For Robin

[tut]

Would not class Robin as a graduate, but could just imagine him at GCHQ.

http://www.abc.net.au/news/2011-12-02/b ... ite=sydney

tut

[robin]

Colin, what I meant was that the whole cypher program thing could be a wind up (diversionary tactic) and the real answer is deduced some other way.

Cheers,
Robin

[robin]

OK, so I've got to stage 2 ... I had correctly identified that the program was a cypher algorithm but was stuck for the last few days looking for what to actually decypher with it.

I didn't think that there was enough wasted space in x86 machine code to allow something to be embedded within the machine code (because almost all the instructions do something). Anyway, I wrote a brute force attack that extracted all possible sequences of up to 16 characters (that being the max length of the keyword answer). It came up with some good stuff, but nothing was right.

Then somebody at work suggested looking into the headers of the HTML, etc., that make up the page, which I thought I had already done, but hadn't thought of the PNG itself that makes up the fancy graphic you see on the page. Sure enough there is something in there that doesn't make sense in the context of PNG and has the characteristic look of base64 encoded data:

Code: Select all

QkJCQjIAAACR2PFtcCA6q2eaC8SR+8dmD/zNzLQC+td3tFQ4qx8O447TDeuZw5P+0SsbEcYR
78jKLw==

When you decode that you get

Code: Select all

000000 42 42 42 42 32 00 00 00 91 d8 f1 6d 70 20 3a ab
000010 67 9a 0b c4 91 fb c7 66 0f fc cd cc b4 02 fa d7
000020 77 b4 54 38 ab 1f 0e e3 8e d3 0d eb 99 c3 93 fe
000030 d1 2b 1b 11 c6 11 ef c8 ca 2f
00003a

And this has the BBBB sentinel that the code is looking for so is very likely to be the right thing.

When you decypher that you get a URL ... which fetches another puzzle from their website. Off to attack that now (though it looks easy by comparison, perhaps it won't be once I knock it into shape!).

Cheers,
Robin

[robin]

OK, so cracked second puzzle which was indeed easy; the javascript that you download for the second puzzle describes a pretend microprocessor with a very simple instruction set plus an initial memory image to get it to process.

It performs a simple de-scramble to reveal yet another URL to download the 3rd and perhaps final part of the puzzle.

This turns out to be a windows executable that needs an input file to contain the right magic sauce for it to go fetch the keyword from a buried part of the website. After some wasted effort I deduced what the first half of the file needs to be but I cannot quite get the second part figured out. I'm sure it harps back to some redundant data that was defined in the first two stages but not used. However I cannot quite figure out the right way to use that redundant data to make the key work ... enough for one day, will take another look tomorrow, maybe.

Sanjoy, you are an utter barsteward for setting me this challenge!

Cheers,
Robin

[Peter]

Sanjoy, you are an utter barsteward for setting me this challenge!

Cheers,
Robin

Well done Sanj, this has kept Robin busy for a few days..

[robin]

OK, so I cracked it. In fact my guesses last night about the missing pieces being the redundant data in earlier parts of the challenge were correct. The program that the 3rd stage gives you is a so-called cygwin program, which is a program that is linux-like at the source code level but gets compiled to run on windows using the cygwin environment. I was running that in a windows virtual machine that I use for stuff that I cannot do on linux. The program puts together a URL for a file called key.txt and tries to fetch it. For whatever reason my windows VM wasn't able to do the fetching so it appeared that I had the solution wrong, but in fact I had it right - I fetched the same URL on Linux and got the key.txt straight away.

So I solved it and I can provide the details to anybody that is interested, though I imagine I am talking to myself by now

Cheers,
Robin

P.S. I see that the challenge will continue ... not sure what that means, perhaps there will be another challenge or perhaps there is already another challenge and I haven't stumbled across it ... I'll try to ignore that possibility and do some real work instead!

P.P.S. just do you know I wasn't cheating cyberwin is an important but in the end irrelevant part of the solution ...

[ed]

Skills, big up respec (in a area)!

[Peter]

Amazing stuff Robin

I get the same sense of satisfaction from an Easy Sudoku (but probably expend more effort trying to solve it)

[mckeann]

Amazing stuff Robin

I get the same sense of satisfaction from an Easy Sudoku (but probably expend more effort trying to solve it)

haha, couldnt have put it better myself.

[robin]

I've never really got in sudoku as you can always solve them by brute force/algorithmically.

It's an odd skill set they are looking for in this challenge - I happen to know a little about all this stuff from years ago when assembler programming and being able to read machine code from raw data was a relevant skill. These days it just isn't any more, at least not for very many people. I'll bet that most people that do solve it are oldies like me ... and they're not about to go work for 20K or whatever is on offer ...

Cheers,
Robin

[pete]

I've never really got in sudoku as you can always solve them by brute force/algorithmically.

It's an odd skill set they are looking for in this challenge - I happen to know a little about all this stuff from years ago when assembler programming and being able to read machine code from raw data was a relevant skill. These days it just isn't any more, at least not for very many people. I'll bet that most people that do solve it are oldies like me ... and they're not about to go work for 20K or whatever is on offer ...

Cheers,
Robin

25k they are offering apparently (i think it was on theregister.com ).

They were being fairly critical of the rewards package.

[pete]

Story here.

http://www.theregister.co.uk/2011/12/05 ... le_solved/

[robin]

For me the fun was in the challenge not the reward, so I didn't care that the end is a huge anti-climax - indeed I knew it was that from day 1 seeing as how Neil posted that link.

Of course for some people this challenge is enough motivation to take a job with relatively low financial reward compared to the skillz required to do the job. I guess that is what they're looking for; if your primary motivation is financial you will not be of any use to them.

Anyway, back in the real world I'm off to do some less esoteric hacking ....

Cheers,
Robin

[pete]

There was an interview on Simon Singh's program about codes with the guy who invented the public and private key code whilst working at GCHQ in the 70s.

When asked if he wasn't a bit pissed that some Americans had, seperately, invented a similar code using similar techniques in the US some years later and made a fortune he replied, with typical British understatement, "one does not join GCHQ to become rich."

[BiggestNizzy]

There was an interview on Simon Singh's program about codes with the guy who invented the public and private key code whilst working at GCHQ in the 70s.

When asked if he wasn't a bit pissed that some Americans had, seperately, invented a similar code using similar techniques in the US some years later and made a fortune he replied, with typical British understatement, "one does not join GCHQ to become rich."

I remember that, the guy did it in his head as he couldn't write it down