cybersecuritychallenge cipher – A How To
Cyber Challenge
This is the total walk through and it wasn’t easy.
(1) first go to the main challenge page and then grab the cypher
https://cybersecuritychallenge.org.uk/docs/cybersecuritychallenge.txt
Now from looking at the text you can see the obvious thing and that is it looks like a base64 encode. This can be seen in the fact that base64 encodes will end in an equal sign if the total bits of data cannot be equally converted from 34 bits to 32 bits.
So we grab the text and run it through a base64 converter.
http://www.opinionatedgeek.com/dotnet/tools/base64decode/
This then give us a raw .bin file
I recommend using a Hex file viewer, however I used EditPlus Text Editor as it was closer to hand.
I saw what looked like a file header
it had EXIF (which I know to usually mean camera files).
and more importantly I also saw JFIF which is the JPEG File Interchange Format (JFIF)
From here I guessed that I would firstly grab EXIF Tool to decode and potential EXIF data as I thought it would have a message hidden in the camera name or something similar.
There was no interesting info so I just changed the file extension to JPG and thought I would check what I had and then I saw the XKCD comic.
Personally my fave one is
however you one is
Total Time Start to Finish = 12 minutes.
**EDIT**
I was informed this morning that I was not quite there. I got a tweet from@Cyberchallenge stating that if I sent my email about the cipher to a certain email address then I had got it wrong.
So I thought back to the drawing board and lets look again at the image. Firstly look in a Hex Editor and I saw what I thought was a phone number. 01444.’9=82<.342 = 01444-982-342 well it would seem that I was on the wrong track as that number is not in service.
So I then loaded up another EXIF viewer and again nothing.
I then looked at the original image on the XKCS site and I noticed that it was a PNG and not a JPG, if it was just a case of getting the normal image when why change its extension and also why all the extra white space.
I then carried out a quick check on TINEYE. (which is a great tool). however this also gave nothing except it did let me compare other images out there against the one I had earlier decoded and my image was the only one with the morse code around the edge.
I then looked a little closer and thought it was binary. Also like the pits used when burning the lead in section of a protected DVD / CD.
I then read up on hiding binary in images. – Suggested reads are.
http://terpconnect.umd.edu/~minwu/public_paper/Jnl/0408binwmk_IEEEfinal_TMM.pdf
http://figment.cse.usf.edu/~sfefilat/data/papers/TuBCT9.10.pdf
http://www.springerlink.com/content/k28787j31153565m/
I then loaded up Paint.Net and began to play.
Firstly looking at the Histograms. If you move them around you’ll see that the boarder is a different layer than the rest of the image.
This then confirmed to me it was binary and all I had to do was to try and count the pixels to see where a binary code started and ended.
Paint.Net has a Pixel grid so I loaded this up and began to count.
White Pixels = Zero and Black Pixels = One
010000110111100101110010011011100110011001110010001000000111001101100010011110010111100101100010 and so on and so on
I then grabbed the text and loaded that into a binary to string converter and this gave me garbled text. = Cyrnfr sbyyb in the example above.
I then used google to check the text and I found only one result and it was 2007 on a site called Perl Monks
This thread has some one attempting to decode a piece of text and it has one of our words. = Cyrnfr
It was suggested Rotr13, so again I read up on Rotr13 and its a simple encryption where the letters are rotated 13 chars . So this gave me Please follo (looks like please follow)
I now knew that i was right about the binary and all I had to do is to count the whole image and then rotate each of the letter 13 places.
This then gave me
Please follow this link: https://cybersecuritychallenge.org.uk/834jtp.html https://cybersecuritychallenge.org.uk/834jtp.html
Game Over - ** at least that’s what I thought **
I visited the URL and got a new code !! – this one although easier actually took longer as it was custom code and I didn’t bother to code a parser (which I now wish I had done) so I had to decode it all by hand.
68edcdec4e2c8eae8d2c8e2dedcd6e04d2042fedae52ceac04ccedaecd8c042ccd8c046
cedad0e8dac8eac8c048e0dac044aa82889046c0d2c8d8daccdecacc5042bedae4e04e
e2dcd046ced8cac042d6e04046c2f4c664ea76e666cae4e268e2f456c0d088d8d66cde
cac6546c6a506e6a546062606c504a141a1410a8dac2c6eac04acad2c2d8d048e0d2d
6e046ced8cac048eed04edae4e048eac2cad042c8e04adac8c2d2c086c2f4cac4e6eac
6cae4e2d8e2f6c0d2c8d8daccdecacc5ed4eecc5ae6dc50429cc042fedae524eac048e
0dac04cc2d4e6e8e040eac4e6eedcd048eed048ced046eed85042ccd8c046c2ccd0
40e4eedceac042fedae04adacac8e048e0dac04ac8d2dec2d4c2d8d2d8e2f046c4e2d
8eac4e2d2c0405484e2d8e2d6e0d046c2d8e2d4faccd046cae4e4eaccd8e8d2f044ea
c6e2d8caccd8e042dcd048e0dac04aa692504eeac04ee2d8d8d044cac042dcd048ee
dae6c0d048eed042c8cce2d6eac040dedee048eed046c8d2c2dad042fedae4e040e4e
2d4facc504eaac8d8d048cedcdac042ccd8c04eceded8c048dae6c6d042dcd048e0da
c04682f4cac4e046aac6cae4e2d8e2f04680d2c8d8daccdecac046cedad0eac8e2d8e2
dedcd6e048e2c6d2dcdec040e8d2c6cac048e0d4eedaeec0dedae8e048e0dac044eac
6e8e04edcc048e0dac042fac2c4ec5
The part that gave the code away was that I figured it would start with a well done message so I counted the chars and looked for well done or other words like congratulations. (it was all hex so it wasn’t too hard) I was right about the congrats message plus the fact that the spaces were easy to guess. I still ended up with a few question marks but I still got to the bottom of it.
see below for the key and the cracked code.
04 = space
0D = H
0E = P
08 = a
26 = i?
2B = y?
2C = A
2D = I
2F = Y
4C = B
4E = R
4F = Z
52 = ‘
66 = e?
68 = C
6c = c
6D = k
6E = s
8C = D
8D = L
8E = T
AC = E
AD = M
AE = U
C5 = fullstop
CC = F
CD = N
CE = V
D2 = A
ea = W
EC = G
ED = O
EE = w
a7 =?
45 = ?
65 = ?
46 = ?
c6 = ?
A1 = ?
41 = ?
congratulations a youve found and completed the ???? challenge.
your pin code is cyber?security?challenge???????????. ?????lease
email this code to our team to media@Cybersecuritychallenge.org.uk
F YOU’re The First Person to do so and can prove you meet the eligibility
criteria ? ? British citizen currently resident in the ??? we will be in
touch to advise how to claim your prize.
Well done and good luck in the Cyber Security Challenge Competitions taking
place throughout the rest of the year.