Last Wednesday, the security company Praetorian released a new set of crypto challenges as a recruitment tool and fun challenge for the community.
I sprinted through the first 5 (of 8) levels in less than 24 hours, then got totally stuck on Level 6 for over two days. Finally, late Saturday night I managed the intuitive leap I was missing, and by early Sunday morning I’d finished level 6. Some hours later (after, you know, sleeping) I finished level 7, and level 8 fell in under 15 minutes, making me the first person to solve all 8 levels. (No prizes, but I enjoy the bragging rights, and, well, the pressure makes sure I actually try to finish them all….) Congratulations also to @TheJEversmann for “coming in a close second.”
The overall challenge is interestingly structured. They’ve built a simple web-based API to register for the game, receive individual challenges, and submit answers. Each successful response gets a signed hash indicating your highest level in the game (which they encourage you to pass along with your resume, naturally). All challenges must be completed in order – you can’t get to level 8 without first completing level 7, etc. All the challenges are self-contained, and exist outside the game engine itself (though that didn’t stop me from trying to hack the tokens and level up that way… Did I mention I grasped at a lot of straws for Level 6?)
They’ve changed a few things about the contest as they go. First, almost all of the answers are in a TripleBuzzwordFlag format (like “RealtimeMashupFramework”), and the system generates a new password randomly for each player each time they request a challenge. Originally, one of the challenges included the wordlist they use to generate these flags, but then they discovered some people (well, me, and at least one and possibly more others) were using the wordlist to try brute forcing some of the answers. So now the published wordlist is gone (and the in-game list is possibly somewhat dynamic as well). The devilishly difficult Level 6 has had its hints altered at least once, and may yet be tweaked again, based on feedback and observing how people attack the problem.
These minor course corrections aside, it’s a very well thought-out set of challenges, and tests the player on everything from simple ciphers and hidden messages to more traditional steganography, and also includes a few challenges much closer to day-to-day crytpo hacking. If you’ve made any progress in the Matasano Crypto Exercises, you’ll have a good chance at finishing the harder levels here.
A few earlier crypto challenges from Praetorian can also be found starting here. I haven’t tried the 3rd of these earlier challenges (the Rota game – I can’t even beat my kids at that game, so I’m not ready to write an AI for it), but they’re also worth checking out, perhaps as a way to limber up for the current set of challenges.
If you like puzzles and crypto / hacking challenges, I definitely recommend trying these latest Pratorian challenges. They can teach you a bit about some common vulnerabilities, and they’re lots of fun!