Feeds

back to article Opening UK cyber-security challenge cracked

Enthusiasts claim to have already solved the first test in the Cyber Security Challenge UK hunt for would-be cyber-security experts. The challenge, consisting of a series of online and face-to-face competitions, was launched by UK security minister Baroness Neville-Jones on Monday. It is intended to inspire talented individuals …

COMMENTS

This topic is closed for new posts.

Complex Cipher

"Those who sent cipher answers: Thx for amazing response. Lots right. Lots wrong. We will mail everyone by end week 2 confirm which they r!"

Hmm.. I have enough difficulty trying to decode that!

2
0
Pint

XKCD 538

It's a fairly trivial task, it looked like it was base 64 encoded so after decoding it and looking at the output I noticed Exif being mentioned and after opening it in a image viewer it turned out to be an XKCD comic.

http://xkcd.com/538/

0
0
FAIL

Not even half of it, sorry.

Thats the first hurdle solved, keep going until you find the hidden code and the email address to which you should send it. There is a lot more to the challenge than discovering the jpeg.

0
0
Boffin

I agree with Anonymous1 (I actually DO know who you are!)

The = at the end of the cipher was a massive giveaway, the fact the opening part of the resulting file had JFIF in it was the clue it was a JPG file, and loaded it up.

It's trivial though if you recognise the clues... no way I'm going to do the real challenge though!

0
0

Anonymous1 & DavyBoy79

You're wrong, and I can't tell you why.

0
0
FAIL

Chuffin sneaky

And that is one reason why I won't be attempting to enter the real contest! :-)

Busted!

0
0
FAIL

@Anonymous1

.. that part is indeed trivial.. now examine the border of the image..

0
0
Silver badge
Joke

Hidden message

Perhaps the hidden message is that our government supports torture using a $5 wrench?

1
0

Not just the xkcd...

There were loads of people who thought that the solution was the xkcd image, it wasnt.

Around the border of that image was a binary message which when decoded gave you a url to the second half of the puzzle with new cyphertext

solving *that* part gave you the code you had to submit to 'win'

:)

0
0
Thumb Up

Easy peasy

Although... is there something else encoded in the border of the cartoon ?

Btw it's this : http://imgs.xkcd.com/comics/security.png but with a funky (information containing?) border...

0
0
Silver badge

Totally Easy

"Those who sent cipher answers: Thx for amazing response. Lots right, lots wrong"

Yep, totally easy. Looked like base64, used online decoder and bam it had a JFIF header. I expect they will have received many small jokes in the form of an image.

Has anyone gone a little further to see if there's any other hidden information, steganography techniques anyone ?

0
0
Pint

Yes

Is there, for instance, something encoded in the border of the jpeg, for instance?

Not sure why I would think that ...

0
0
Jobs Horns

Spoilers:

There is more to the puzzle:

1. Convert the base 64 into binary and obtain the comic.

2. The comic has weird on/off bits on the edges that should be converted into binary.

3. The binary should be converted into ascii.

4. The ascii should be transformed with ROT13.

5. The resulting string is a URL of: https://cybersecuritychallenge.org.uk/834jtp.html

6. The URL contains hex string that is the 'Real' code to be broken.

7. Use substitution and frequency analysis on two-letter combination of the alpha-numeric code... i.e. ac=E

8. The resulting message is below, I omitted the code that you are supposed to send.

C O N G R A T U L A T I O N S ! Y O U ' V E F O U N D A N D C O M P L E T E D T H E R E A L C H A L L E N G E . Y O U R W I N C O D E I S (OMITED BY ME) P L E A S E E M A I L T H I S C O D E T O O U R T E A M A T M E D I A @ C Y B E R S E C U R I T Y C H A L L E N G E . O R G . U K . I F Y O U ' R E T H E F I R S T P E R S O N T O D O S O , A N D C A N P R O V E Y O U M E E T T H E E L I G I G I L I T Y C R I T E R I A ( B R I T I S H C I T I Z E N C U R R E N T L Y R E S I D E N T I N T H E U K ) W E W I L L G E I N T O U C H T O A D V I S E H O W T O C L A I M Y O U R P R I Z E . W E L L D O N E A N D G O O D L U C K I N T H E C Y B E R S E C U R I T Y C H A L L E N G E C O M P E T I T I O N S T A K I N G P L A C E T H R O U G H O U T T H E R E S T O F T H E Y E A R .

