Download - BSidesDC 2016 Kids Crypto Challenge
BSidesDC 2016 Kids Crypto Challenge
And lessons learned
First Puzzle
• They were given this card and told that in order to read the message they would need to find Jack Daniel and exchange a pass phrase (similar to the one used by James Bond in From Russia With Love https://www.youtube.com/watch?v=cFhWdiDXt4w)
• The back of the card had the following text
• They were told their clue was ‘todays date’ (10/22/16)• This was a simple cesarian shift cipher
• Hey got any grapes?• We only have lemonade would you like a glass• I will pass
• Jack would then give them a red filter* There was an error and the first line was also the third line, this did not prohibit any children from getting the filter
Good morning 008. While 007 is away on vacation you will need to take his place on this mission.
On the other side of this card is a hidden message, to read it you will need to get the decoder from our contact working at the conference. Our contact is easy to recognize but you cannot just walk up to him and say you’re are a secret agent, you will need to give him a passphrase.
You must decode the passphrase firstThe pass phrase is “Roi qyd kxi qbkzoc?”He should respond “Sa kjhu dwra haikjwza skqhz ukq hega w chwoo”You should respond “Xuo wej qdo whqfui”*
• With the red filter they could then read the
message
HTTPS://TWITTER.COM/ANDREWSHUMATE/STATUS/
789291570440855552
FIND THE CLUE AT 156408
• If they opened the image in a hex editor and went to decimal offset 156408 they would be told to find the clue on their wristband (The Kids badges this year were USB Slap Bracelets)
Second Puzzle
• When they began the challenge I put a file on their wristband with the following string
R28gYmFjayB0byB3aGVyZSB5b3UgYmVnYW4gYW5kIGFzayBmb3IgeW91ciBtYWls
• It is a base64 encoded string which when decoded reads
Go back to where you began and ask for your mail
Third Puzzle
Fourth Puzzle
• When they were handed this card they were told the key was sailor
• The message on the back was the following
008, You are doing quite well, but you haven’t completed the mission yet.
Again you will need to decode the pass phrase
Go find the challenge creatorThe pass phrase is “Akj iud fl xqnpl ifqvyai jkvqnpl”He will respond “Jsz kbu wm dfjeoei kwocfj mwbs qwjeoei”You respond “Diooex dund to loe insu nl npau dnyaoc”
• This was a keyed cesarian cipher
• They would then be given a blue filter
The pass phrase is “Red sky at night sailors delight”He will respond “Red sky at morning sailor take warning”You respond “Smooth seas do not make an able sailor
Fifth and final Puzzle
• The blue filter would reveal the following URL
https://www.youtube.com/watch?v=6hIPlB3awv0
• Which is morse code that readsCongratulations Agent 008, you have completed the crypto challenge! Return to where
you started the challenge for your prize.
Lessons Learned• Better QA could have been done prior to sending materials to
press• While some support from parents is expected, there were
reports that there were several adults helping, this is a Black Badge challenge and as such should have a sufficient level of difficulty, there is a balance on how much adult support there should be and I will work on that for 2017
• 2017 will be based on points with tie breaker challenges rather than a race to the end
• While my social media (Twitter and Youtube) is generally PG, going forward the challenge should have it’s own social media accounts.
• All participants seemed to have been challenged and enjoyed participating