2012 DBIR Puzzle - Archived Comments

Wed, Mar 28, 2012

- ∞ -

2012-verizon-dbir-cover-challenge

G Mark Hardy

March 28, 2012 at 9:28 pm

Wow! That’s an impressive puzzle and an even more impressive solution. I always worry about putting this much complexity into a Con badge puzzle or contest, because few have the insight and the perseverence to grind it out to the end. Hey, with DEFCON 20 coming up, maybe we can up the difficulty factor a bit — especially if I can get Jeff to spring for an iPad as a prize! Well done! — G. Mark

Mike Czumak

March 29, 2012 at 7:15 am

Great synopsis. Here’s some info about our experience… After starting really late last year and coming in fourth, my co-worker and I were determined to have better results with this one. After day 1 (Thu) we had the decoded poem from the cover, obtained the pastebin info (we realized the Phone #/IP connection very quickly) and with a quick script to check hash frequency, we also had the pinterest site which gave us the gift (ciphertext) and the encryption recipe for openssl w/ base64 rc4-40 and -nosalt. We felt we were off to a blazing start after only a couple of hours and were confident we were in the lead. This is where it all fell apart for us! We went down the path of removing the ‘******’ from the gift and treating it as one block of ciphertext…it base64 decoded and so we assumed this was correct. Our next quest was for the right key. We looked to the poem and the pastebin site, especially the image comments and tried so many different combinations, all in vain of course. Even though we ultimately had the right key (though we didn’t know it at the time), our assumption on the ciphertext was way off. In addition, the clues that were coming in via Twitter were for steps we had already accomplished…and were leading our “competition” closer to where we were…very frustrating! I think for too long we were too proud/stubborn to consider asking for clues so we continued further down the wrong path. When the clue for the grille cipher was released days later we quickly changed gears. We saw the html formatting of the 8′s (very visible in Firefox 3D tilt) and got our cipher. Here’s where it got even more frustrating…we realized it was base64 encoded, decoded it, stared at the decoded string and figured since the encryption ‘recipe’ called for -base64, openssl would take care of it; so then we proceeded to use the original encoded string in our decryption efforts! Of course this led to more frustration and shortly after you had claimed 1st prize, 2nd was also taken and we were once again working with the wrong ciphertext. When you mentioned the encoding of the final string on Twitter I thought about it for a while, went to bed and the next morning realized that I better base64 decode it before I run it through openssl. I had a hunch the password was Markitdude all along, tried it and Voila! I sent in our submission in and wouldn’t you know it…missed 3rd place by less than 1 hr! Either way, we had a great time (even if we did take 4th again) and look forward to next year. Congrats on the win! — Mike Czumak

@christopherkunz

May 30, 2012 at 2:39 am

That was excellent. I enjoyed the writeup far more than I’d probably have enjoyed participating in the challenge (only to be beaten by you!). Congrats on an epic win!