2014-05-18

CarolinaCon X Crypto Challenge Writeup

This year, I offered to run the crypto challenge at CarolinaCon X. I was offered the advice that very complex challenges were often met with frustration during the conference and it was requested that I make something that didn't require advanced mathematical degrees or a history of working with the NSA to solve ;)

This year, I offered to run the crypto challenge at CarolinaCon X. I was offered the advice that very complex challenges were often met with frustration during the conference and it was requested that I make something that didn't require advanced mathematical degrees or a history of working with the NSA to solve ;)

With that in mind, Jaku and Ryan Linn were both very generous and offered to help me. 

The below post is a writeup of the challenge, how it went, a solution, and some lessons learned. Don't scroll past the writeup header if you don't want spoilers.


Stats, winners, and acknowledgements:

So, first, the challenge had 5 phases. It was designed to take about 6 hours to complete, understanding that the time would vary significantly across different experience levels and with hints. I had backup ciphers in case Heidi blew through the challenge in an hour and completely surprised me. But, I think she waited until Saturday night to even look at it. ;) Clearly, we underestimated parts of this, and overestimated others. More about that during lessons learned.

Here are some participation stats as I know them. 

I provided 150 copies of the original challenge sheets on Friday at the beginning of the conference. Sheets were at the front of the main speaking room, isolated on a little table by itself. There was no information in the conference program related to the challenge. We announced it during opening remarks, and about 75 copies of the initial puzzle sheet were taken up.

There was also a twitter account listed on the material announcing it as the crypto challenge for CarolinaCon (@2drunk2crypto) who obtained 15 followers, one troll, and two bots (18 total). 

I received three in-person requests for assistance, and 28 emails for assistance. I received.

From phase 1 initiation (beginning of con) to first known solution: 4 hours
From phase 2 to phase 3: just under 24 hours (clearly this was the hardest part, even if you account for sleep)
From phase 3 to Phase 4: just under one hour (clearly this was the easy part)
From phase 4 to Phase 5: just shy of 3.5 hours
From phase 5 to Win: 10 minutes

The winner was, as usual, Heidi's Hooligans, with 7 members. The prize was claimed at 12:58 am on Sunday (the last day of the conference).

The runner up who was not part of the Hooligans: "Randy C" (happy to change/clarify attribution - email me)

A special shout out to Alan Fay, Michael Gentry, the 49th security devision, Meg and Dave who also reached out to me and played along!

And another thanks to Jaku and Ryan Linn who were the inspiration and technical horsepower (and hosting) behind this. Much worship to your generosity.


If I didn't mention your name, it's because you asked me not to, I didn't know it, or because I am oblivious. Email me and I'm happy to add/correct/redact.

Timeline of events:
First tweet: 11:22 am, Thursday one week before the conference.
First hint: 5:11pm, Friday, day of the conference.
Stage 1: 6:43pm, Friday.
Stage 2 unlocked: 9:30pm, Friday
First request for additional hints: 12:23 pm, Saturday
Stage 2 published: 12:30pm, Saturday
Second hint: 3:24pm, Saturday
Third hint: 7:56pm, Saturday
Fourth hint: 8:36pm, Saturday
Stage 3 unlocked: 8:49pm, Saturday
Stage 4 unlocked: 9:41pm, Saturday
Fifth hint: 11:41pm, Saturday
Sixth and seventh hint: 12:21am and 12:43am, Sunday
Phase 5 unlocked: 12:52 am, Sunday
First winner: 12:58am, Sunday

Hints started getting leaky around 8pm because people hadn't made it to stage 3 in 24 hours, and I knew that if there wasn't a solution by about midnight, people were probably not going to get it at all. Many people traveled in and planned to leave during Sunday, others would be hungover, still more would give up and likely not continue in the last day of the conference. So, I admit to pressing the issue. But it was really and truly neck and neck between the Hooligans, Randy, and the 49th up to that point.

Lessons learned: 

1) What we thought would be a deterrent and maybe a pain in the butt was the initial puzzle. We thought people would feel like cutting out the puzzle pieces would be just too much work and eh... screw it. So, putting out the completed puzzle on the second day was our way to give people who were dedicated a head start while not alienating the people who just wanted to do the darn crypto.

