It’s crazy to think that a year’s gone by already since last year’s BSides Rochester conference. I attended again this year, this time it was located at the German House, which I thought it was a solid venue to host the conference. And, while there were no remote control flying sharks, there was an A.R Parrot drone being flown around the auditorium most of the day (which a few spectacular crashes along the way). I had planned on going to a few talks this year, but I was again wrapped up in DarthNull’s (@DarthNull) crypto challenge and Jason Ross’s (@rossja) Hacker Battleship, so I was only able to see the keynote by Dave Kennedy, CEO of TrustedSec. I enjoyed Dave’s talk about how people on the defensive side of IT need to be more well-versed in the things that the offensive people do, which would allow them to better understand how they might be able to lock down their networks more effectively. I also liked his method of sitting down with the “Blue Teams” during an engagement so that they can see what’s going on and determine how their defenses are holding up, and, if an issue is found, how they might be able to address it. It would definitely be nice to integrate this technique on some of the future assessments and engagements I do.
As the conference drew nearer, I was looking forward to take place in the Hacker Battleship CTF, hoping that some of the issues last year were resolved. (About halfway through the competition last year someone seemingly found a SQL injection weakness in the scoreboard and took the game down for everyone.) It seemed to go more smoothly this year, but there are still some suggestions I would make for the future. It was difficult to determine which challenges were open for answer submission, even though the challenge itself was accessible to solve. I gave up attempting to refresh to see if I was able to submit an answer, and was busy anyway jumping back and forth between that at the crypto challenge. It’s still a unique style CTF and would like to see it in future years at the conference.
One of my goals this year was to duplicate last year’s success in solving the crypto challenge. I was happy to hear that Darth would again be creating the challenge as it was fun and challenging to solve last year. I wasn’t able to partake much in attempting to solve his Shmoocon badge challenge, so I was really looking forward to this one. I was also curious to see how far I’ve progressed in the ~9 months or so that I’ve been looking into the history of crypto. This challenge, it turned out, was perfect for that.
During the opening ceremonies, we were given a link to get started: http://www.bsidesroc.com/KrYpT14/ On that page there was a single image, which I’ve copied below.
Now we were getting somewhere. The conversation between our two super spies started with Yuri, and then went to Chris. Since we had found the third purple message, I decided to test out my Playfair encryption / decryption tool. Here was the encrypted message:
CBEB ADYB LQKQ HYDF CBEB OBQG BMEI HRDF BOSH VLYS KQBI OVSL BRHS MDPK PTDS GABF KPRG ADYB LQYQ FSMX DQVL VFCE DKIE AVQK HQOQ TGLS ABFB LQAS AAAM SKCQ HVND WCEB
After decryption, which again was indeed a Playfair with a key of KRYPTOS, we had this decrypted message:
BAGS OF PAINT IF THE BAGS CAN HANDLE THE ACCELERATION SURE SPECIFY TYPE OF BAG TYPE OF PAINT MEANWHILE WE SHOULD SWITCH CIPHERS AGAIN SORRY FOR THE ZIG ZAGS
Solid progress, and so far each message pair used the same technique. The reference here to ZIG ZAGS implied a rail fence cipher. Since we had the Purple 4 message, this should be easy enough, but here we ran into our first problem, it didn’t work! It appeared as though our spies were getting more cautious? Again, without the Red 3 and Red 4 message, we were stuck. Back to the hunt!
We managed to locate the rest of the messages with a little assistance from the BSides crew (as time was quickly running out). Armed with the rest of the messages, it was now a race against the clock. The third Red message also looked like a Playfair encoded message, due to the ciphertext being grouped in sets of four characters. Plus, we had already decrypted the third Purple message, so we knew that Yuri’s response would probably use the technique that Chris mentioned in the Purple 2 message. The Red 3 ciphertext was:
EFMS YFSL LOLG SYIA QPBM OMML RDIA QPBM GGIG YSHH QKCR LVMN HSBM CQLE IBMG LKLV SYHF CBEB ADYB LQPZ
Which decrypted to:
delaware is near montana i like montana and rabbits tell me can these on fire large bags of paint x
We used a tool that would quickly take the ciphertext and number of rails and spit out the decrypted text. With 5 rails we had our message:
Paint*is*to*be*the*pink.*Fire*rate*to*coat*Los*Angeles*class*submarine.*Is*problem?*PS*-*am*told*by*superior*POSITION*must*DOUBLE*crypto*effort.*I*choose*cipher*now.*Your*crypto*is*THE*SUXORS.
