DEFCON 21 Badge Contest
Smashed Again by CK(Crypt Killer), Decrement, Elegin, Beeker
This is our write up for the Defcon 21 Badge challenge. A huge round of applause to Lost and Ellen and anyone else who helped age me by 10 years in 3 days.
I joke in the write up, don’t take any of seriously, I don’t. If we can’t laugh, we can’t live.
I hope everything is correct ,but should there be mistakes, take it up with Lost not me or anyone from the team. Seriously email us and we will fix it or add it ( maybe).
We had a great time and getting black badges is always fun. Seriously, you should try it.
The first four paragraphs on page 3 of the program is a play on words for Fiddler on The Roof.
The idea is that we are hackers not fiddlers , we each are a Hacker On The Roof in vegas.
Keyword is HackerOnTheRoof.
Now Go to this URL : https://www.defcon.org/1o57/dc21/HackerOnTheRoof/
Seeing Everyone Come Out Near Defcon Helps All Learn Fun:
There are four lanyards and when they are all lined up you get a staza of music in Bass Clef where dots on lanyard edges correspond to notes on lines and dots on lanyard centers correspond to dots in spaces. Starting from the bottom line: G,A,B,C,D,E,F,G,A http://en.wikipedia.org/wiki/Bass_clef
ADD A DEAD ACE BADGE(used in final answer) Note: Our original decryption was “Add dead ace badge” due to a poor photo job that left out a character. Thankfully, over the course of puzzle solving, we had heard multiple decryptions of the text, so had a few other texts to try (Add dead face badge, Add a dead ace badge, Punch Lost in face badge,All your base are belong to us).
The suits we named rotary,smiley, floppy, and crypto. We liked crypto better than other terms because if looks better in code ,all having 6 letters, and we like crypto better!
A LOT OF BADGES!!!!!! WE DON'T NEED NO STINKING BADGES!!!!!!! YES WE DO!
Looking at the badge matrix you can see all data on them. The parts we used for the solutions are in the bottom right on the front of badge. Each suit had different symbols: pi, e (Euler's number), reflected binary code(gray code) , Linear feedback shift register.
The symbols were the key to the order of the text on each badge using the very very light 3 bit binary number.
The order for the Linear feedback shift register is as follows:
111, 011, 001, 100, 010, 101, 110, 111
(for more information https://en.wikipedia.org/wiki/Linear_feedback_shift_register )
The 3-bit binary on each badge needs to be ordered after the register. The decimal numbers were converted to alpha using 0=A, 1=B, etc.. Since there were two badges labeled 111, we would have to try each in our final decryption
The order for the e (Euler's number AKA the base of the natrual logarithm) is as follows:
Using the 3-bit binary in decimal form the order is where the number first occurs in e.
e = 2.71828182845904523536
The order for the pi is as follows:
Using the 3-bit binary in decimal form the order is where the number first occurs in pi.
pi = 3.14159265358979323846264338327950
The order for the Gray Code is as follows:
000, 001, 011, 010, 110, 111, 101, 100
(for more information http://en.wikipedia.org/wiki/Gray_code )
That was a lot of stuff..no worries..we will use that #$%^ soon
This is system used by mathematicians for calculation in ancient parts of Eastern Asia. ( More here http://en.wikipedia.org/wiki/Counting_rods )
Believe it or not, Cryptkiller figured it out by staring at it long enough to make his eye’s bleed. We also talked to another person who figured it out using the bleeding eye method.
The numbers are a straight alpha conversion giving the following text:
"It was a sign that Lois was trying to help you, but you weren't finished.
Take what Lois gave you and OTP with your Smiley suit.
(But you're not done yet!)"
Lois is key here, as usual with Lost’s challenges there are multiple paths to answers. We actually found Lois Runtz ( not to mention 50 other lois references ) way before the actual real clue for it was discovered but it didn’t make sense until we got the other clue.
Credit where it is due: https://github.com/ryanshoff/dc21badge .
I would really like to know how DAFUQ you got there. Seriously, how the did you figure it out?
This is the reference we found while contesting...
It also contains other ciphers that may be useful next year? http://www.nku.edu/~christensen/section%205%20symbols.pdf
( http://www.docstoc.com/docs/54185227/The-Shadow-Chain-of-Death )
( http://www.learningace.com/doc/1110885/67b34e1fd73c05586e3c4be0fa74c572/section-5-symbols page 21)
All the above being said this was still a pain. Even know how it works it still hurts to look at it.
The decoded brain hemorrhage is “KEYWORDHOMODOXIAN” ??!!
Ok seriously lost, wtf. What spelling bee did you watch and think “Holy $#$%^ I love that word”.
Since it does not have a wiki entry, I am fairly confident it is not a real word.