Surprisingly, I had a lot of people tell me that this was probably their favorite part. Whether they were only being polite or not, people expressed a desire to feel useful and accomplish something while confessing they felt inadequate to the task of crypto. This was educational.

Lesson learned: People think they are "too dumb" for crypto and enjoy alternative ways to contribute to puzzle challenges.

2) Phase 2 was probably not designed the best way. See walkthrough for spoilery details.

Lesson learned: logic before creativity when solving crypto

3) Many people were unaware of the challenge until the Phase 2 maps went on the conference doors midday on Saturday. Some expressed chagrin that they had not known about this in order to start earlier (as it compressed the time to 12 hours for the challenge)

Lesson learned: integrate challenge information into conference materials distributed before or during the conference, either as part of swag or in the program in order to make sure people know what's up.

4) Some people expressed an interest to play online. While this means that conference goers compete against non-attendees, the desire should be considered when generating challenges. The advantage of this is also that cost of production is decreased (printouts are pricey and don't always work), and people can more easily play in their rooms, at dinner, whatever. However, a note: the challenge is an incentive for people to come to the conference, so organizers should weigh that carefully.

Lesson learned: Provide online challenge components/alternatives/analogs.

5) At the very beginning, people suggested Heidi was going to win, because "she always does." This is partly because many people are too daunted to try it out, but partly because Heidi is semi-pro at this and they all get together to share information and attack as a group. 

Lessons learned: A harder puzzle is not necessarily a better puzzle; groups enable people with less confidence and experience to contribute; people want to contribute within their comfort zones; Heidi is a master at social engineering (ok, j/k on that last part, but great job, guys!)

--------------------------------

The puzzle writeup: 






(Don't scroll down more if you don't want spoilers)

Phase 1: 
Jaku, Ryan, and I brainstormed about how to do this. I'm more arty than mathy, so I wanted a graphic that would represent North Carolina (or Carolinacon itself) to go in the puzzle somewhere. After considering that some families might want to do this together, I tried to keep the content mostly PG, and went for an NC theme.


The original puzzle sheet looked like this, and was printed on 11x14 paper:

The original proof was legible, but somewhere during the print run, things apparently got lowered in quality. Several people did successfully cut out and assemble the pieces into the puzzle, and those who did either tracked me down in person or emailed me to get the digital copy of the completed puzzle (which was more legible).

Phase 2:
Folks were also advised at the conference that any text that was illegible was ok to ignore, because the critical puzzle elements had all been vetted for legibility and validity.

The completed puzzle was put online and sent to those who sent in photos of the completed puzzle:

These are loosely based on actual NC county shapes - you may notice Durham county and Wake county, for example - but NC has 100 counties. That's just too much photoshop. Plus, I needed the words to keep detail, and 100 counties was unmanageable graphically. Each "county" has a capitol (represented by a star) and may have one or more cities (represented by a dot). These, of course, have nothing to do with actual landmarks, although I was impressed that some people actually pulled out Google Earth to see if this was physically related to anything else. 

Some of the messages (woo!!!! and drink responsibly) had nothing to do with the puzzle, but those were obvious to set the stage for other red herring elements.

The rest were either rot10 (puzzle core) or rot13 (puzzle hints, props, and red herrings). We wanted something anyone could do, so there were several sites that would do this (such as http://rumkin.com/tools/cipher/caesar.php)

Here's how it breaks down:
rot13s:
"rotten" hint. (read: rot ten)
"fairplay"
"fale" Props!
"sussurro" Props!
"jaku" Props!
"puzzle"
"fasel" lol
"cheese"
"redherring"
"shmoo" Props!
"thotcon" Props!
"internet"
"notgmark" Props!
"caesarten" hint.

Baloney:
xyzzy: Do you even Zork?
ohzvysd: complete nonsense.
lverxk: complete nonsense.

rot10s (puzzle core)
xxqnte: hhaxdo
ydqsed: linaco
xjjfse: httpco
bedibq: lonsla
ixsqheb: shcaro
jroibq: tbysla
ixibqi: shslas
jud: ten

We intended people to use the color coded carolinacon on the map to interpret things. Read left to right, use the capitols of the colored counties, which would give you the rot10's in order:

httpco lonsla shslas hhaxdo tbysla shcaro linaco ten

There's a typo, but it was easy enough for people to figure out/fix when the context became clear...

http colon slash slash hax dot by slash carolinaconten was the url: http://hax.by/carolinaconten 

This phase probably wasn't designed the best way. When you slice and dice crypto text, it removes the options that experienced challengers have to figure out what to do. A lot of people were trying to figure out what type of encryption was being used by using frequency analysis and otherwise good tactics to figure out how to attack, and they maybe over-thought some of it. But, the critical key was split up so much that it looked nonsensical, and they assumed it was more gibberish. People attacked the ciphertext before they figured out the color map link, which is where this really failed.

