[Ryan] a.k.a. [1o57] comes from an age before anyone could ask a question, pull out their smartphone, and instantly receive an answer from the great Google mind. He thinks there’s something we have lost with our new portable cybernetic brains – the opportunity to ask a question, think about it, review what we already know, and reason out a solution. There’s a lot to be said about solving a problem all by yourself, and there’s nothing to compare to the ‘ah-ha’ moment that comes with it.
[1o57] started his Mystery Challenges at DEFCON purely by accident; he had won the TCP/IP embedded device competition one year, and the next year was looking to claim his title again. The head of the TCP/IP embedded competition had resigned from his role, and through a few emails, [1o57] took on the role himself. There was a miscommunication, though, and [1o57] was scheduled to run the TCP/IP drinking competition. This eventually morphed into a not-totally-official ‘Mystery Challenge’ that caught fire in email threads and IRC channels. Everyone wanted to beat the mystery challenge, and it was up to [1o57] to pull something out of his bag of tricks.
The first Mystery Challenge was a mechanical device with three locks ready to be picked (one was already unlocked), magnets to grab ferrous picks, and only slightly bomb-like in appearance. The next few years featured similar devices with more locks, better puzzles, and were heavy enough to make a few security officials believe [1o57] was going to blow up the Hoover dam.
With a few years of practice, [1o57] is turning crypto puzzles into an art. His DEFCON 22 badge had different lanyards that needed to be arranged to spell out a code. To solve the puzzle, you’ll need to talk to other people, a great way to meet one of [1o57]’s goals of getting all the natural introverts working together.
Oh. This talk has its own crypto challenge, something [1o57] just can’t get out of his blood:
We talked for a little bit, and 0x06 0x0a1 MFY YWXDWE MEOYOIB ASAE WBXLU BC S BLOQ ZTAO KUBDR HG SK YTTZSLBIMHB
“POA YOTVSN NFXQDUX RXAJ QBPMK SU B TSCZ INSK OSZTC XM NJ UHWZSHSAPNW”?
The game is afoot it seems
Crap, lunch break over so no more digging for now.
Are there copies of the slides around? Really hard to read some of the text in the video of the projected show…
Where did you get “POA YOTVSN….” from? Was the hint originally printed as that? If so, then it’s clearly not a substitution but instead a polyalphabetic cipher, like Vigenere, and he changed the key between the original and what’s up there.
That may be significant, having that text handy…or were you just messing with us somehow? :)
(and, of course, this is presumably just a hint to solve what’s in the slides, which 1o57 has assured everyone, is very easy. so spending too much time on this hint may be counterproductive…)
“POA YOTVSN….” is the decrypted text after using the one time pad (http://store.hackaday.com/products/1407981609). 0x06 0x01a is the index, telling you which page and character to start with.
My guess is that its double encrypted and now we need to find the OTP index to decrypt “POA YOTVSN….”
How did you get the 0x06 pad?
I am stuck on this part too. No idea what to do with the “decrypted” text. Finally just got around to playing with this.
Very cool. I didn’t realize OTP was “a thing” here.
I’ve tried a bunch of things with the resultant text…straight substitution (got nowhere), vigenere with some cribs, etc. I even tried cribbing a couple words and looking for the resultant strings in the OTP itself (using the online tool for the hacakday pad) but couldn’t find any matches.
I’d think that this wouldn’t be too hard to complete, as this is supposed to be a hint for the other puzzle, and it’s turning out to be the harder of the two. (but only because I just can’t see the answer, I suspect….)
…I’m a moron and transposed two digits in the offset. It’s fixed in the post now.
Brian:
lmao! Well, it turned into a good red herring by making me think there was more to that code. Now to try to get some free time to look at the other thing….
I tweeted out pics of all of the slides you’d need.
Hey there, I’ve had at least some of the solution since sunday morning but I don’t do twitter. Is there an alternate way to send you the solution without puting the answer in a public forum?
You don’t do twitter as in: you don’t have an account, you refuse to use the website, or you’re too lazy to click the link?
