Cryptography puzzles at security events can be fun and challenging. It gives us a chance to not only test our cryptography skills, but it also puts our problems solving and social engineering skills to the test. The founders of ElevatedPrompt, Jason and Chandra (who was a previous DefCon Badge challenge winner) solved the cryptography puzzle this year at BSides Vancouver, and we thought it would be nice to post the steps here for all of you to enjoy.

Disclaimer: if you are still working on this puzzle and do not want any spoilers, please check out our other blog posts or pages!

 

 

Let’s start with the message in the BSides Program with a page that contains the first clue with the ciphertext

This is an Aristocrat cipher. There is a good tool to use to decipher this: http://bionsgadgets.appspot.com/ww_forms/aristo_pat_web_worker3.html. It reads:

welcome to bsides vancouver please enjoy our event and if you want to go further and bridge the path of discovery ask one of the staffers for a ticket

Once you flag down a BSides staff, they will provide you the next clue on a piece of paper

This leads us to the URL: https://bsidesvancouver.com/BRIDGEHAND/. It leads us to a webpage with a picture of a bridge hand and a coded message. In case the URL does not work down the road, here’s the original picture below.

Message: csljik tguhxanwa kenf avwijfkblry omueijt gv wlwn eibfw bfwwlws cmbagsv jxx oiwzh xg hg buc vxarxq vpl krq

There is a hidden message in this picture via steganography. There are many tools online that will help you extract the hidden message. (Give this image a try!) It reads:

cat the names of the cards in uppercase and in order to find the password for
the rar file

Now for the message, which is a One-Time-Pad cipher. Usually, you will need a matching phrase to decipher the message, but a quick guess revealed the hidden message, the pad was just repeating the word bsides. The hidden message reads:

badges sometimes have interesting numbers on them maybe another keyword but where to go try dwijum dot com

Great. Finally we get to the electronic badges of the event. There is a set of numbers on the badges with can be used for our next clue. As per the message, we combine the URL provided with the numbers showing on the badge.

The final URL is: http://www.dwijum.com/3302217022200029/. Here we now have the download link of the rar file mentioned earlier in the puzzle.

Notice the page also includes another One-Time-Pad message. We will get back to this. Now let’s open the rar file. As the clue suggest in the deciphered message, we have the password to the file by combining the bridge-hand of the picture: ACEQUEENJACKTENACEKINGSEVENSIXKINGQUEEN

The contents of the rar file which contains a text file with the OTP key, which reads: CBJCEFSEGWWNZEHPTAGMSEARBWYYJKEJQSF

Now the final step to decipher the OTP message, taking the message and key will give us the final message of the puzzle.

And the message reads:
YOUREDONETHESECRETWORDISWHITERABBIT

A quick check in with a event staff confirms that is the end of the crypto puzzle!

Hope you enjoyed this post. A huge shout out to MARS (Mainland Advanced Research Society) for organizing this year’s BSides event, as well as all the volunteers that made this event possible. We are looking forward to the event next year. See you all there!

(For those that are interested in more puzzles like this one, check out the post from the winner of the Defcon24 badge challenge from Council of Nine here.)