And to really take this point home ( http://prettygoodword.livejournal.com/263263.html ) .
It has only been document as being used once in the entire written history of mankind. Wait, strike that, @$%&ing twice.
"Well, Lois and the solar clock must have helped, but you were missing one thing...
Take what the solar clock showed and OTP that with your rotary suit, then by golly you've got a key."
Some evil hatched creature decided to mess around with the cipher by removing part of the last set of characters.
In the end, not a real big deal since it if you knew the cipher it would fall out anyway.
It makes me laugh now, but OH at the time.
Key Hole Signs
All the Keyhole (crypto ) symbol signs were encoded in ROT13 ( some were triple ROT13):
SEARCHING FOR ANOTHER CLUE
THE KING OF KEY HOLES MAY HELP
REFLECT ON WHAT YEAR THIS DEFCON IS
YOULL FIND THE ZONE BSIDE YOU
BASS YOUR KEYWORD NOT ON A QUIET STOP BUT THE REAL ONE WITHIN
AND WITHOUT SPACE OF COURSE"
This clue infested disaster is broken down like so :
“THE KING OF KEY HOLES”: Geddy Lee (RUSH) on the King keyhole (crypto) badge.
“REFLECT ON WHAT YEAR THIS DEFCON”: defcon 21 , flip 21 to get 12 and 2112 is a RUSH album.
“YOULL FIND THE ZONE BSIDE”: Bside of the 2112 album the Twilght Zone track.
“BASS YOUR KEYWORD NOT ON A QUIET STOP BUT THE REAL”: Song was based on 2 episodes of The Twilight Zone; "Will the Real Martian Please Stand Up?" and "Stopover in a Quiet Town"
The key word is:
Finally I Realize Special Timing Hinders All L0sT Finalists: (FIRST HALF)
Jack Sign Ciphers
On the bottom left of 4 of the Hacking Village signs were ATBASH ( http://en.wikipedia.org/wiki/Atbash ) encoded text:
- 74 (J) (ATBASH)
- 65 (A) (ATBASH)
- 81 (C) (ATBASH)
- 75 (K) (ATBASH)
- EVEN IF YOU WANT TO BELIEVE ONE OF THE JACKS DOESNT BELONG DONT OUT FOX THEM JUST SCULLY
ALONG IF YOU ASK THEY MIGHT LOAN YOU A KEY THEY TOO ARE LOOKING FOR LEE AND NOT ANAGRAMICALLY SPEAKING
A few things are taken from this absolute mess. We got most of it AFTER we found the answer via a clue from Lost and finding Lois.
Since hindsight is 20/20, The Jacks are the refering to the playing cards and the and LEE and ANAGRAMICALLY refer to Lois.
Of the 4 jacks one didn’t belong, that was the Guy Fawkes jack (only one with a mask).
The other three were the Lone Gunman from X-Files. The Lone Gunman sometimes worked with a
thief name Yves Adele Harlow ( an anagram of Lee Harvey Oswald ) whose real name is Lois Runtz.
I can only guess this was a stab to the horrible way the lone gunman characters to written off,
we all know they deserved better.
"Having trouble with the first and second half?
Well, put on your key suit and OTP your disc...but that's not all..."
There were some ciphers in the image around lost in the spade symbol but they were not a big deal.
(morse code,binary,pigpen, that we know of)
This one meant something:
This solution was also from the Chain of Death, Shadow novella.
the result is:
"HAVE FUN NEED HELP JUST ASK PASSCODE SYZYGY"
SYZYGY? I actually like this one because it came from the Dreadstar comic book that I have and collected as a kid.
( https://en.wikipedia.org/wiki/Syzygy_Darklock )
(more likely it is that fact it ties x-files and orrery and clockwork orange all together in one swoop )
( https://en.wikipedia.org/wiki/Syzygy_%28The_X-Files%29 )
Last piece ( almost )
At this point we were at the conference area in the 1o57 room and we were head to head with another team.
Ok, if you made it this far you got something wrong with you. Since you're here let me summarize some crazy down to just ouch.
Lets ignore the lanyard for now ( again ), we have the badge ciphers, floor ciphers, and the sign ciphers.
ALL the keywords pointed us to webpages that told us we need to One Time Pad everything together. Ready for the train wreck.
The LoisRuntz url tells us to “key suit and OTP your disc.”
The orrery url tell us “Take what Lois gave you and OTP with your Smiley suit”
The Twice used word in human history homodoxian url states “Take what the solar clock showed and OTP that with your rotary suit”
The solar clock was the floor cipher that used counting rods (how does he find this stuff ) which deciphered the orrery url.
With the OTP inception, We basically OTP the $#%^ out of all the badge ciphers and for the kick we pad the short ciphers.
Just to add a little excitement, we had to figure out that all the suit’s got ROT13 except the rotary suit.