It doesn’t require a login:
https://twitter.com/1o57/media
#IDontDoTwitter
I’ve solved two pieces to the puzzle (and haven’t heard back yet if that’s all – it’s quite possible he’s been too busy to get back to me).
But the 2nd piece tells you what to do with the first piece. It’s not necessary to message him on twitter or post it publicly anywhere.
Yep, I got the second part, but I’ve tried 15 or 20 different ways of applying it to the first and still no dice. Maybe that’s why I don’t know what to do.
That was my problem — I kept looking for a way to apply the one stage to the other….
I don’t know anything about these puzzels but I would like to learn about crypto, does someone know a good resources for me?
cryptopals.com has a pretty decent intro to cryptography. I’d love to see some other recommendations as well.
I enjoyed this video a lot! Wish I knew more about how to crack the codes and join in the fun. Will have to add it to my list of things to educate myself on. :)
How do you start with these I see a bunch of 4 letter codes on slides. I dont know what to do with the reference to the first hotel security reference and the 10th hackaday anniversary reference, I lose any direction or path to take.
Been staring at the hint here off and on all day. Can’t make heads or tails of it. I feel like it must be a simple substitution, but don’t know what the 0x06 and 0x1a are supposed to lead me towards…
Thought that may be the case, not dice. Here’s the binary from the slide for anyone playing along:
0101010 0000100 1001001 1101110 0000111
1110001 1000100 0100010 1000000 1110001
0100100 0001010 1000110 1110001 1110001
0001010 1001011 1000101 1000111 1000011
1000001 0001000 0100000 0101101 1110001
1101101 0101011 0100011 1110001 1110000
1000100 1110001 0000011 0000110 0000101
0100000 0000000 0000000 0000000 0001o57
That binary was from a different challenge and has nothing to do with this puzzle.
Thank you.
PS It looks like a one time pad, just can’t find the pad.
Which is a one time pad, the hint here? Maybe. I’m still thinking a straight substitution cipher but I just haven’t been able to pull out any of the words.
The 0x06 and 0x1a translate to ascii codes for “ACK” and “SUB”, which the sub makes me think of substitution as well, but perhaps that’s just confirmation bias.
Example pad:
https://pbs.twimg.com/media/BxB4ILRCQAAnLmz.jpg
0x06 0x01a would mean the top right should say 06 and we use line 01a
But where is the pad???
I have a bad feeling they’re selling it in the hackaday store…
@Jonathan:
Yes, it’s in the store, but it is publicly available. You just need to know where to look.
Also, the pad is not perfectly random. I think there’s a prize for anyone who can prove they cracked a message by exploiting this fact.
Patsy? Is that you?
Brian: Bastard. :)
(but thanks for letting me off the hook on this…it was driving me buggy. I even wondered if the “ThIs is NoT a hint” tag was in some way actually a hint…)
Is this another one of their plugs for their hackaday store? If so, i’m not biting. If I am going to buy something from somewhere I will.. I don’t want to be baited into solving or buying something just to get a.. frigging ad for a store! >.==.<
The crypto in this post uses something they sell in their store, yes, but it’s not necessary to buy it to solve it (it’s available online if you search for it).
The “in talk puzzle” itself is all from 1o57 and doesn’t, as far as I know, relate to Hackaday at all other than being presented at their 10th anniversary conference / celebration.
So go ahead and play the game. Reserve your >.==.< for 1o57 and Brian Benchoff, after you've figured them out….
Ru Ikhu Je Thyda Oekh Elqbjydu
I know this is days and days later, but did anyone ever figure this out? I didn’t have a chance to revisit this till now but am interested to see how far this went and to also take a crack at it.
I think several of us have (pretty sure I got it). But I don’t think anyone has heard from 1o57, as he’s been extraordinarly busy lately.
Give it a shot — all the slides you need were tweeted by @1o57 in quick succession, and it’s not as hard as you might think.
Excellent, thanks. I’ll check out the slides and will probably post questions and hopefully progress as I go through this :)