This helped verify our previous thoughts. It looks like Yuri and Chris decided to change things up a bit. The clues to take from this one are DOUBLE POSITION, and THE SUXORS. Conveniently, in caps for us. Since the Purple 4 message didn’t decrypt with a rail fence,we decided, thanks to Yuri to try a double transposition decryption. The Purple 4 ciphertext was:
ATIOISHEHTUYPEPNGMENETRACYOLISDBREESVOEUWTPSVCIHENYRHTATFLTANKOEUHNEYMOHEIHCETDTIIUONAOHSOSHCLXRXCDFRGIEELO
This took a few attempts to decrypt, since we needed the keywords in the right order. It turned out that we needed to transpose based on SUXORS first, then THE. Our resulting plaintext message was:
HAVE PHOTOGRAPHED CANNON SEND SIXTEEN BYTE KEY VIA THE CIPHER OF YOUR CHOICE DONT TELL ME WHICH ILL FIGURE IT OUT THE SUXORS MY ASS
Now things were getting interesting. Here Chris asked Yuri to send a 16 byte key without Yuri telling him what method he was using. The response from Yuri was as follows:
Greetings, comrade! Is great day for breakfast! Please to tell is bacon considered extravagant? I would very much like to be having a big breakfast with bacon. Send link to good restaurant?
Much different “ciphertext” than we had received up to this point, and definitely no apparent 16 byte key contained therein… Lots of references to bacon though. To quote one of the guys working on this, “We need to figure out the bacon cipher.” This would be that point in an episode of House where he has his epiphany and then magically saves the day. As it turned out, there is a Baconian cipher. And while it didn’t help us for this message, it did help us solve The final message from Chris (Purple 5). The ciphertext from that message was:
I HIGhly REcOmMEND THe wAFfLE hOUSe oN SOUTh pOpLAR sT FOR bREakFaSt But I WOulD Not eaT THE dAIlY sPeciAl aS IT Is mADe frOm LaST NIGHtS lEftOverS
The Baconian cipher can be used as a type of steganography, where a message can be encoded using font decoration or uppercase/lowercase to denote which letters should be assumed to be an A or B. Since the message was both uppercase and lowercase, we opted with the latter. To decode, we grouped the message into 5 character chunks and replaced all capital letters with A and all lowercase with B. Here’s what the process looked like:
IHIGh lyREc OmMEN DTHew AFfLE hOUSe oNSOU ThpOp LARsT FORbR
aaaab bbaab abaaa aaabb aabaa baaab baaaa abbab aaaba aaaba
b s i d e s r o c c
EakFa StBut IWOul DNote aTTHE dAIlY sPeci AlaSI TIsmA DefrO
abbab ababb aaabb aabbb baaaa baaba babbb abbaa aabba abbba
o m d h r t z n g p
mLaST NIGHt SlEft OverS
babaa aaaab ababb abbba
w b m p
The decoded message looked like some sort of a hyperlink with a URL of bsidesroc.com/dhrtzngpwbmp. Attempting to access that page returned a 404 and we went through the process of decoding the message again to make sure we didn’t miss anything. Then, one of the other guys noticed that the last three characters represented a bitmap image file format. So, the correct URL would be bsidesroc.com/dhrtzngpw.bmp. Success! We had an image! Kinda of. It wouldn’t open and looking at it under a hex editor showed that it definitely didn’t look right. We still had to figure out the proper key and decryption method and we were almost out of time. Looking at the hex, it wasn’t universally random, as would be expected using something like AES-CBC encryption, so we figured it must either be XORED with the key or encrypted using something like AES-ECB. The 16 byte key reference in Purple 4 alluded to the latter, but we still needed a key…
Greetings, comrade! Is great day for breakfast! Please to tell is bacon considered extravagant? I would very much like to be having a big breakfast with bacon. Send link to good restaurant?
Greetings = 9 characters K[1] = 9
comrade = 7 characters K[2]= 7etc.
Final key: 972533962425ab15444226139454424a
By this point the closing ceremonies had started and in order to get credit we needed to decrypt the key. Scrambling with the command line, we used Openssl do do the decryption for us:
openssl enc -d -aes-128-ecb -in dhrtzngpw.bmp -out win.bmp -K 972533962425ab15444226139454424a
Just as Jason Ross was walking up to discuss the crypto challenge, we opened the decrypted image and showed it to him. Success! We had won with only seconds to spare. Here’s the final image: