Brucon2010Challenge

From EuroTrashSecurity

Jump to: navigation, search

BruCON 2010 CHALLENGE

The Brucon organisation has provided us with a free ticket for the person who is first to crack the following message :

U2FsdGVkX19U8gawcV99tDA8UejTA8wfdPCs9DVdFkjFiRETCBeUiQqqM0/4fSDR 10Rou9cKr8xWGTwD7Pm5Fa5XR0aH0NyxinexU2X+e4DtDECnw0GCHUlYeC9mNoJt 5ybCH8Fe4M4UOunjngZzyu9Lc/az9cwq56XmNG6qVlm8U7osRFzNbwwLELAnP6IP PudYxvrrq8pVa8hie18+Lx/3ItA89EGd+caSyk12JIUnp20sp9/rQqXZedwlx9tP NXTEJXcwhajUuzSiujZMHS38ZuI4p+JNFJiaoj0V+2i77ncKw285Ip7XUvpjUle1 817pK2U0e/eg5abDrH3vicEpjQByROtKLK8+8pvACkdcKguIjIJWpA==

Get cracking and hopefully we see you at Brucon !!

http://www.brucon.org

THE SOLUTION

With Nicholas Walker submitting the first valid answer our fun little challenge comes to an end. Thanks for all who played, it might as well have inspired us to keep coming back with challenges in the future. For those eager to find out if they were heading in the right direction, here's one way you could've found the right solution.

The first hint was in the tweet announcing the challenge : 

win a FREE ticket to Brucon if you have any idea how to solve this challenge :
http://www.eurotrashsecurity.eu/index.php/Challenge !

This immediately gave away the cypher we used : IDEA. Now it was down to finding the key. We couldn't have made it that difficult but it could've been anything related to the podcast or brucon. A few hours after the challenge was launched, we came with the next hint : 

hint on the @eurotrashsec challenge : "if you know who we are, you have the key." : http://is.gd/eZ1WD

Cool! That should've drastically reduced your keyspace immediately. Obviously, if you didn't listen to the podcast before, you were up for some research and come up with the following names : 

* Dale Pearson
* Chris-John Riley
* Craig Balding
* Wim Remes

Considering evil tricks with capitalization or replacing letters with numbers, this was still quite a large keyspace but we aren't that evil ... So we came up with our final hint : 

last hint for our #brucon challenge : if your vision is blocked by a cloud, you'll figure this one out.

Now who on our team is also a member of the Clouderati ? That would be Craig, wouldn't it ? 

craigbalding
cra1gbald1ng
cr@i98@ld1n9
CraigBalding
...

You were clearly on the right track if you came up with a list similar to that :-) Now it is time to feed everything to openssl whichever way you prefer. Assuming you stored the base64 encoded challenge text in challenge.txt, the following command yields you the cleartext 

openssl enc -d -idea -a -in challenge.txt -pass pass:CraigBalding

Congratulations, you cracked the code. Mail your full name and e-mail address together 
with the code at the bottom of this message to feedback@eurotrashsecurity.eu to claim your Brucon ticket.
------code------
4aa815dd4470323bfda29784042796d2
------code------

We had to move quick, Brucon is in a little more than 2 weeks so anybody winning the ticket should be able to make some arrangements like flights or hotels. Also, we all have jobs which require most of our attention so coming up with a good challenge in short notice is not that easy. I glanced over to the Verizon DBIR lying on my desk and was reminded on the countless hours I spent trying to break their challenge. This one was a little like it, but much easier.

If you haven't heard about the DBIR yet, get it here : http://securityblog.verizonbusiness.com/2010/07/28/2010-dbir-released/ , it's worth it! Obviously, if you haven't cracked that challenge yet, go at it without googling too much. It's an awesome challenge !

I'll already start thinking about our next challenge :-)

Grtz & c ya at Brucon -- Wim

Retrieved from "http://www.eurotrashsecurity.eu/index.php/Brucon2010Challenge"
This page was last modified on 10 April 2011, at 22:59. This page has been accessed 4,391 times.