Phase 3:
This was Jaku's idea, and we thought it would be pretty easy for people to figure out with a little
 math. But, when people went to the web site, they would see something like this:

05/16/14 13:13:18 51 7a 7b 87 8a 7a 26 94 87 90 26 7b 81 86 81 8b 80 26 8c 80 7a 26 88 90 95 95 84 7a 35 26 8c 80 7a 8a 7a 26 81 8b 26 87 86 7a 26 85 87 8a 7a 26 8c 80 81 86 7c 26 7a 91 7a 8a 94 87 86 7a 26 85 90 8b 8c 26 79 87 37 26 69 80 7a 86 26 8b 87 84 91 81 86 7c 26 76 26 88 90 95 95 84 7a 35 26 81 8c 26 81 8b 26 76 26 8b 8c 8a 7a 76 85 26 87 7b 26 79 76 8c 76 26 8c 80 76 8c 26 85 90 8b 8c 26 77 7a 26 76 86 76 84 94 95 7a 79 37 26 58 8c 30 8b 26 86 87 8c 26 7a 76 8b 94 26 90 86 84 7a 8b 8b 26 94 87 90 26 90 86 79 7a 8a 8b 8c 76 86 79 26 92 80 7a 8a 7a 26 8c 80 7a 26 78 8a 7a 76 8c 87 8a 26 81 8b 26 7c 87 81 86 7c 37 26 58 8c 26 81 8b 26 8a 7a 76 84 84 94 26 7a 76 8b 94 26 8c 87 26 7c 7a 8c 26 84 87 8b 8c 26 76 84 87 86 7c 26 8c 80 7a 26 92 76 94 37 26 51 7a 7b 87 8a 7a 26 94 87 90 26 7a 86 8c 7a 8a 26 8c 80 7a 26 86 7a 93 8c 26 84 7a 91 7a 84 35 26 94 87 90 26 80 76 91 7a 
26 8c 87 26 7b 81 86 79 26 8c 80 7a 26 80 81 79 79 7a 86 26 8c 80 7a 85 7a 26 8c 80 76 8c 26 84 81 7a 8b 26 92 81 8c 80 81 86 26 8c 80 81 8b 26 85 7a 8b 8b 76 7c 7a 37 26 58 8c 26 81 8b 26 8b 90 77 8c 84 7a 35 26 77 90 8c 26 87 86 78 7a 26 94 87 90 26 7b 81 86 79 26 81 8c 35 26 94 87 90 26 92 81 
[snip]

But, every time, you got something a little different:

05/16/14 13:14:44 65 7d 85 24 76 6d 86 73 24 83 7d 7a 86 73 72 24 84 76 73 24 80 85 8a 8a 7a 73 32 24 7d 82 24 89 7d 85 24 6d 7a 7b 7d 83 84 24 72 77 72 34 24 4a 73 24 71 6d 82 73 74 85 7a 24 6d 7c 72 24 71 76 73 71 79 24 6d 7a 7a 24 7d 74 24 89 7d 85 82 24 87 7d 82 79 32 24 6d 7c 72 24 7b 6d 79 73 24 83 85 82 73 24 89 7d 85 24 72 77 72 7c 2b 84 24 7b 77 83 83 24 6d 7c 89 84 76 77 7c 75 34 24 4c 7d 7c 2b 84 24 74 7d 82 75 73 84 24 87 76 6d 84 24 75 7d 84 24 89 7d 85 24 84 7d 24 84 76 77 83 24 80 7d 77 7c 84 34 24 63 73 24 71 73 82 84 6d 77 7c 7a 89 24 87 7d 85 7a 72 7c 2b 84 24 87 6d 7c 84 24 83 7d 7b 73 7d 7c 73 24 73 7a 83 73 24 84 7d 24 73 7b 6d 77 7a 24 85 83 24 74 77 82 83 84 34 24 53 84 24 87 7d 85 7a 72 24 70 73 24 6d 24 83 76 6d 7b 73 24 84 7d 24 6d 7a 7a 24 71 71 24 84 73 7c 24 6d 84 84 73 7c 72 73 73 83 24 84 76 6d 84 24 89 7d 85 24 75 7d 84 24 84 76 77 83 24 74 6d 82 24 6d 7c 72 24 74 6d 77 7a 73 72 34 24 4a 85 84 32 24 6d 84 24 7a 73 6d 83 84 24 89 7d 85 24 75 7d 84 24 84 76 77 83 24 74 6d 82 34 24 49 7c 72 24 7b 6d 89 70 73 24 89 7d 85 2b 82 73 24 82 73 6d 7a 7a 89 24 76 6d 80 80 89 34 24 54 85 83 84 24 72 7d 7c 2b 84 24 70 7a 6d 7b 73 24 89 7d 85 82 24 7a 7d 83 73 24 7d 7c 24 83 7d 7b 73 84 76 77 7c 75 24 7a 77 79 73 24 6d 24 80 6d 71 79 73 84 24 72 82 
[snip]