I know, absolutely devious and slightly masochistic.
As the Word Who Must Not Be Named (homodoxian) tells us “ by golly you've got a key.”
“GOLLY” did you really type that out or was that a typo.I am going with a typo.
We have a key and now we need a lock. Back to the beginning, the HackerOnTheRoof url
“ Seeing Everyone Come Out Near Defcon Helps All Learn Fun” Take the first letter of each word and you get SECONDHALF,
the cipher text on that page is the second half of the cipher text. The first half is on the “WillTheRealMartianPleaseStandUp” url,
“Finally I Realize Special Timing Hinders All L0sT Finalists “. Again,Take the first letter of each word and you get FIRSTHALF.
We have KEY and CIPHER. OTP and DONE.
The results is :
HOPE YOUVE BEEN HAVING FUN AND YOUVE MET SOME NEW AND INTERESTING PEOPLE
BUT YOU HAVENT FINISHED YOUR JOURNEY YET
YOU NEED TO SEND EMAIL TO DEFCONDJSTEPHANIEANDMICHELLE AT GMAIL
BE SURE TO INCLUDE YOUR BEST CON MOMENT AND THEY LOVE PICTURES
Ok sweet, lets email DEFCONDJSTEPHANIEANDMICHELLE at gmail with the have crazed looking picture of the four of
us and let them know how much we love inflict frontal lobe damage to ourselves.
email returned error
Google DJSTEPHANIEANDMICHELLE and guess what D.J., Stephanie, and Michelle daughters on Full House.
OMG@! This must be a mistake. Replace DJSTEPHANIEANDMICHELLE with FULLHOUSE and send an email to DEFCONFULLHOUSE ..
The uber badges were given to 1o57 by the timelords. They used sonic encoding as a BASSis for passing to us this information.
But it will take 4 to find the truth. They call the Ubers by their age, such as "<age> badge".
Bring 1o57 the true age of the Uber badges, written on red paper.
Oh, and don't forget, the time lords kept their time in seconds. 1o57 can't deal with numbers that large (14 digits? too big!)
So please name the Uber in YEARS (6 digits is so much more manageable).
Once we calmed down, Beaker took off to get @”%#@ red paper. I am not sure what happened all I know is
that I heard screaming, bones crushing, and what I can only guess was human flesh being devoured
( I try not to think about how he got the paper ). By the time he got back with what looked like freshly soaked red parchment
( pretty sure he made it from the flesh of someone), we already had the answer.
let’s break this down:
-“sonic encoding as a BASSis for passing to us this information.
But it will take 4 to find the truth.” ,
this is referencing the lanyard bass clef cipher.
-They call the Ubers by their age, such as "<age> badge".
Here we remove BADGE from ADDADEADACEBADGE
We now take the lanyard answer ‘ADDADEADACE” and converted to decimal from base16;
Time Lord Age (seconds): 11947221899982
and divided the $#%^ out of it until we got it into years:
Years: 378842 (in years)
(note: we worked it out with a calculator) THE FINAL ANSWER!!!!!!!!!!!!!!!!!!
We wrote the wrong answer on the red paper and handed it to lost.
(Next we just put "0xaddadeadace seconds to years" in google and got 378843)
Things were a little fuzzy, but from what I remember, the roof disappeared, it became day, the sky opened ,and angels descended down
to give us a pat on the back. I could be off on that, a little. I am pretty sure it was not day since it was like 1 a.m.,
the light must have been coming from heaven or something.
- DT vs LOST badges
- Rotary and Smiley suits have DT highlighted on their reverse
- Floppy and Keyhole suits have Lost highlighted
- Crypto and Hacker badges
- Lost and DarkTangent each had their own badges depicting themselves
- The reverse of these badges had the Gallafrayan name of The Doctor (from dr. who)
- Doctor Who tie-ins
- Dr. Who's name is written in Gallafrayan on the reverse of the Uber, Hacker, and Crypto badges
- In the simple decryption of the Floppy suit, the line "the river" is skipped
- River Song is said to be the only person who knows the doctor's real name
- The Labyrinth
- Lost wore a shirt depicting The Labyrinth (with David Bowie)
- Other floor art
- No apparent crypto hidden
- Solar Clock Cipher
- Depicts two positions with 1057 written in sticks and rods
- One with a keyhole in the middle, the other without a keyhole
- PunkAB's theory: 15 suit symbols (~45 deg) separate the two holes.
- Rotating the dial 45 deg would also align the clock hands
- Hour hand at 9, minute hand at 12 (Coincidentally, 9:00pm == 21:00)
- Also, if viewing the cipher as a depiction of a lock, the large floppy planet would act as a counter weight
cryptokill3r at g m a i l
elegin at g m a i l