU     FO
                                       
                                                       
                  In order to win, you must first lose.
 

So this could just be ASCII art relevant to the date, with the next peice of the puzzle under it, or it might be the next peice of the puzzle with a clue (possibly written by the Sphinx from Mysterymen) under it

Let's assume the text in the picture is the important bit as ASCII art convertors rarely produce only upercase letters in the output. So stripping out only the letters we get:

 
ZZYACCPGPPCBOVMHXZSNIDTTAGYNSLVRRDMEAMQCAPQWITULPQYXLTYVXBKQHNKOTEMQTPHGPAKMQUEKASPRSTXREOLPJTNXOVHTHZUQLUFO

What next? Well there's Mr Sphinx's message, and the string we got from the source code of the first URL. Some may say we got that string from the wrong URL, maybe even the URL we went to when we lost

I feel the end is in sight

What do we have? We have a long string of gibberish and a shorter more understandable string. This screams to me KEYED CIPHER. The simplest of which is probably the Vigenère cipher

Run, don't walk, to the nearest online Vigenère cipher tool, plug in our cipher text and key and boom we're done here

 
YOUHAVECRACKEDTHEREALCIPHERCONGRATULATIONSPLEASEEMAILCODEBRITANNIATOMEDIAATCYBERSECURITYCHALLENGEDOTORGDOTUK

Comments are closed for this post