Most of the ones making it this far knew immediately that there were two different ciphertexts. We gave the timestamp to make this easier, because we thought people would be pretty frustrated by this point, and we wanted to make this easier as it progressed, not harder. Remember, this was designed to be resolved in 32 hours, because of conference times. 

The cipher changed every minute. The first message showed on even minutes, the second message on odd minutes. The cipher would base the ASCII numbers for the text on the time the message was requested. So, if it was 11:02, the first message would be in base 2 (binary), at 11:05, the second message would be in base 5. We went up to base 30, but had obvious limitations. Base 1 isn't realistic, and base 10 would give away the goodies. So, Ryan threw in a little fun to address this:

At 11:01, it would print "ERROR: Generic Error Error... Try message again later.." which actually freaked out a few people who thought they might have broken it. XD

At 11:10, it would print "ERROR: Lazy. lazy. lazy. lazy. lazy. lazy. Jane..." which is actually a hint. If you didn't Google this, it's a reference to a poem by Shel Silverstein from "Where the Sidewalk Ends:

A couple of people took this as a commentary on their abilities in good humor.

The resultant texts that Jaku and Ryan came up with were:

Message 1:

You have solved the puzzle, or you almost did. Be careful and check all of your work, and make sure you didn't miss anything. Don't forget what got you to this point. We certainly wouldn't want someone else to email us first. It would be a shame to all ccten attendees that you got this far and failed. But, at least you got this far. And maybe you're really happy. Just don't blame your lose on something like a packet dropping. You wouldn't even really be here without the dot coms and googles. Just rematch your favorite movie The Net. Just leave and let the people that really want to win claim the prize. Don't give up just yet. Let what brought you here guide you now, and let us help if you need it. But, remember, and please know that we might be a little bit mean (but that should be expected since you should have solved this) you are going to need some luck in getting this solved but not a whole lot maybe ten or so. This final puzzle is loaded this time. But, perhaps another puzzle waits at another time.

Message 2:
Before you finish the puzzle, there is one more thing everyone must do. When solving a puzzle, it i
s a stream of data that must be analyzed. It's not easy unless you understand where the creator is 
going. It is really easy to get lost along the way. Before you enter the next level, you have to fi
nd the hidden theme that lies within this message. It is subtle, but once you find it, you will know it's correct. You email the address that you find, and once we have mail you will get the final correspondence declaring you winner.

Although this has been a path lined with tricky turns, I hope you have enjoyed your journey. When there are lives at stake, sometimes you have to solve similar puzzles.  Count your blessings that you've never had to deal with criminal messages, with real lives hanging in the balance. It's tons more stressful than these puzzles and with higher consequences. 

Everyone should remember ten years of this con means you need to celebrate the success and remember the humble beginning. For this to work, you’ll have a heck of a time. But, it should be within your grasp very soon. We believe in you. Or something like that. Keep trying!