I am not eligible for the contest, so I did not send.

- Gilgamesh

0
0
Paris Hilton

I've got to the 834jtp part

Now I'm completely stuck

Seems like a waste of time to me, I've spent about an hour doing it, could have spent it productively

0
0
Silver badge
Grenade

"Running Blind" by Desmond Bagley

concerns an electronic gizmo which was put together to waste the Russians time, thus preventing them from analysing other Allied technology as well as working on their own.

It was some sort of mock-circuit which combined all the electronic oddities known, and was supposed to be the heart of a new-age radar system.

I wonder .......

1
0
Anonymous Coward

I just solved the real problem an hour ago...

Sussed out the binary border in the image pretty easily, downloaded the string and analyzed it.

The real result can only be arrived at by computing the algorithm, but it is not DES3 or RSA.

I don't want to spoil anyone else's fun, but I can say that it contains a h4ck3d phr4se.

I'll post my solution when they announce a winner.

Andy.

0
0
FAIL

uhuh

Yeah, I'm sure it is easy when you missed the point of the exercise completely!

This is you, this is:

"Break the seal and remove your exam paper from the envelope"

"Done! That exam was totally easy peasy!"

0
0
Anonymous Coward

No, it was *not* easy!

Took a good 5 hours to solve.

0
0

What...

Did I not pass ;-)

0
0
Go

All I can say is

uggcf plore

and <sigh> I've got to do some work.

0
0
FAIL

They already fail

I had their RSS feed in my feed reader as it promised to update with information as it launched.

It didn't.

Now thanks to their incompetence, I missed opening day.

*Hmph*

0
0
Grenade

Me too

and also I mailed them way back to ask if these jobs were going to be in London.

No reply.

Can't say I'm particularly impressed so far. Maybe I'll go and work for the Yanks. In fact I could do that from my desk here.

In fact, maybe I am .....

0
0

equally unimpressed

I did the registration and got a 'thanks we will get back to you' page but so far there has been no sign of any kind of confirmation email that I would normally expect, having just given over my personal details.

The site itself isn't exactly a shining light of guaranteed secureness either.

When I saw this challenge appear on the news my main reaction was "but they did this one, ages ago" - but that was just the pre-announcement I was remembering. So I didn't rush, and when I got home the next day I ended up having to STFW for it since neither CPNI nor MI5 websites had any mention of it whatsoever, and (what is supposed to be) the main gov PR service was also lacking in usefulness on the subject.

Aside from the clearly non-functioning RSS, was there a mailing-list somewhere, or was this spammed all over security-related websites (that I didn't see) a few days in advance so anyone interested would be aware of it? By the time I got to the site there was a tw*tter message on the page saying 'all submissions received' so I figured I was too late to have a go since it looked like world+dog had already solved it anyway. Turns out they were still accepting entries but by then I had already gone beyond the 'meh' stage.

Thing is, if you're having to do code-breaking then your cybersecurity has already failed - someone got in and scrambled your files and you are desperately trying to get them back. Either that or your staff can't be trusted and that isn't a cybersecurity problem anyway. Personally I'm sticking with my theory that they have staff shortages at the spook farm.

On the upside this was only driven by curiosity, not 'gizza job'.

But "Bah! Humbug!" anyway because there are 'lessons to be learned'.

0
0
WTF?

hmmm

Dear Gary

Congratulations on successfully solving the first test of the Cyber Security Challenge UK. We can confirm your submission was correct!

Whilst we’re afraid you were not the first to send in your win code, very few people solved the cipher so well done on getting it right.

We intend to post a new cipher in about a month – something a bit trickier to really push you to the limits. In the mean time, please keep a watch on our website, our Twitter profile, or our Facebook page for updates and news. For all those looking for a new way to test their skills – why not sign up to one of the competitions that form part of the full Cyber Security Challenge UK: https://cybersecuritychallenge.org.uk/candidates/registration.html

We hope you enjoyed this first test – we can assure you there are many more to come.

Congratulations again on solving our first puzzle.

The Cyber Security Challenge Team

------------------------------------------------------

So i've done it, and i've done it right. But someone else got there first... well what does that mean?