Anyway, with the final steps completed, you should rest up to prepare for whatever comes your way next year. We hope to bring you more challenges and work towards getting a better understanding of crypto and thinking differently than you probably have been trained. These starting exercises will get you prepared for other crypto and hacker challenges. Once you're done, You'll be prepared for trying out challenges at Shmoocon or potentially even larger venues like Defcon challenges. Whatever you go attempt, you will continue to build knowledge and experience which culminate into more and more successes. But before you really know it, you'll be so far beyond where you started, everyone will ask you how you did it. You'll be talking at conferences, presenting new ideas and research and stuff.  Don't doubt yourself for a moment, you have to try Once to prove it to yourself that you can succeed.

Then, when people come and ask you how the game's next level was won, you just have to say that everyone has the ability to count starting from zero to ten.

Phase 4:
Each message was peppered with clues, but the first message, if you took the 10th word:
You(1) have(2) solved(3) the(4) puzzle(5), or(6) you(7) almost(8) did(9). Be(10) careful(1) and(2) check(3) all(4) of(5) your(6) work(7), and(8) make(9) sure(10) you(1) didn't(2) miss(3) anything(4). Don't(5) forget(6) what(7) got(8) you(9) to(10) ....

Which gives you:
Be sure to email ccten at happypacket dot Net to Let us know that you solved This puzzle 

Not everyone deciphered the second message. A lot of people stopped here!

The second message required you to take the first letter of the first word every 10 words.

Before(0) you(1) finish(2) the(3) puzzle(4), there(5) is(6) one(7) more(8) thing(9) everyone(0) must(1) do(2). When(3) solving(4) a(5) puzzle(6), it(7) is(8) a(9) stream(0) ...

Which gives you: Be sure to email cctenftw@happypacket.net...

Phase 5:

I'll take the blame for this part. We were originally going to end it with the two messages, but then we thought it would be mean to just troll people repeatedly from the first one by saying "LOLNOPE!" after setting people up to believe they won. So, I added in an auto response from both emails to make a final puzzle stage.

Naturally, once people deciphered the first text, they were disappointed when they emailed CCten@happypacket.net and got back this:

Part 1 of 2:

147 158 157 151 155 143 149 169 155 152 153 149 145 143 159 146 158 161 160 134 143 149 161 137 149 166 151 152 159 138 145 150 150 156 171 165 169 157 164 145 157 139 140 163 148 168 158 149 137 154 151 155 137 163 173 157 154 166 167 138 162 156 167 155 153 162 139 153 156 143 142 158 166 158 160 158 148 149 162 142 162 161 156 155 161 151 155 162 136 143 156 151 161 136 154 153 144 151 149 143 144 165 168 167 164 159 159 161 156 159 143 153 154 173 144 166 147 171 164 171 162 173 161 170 158


So, some people tried to email it again and see whether they would get back a different message. Others went back to cheater to try to get more hints. I went to Twitter to remind folks that they identified more than one message to decipher, and they should revisit. Then I tweeted:


The intentional misspelling of intrepid gave it away to some, but not others. This is an acrostic. "Long evening that the entrepid researchers are creating! Really! Only some translate it creatively!" "Letter acrostic" To give folks a hint about the difference between the first and second text.

Within about half an hour, the first person figured it out and got back the following from CCTenFTW:

Part 2 of 2 - We hope you have part 1! There's one more step!

POOPINATOWELBALLOONANIMALSCOREDUMPSLOCKPICKSDONTFORGETYOURPANTSSTUFFINGYOURPOCKETSWITHLOCKSISCHEATINGXOXOMOOSEJAKUANDSUSSURRO

Which was my horrible homage to years past XD

When you convert it to ASCII and subtract it from Part 1 (which is basically a one-time pad), you get the final text:

CONGRATULATIONSFORREALTHISTIMEMAILXYZZYATHAPPYPACKETDOTNETWITHTHEMESSAGEWINNERWINNERMOOSEDINNERTOCLAIMYOURPRIZEXOXOXOXOXOXOXO

"Congratulations! For real this time ;) Email Xyzzy@happypacket.net with the message: Winner Winner Moose Dinner to claim your prize XOXOXO... "

3 comments:

ʎpɹɐH ʞɹɐW ɓ said...

Hope you guys had a lot of fun writing this. Sorry I had a conflict and missed the Con this year. - G. Mark

Anonymous said...

Awesome creativity and effort in creating that fun challenge. And the write-up is supreme. Mad props!

Heather said...

GMark - we are all super lucky and thankful that you're able to run your fun challenges for us. You never need to apologize for taking a break!