Does the image give you a different URL each time it is loaded??? I guess if you've got nothing better to do than sit up all night until its complete, then you win?

0
0
Anonymous Coward

Solution

Now they've published the solution, here's mine:

#!/usr/bin/perl

$_='68edcdec4e2c8eae8d2c8e2dedcd6e04d2042fedae52ceac0

4ccedaecd8c042ccd8c046cedad0e8dac8eac8c048e0dac044aa8

2889046c0d2c8d8daccdecacc5042bedae4e04ee2dcd046ced8ca

c042d6e04046c2f4c664ea76e666cae4e268e2f456c0d088d8d66

cdecac6546c6a506e6a546062606c504a141a1410a8dac2c6eac0

4acad2c2d8d048e0d2d6e046ced8cac048eed04edae4e048eac2c

ad042c8e04adac8c2d2c086c2f4cac4e6eac6cae4e2d8e2f6c0d2

c8d8daccdecacc5ed4eecc5ae6dc50429cc042fedae524eac048e

0dac04cc2d4e6e8e040eac4e6eedcd048eed048ced046eed85042

ccd8c046c2ccd040e4eedceac042fedae04adacac8e048e0dac04

ac8d2dec2d4c2d8d2d8e2f046c4e2d8eac4e2d2c0405484e2d8e2

d6e0d046c2d8e2d4faccd046cae4e4eaccd8e8d2f044eac6e2d8c

accd8e042dcd048e0dac04aa692504eeac04ee2d8d8d044cac042

dcd048eedae6c0d048eed042c8cce2d6eac040dedee048eed046c

8d2c2dad042fedae4e040e4e2d4facc504eaac8d8d048cedcdac0

42ccd8c04eceded8c048dae6c6d042dcd048e0dac04682f4cac4e

046aac6cae4e2d8e2f04680d2c8d8daccdecac046cedad0eac8e2

d8e2dedcd6e048e2c6d2dcdec040e8d2c6cac048e0d4eedaeec0d

edae8e048e0dac044eac6e8e04edcc048e0dac042fac2c4ec5';s

/(.\s*.)\s*/pack('C',hex($1)<<3|hex($1)>>5)/eg;print;

0
0
Coat

doh!

I solved the last bit completely differently (and much more long-windedly):

- by analysing letter frequency this gave you the space, then filling these in and looking at the most common 3-letter word indicated strongly that this was 'the', giving you the t, h and e to fill in to the rest of the string.

- contextual information about letter placing gave you alot of the other letters, but you needed the whole ascii set to get the win code.

- i ordered the ascii set in excel by the 2nd hex character, then 1st and put in all the characters i knew. This effectively showed that their 'map' used every other character 0-255 to map the original 0-127. By ordering them in this way, every other character mapped to the 0-127 characters in order so i just filled them in, and decoded the string against my map.

This only left the d2 character (the one after Congratulations) as not being mapped, but i submitted it anyway and they said it is right.

Question is, if you decode it as they suggest, does the d2 map to something?

Points for creativity? No? I'll get my coat.

Gary.

0
0

hmmmmmm

by their method, d2 maps to - but by my method it does not map! and i had - mapped to A5!!

that is the only character in the string that does not map in my method!

Gary.

0
0
Anonymous Coward

re: doh...

How I solved it too, checked for compressibility, used photoshop to look for patterns and frequency distribution which revealed it was a substitution method, but probably not of Enigma quality!

Once I saw "the" in a couple of places, I knew I was on to something, and got the rest of the letters using a hex viewer and a perl program to do the translation.. however, some of the chars in the win code were unique, so we needed the translation relationship which had to be 1:1. The lowest 'to' charcodes were 8x the 'from' charcodes. (<<3). As the source numbers increased, this pattern changed abuptly so something else was going on. A bit of fiddling and a few minutes later the answer just appeared like magic!

They had just swapped the top 3 and bottom 5 bits around. Very satisfying.

0xD2 == (110)(10010) ==> (10010)(110) == 0x96 == chr(150) '–' en dash in the windows charset.

Top marks for creativity... better working on these problems than watching brain mushmaking TV!

0
0

mystery solved

d2 and a5 map to long and short hyphens.

d2 is the only character they used from the extended ascii character set (127-255) - i only mapped 0-127.

Gary.

0
0
This topic is closed for new posts.