Feeds

back to article Crack GCHQ's code and become the next James Bond

GCHQ has launched a code-breaker challenge as part of its attempts to unearth fresh talent from unconventional sources. The signals intelligence agency's ‘canyoucrackit’ challenge invites would-be codebreakers to crack a visual code at canyoucrackit.co.uk. The campaign will be supported in social media channels, including blogs …

COMMENTS

This topic is closed for new posts.
pig
Facepalm

The quickest way to solve this is a quick google.

I wonder how far admitting that would get me in the process?

0
0
Anonymous Coward

Not that you really need to Google...

considering that I worked it out while I was in the process of typing it out in a HEX editor.

Still, I do wonder how they deal with Google etc... How can they tell who actually worked out the code, and who just Googled it. By the end of it they may end up hiring people with good Google skills, rather than what they want...

(Not to mention, you'd want to be careful typing out binary values into your PC, you never know what they might do).

Anonymous due to GCHQ black helicopters nearby...

0
0
Joke

No, the quickest way to solve it is to show it to an autistic child in the form of a puzzle book!

1
0
Bronze badge

15x10 grid

Actually it seems to be 16x10.

3
0

Also if you check the source the "password" field is 16 chars.

I had a look but after translating to ascii and finding two lines "=AAAA" and "=BBBB" failed to see the next step... unless that was a red herring of course

0
0
Devil

Hold on..

James Bond never cracked any codes! He did crack a few skulls, but certainly no code!

So, this article leads me to believe that some 70Kg whzzkid will be running around the streets of Kiev armed with a silenced pistol knocking off bad guys.. then again perhaps on the games console as this new "James Bond" will be desk bound!

0
0
Anonymous Coward

The toughest part...

Of course, the toughest part of this test, is asking yourself, "Can I live in Cheltenham and earn a fraction of what I could get elsewhere?"

4
0

Re: The toughest part...

"Of course, the toughest part of this test, is asking yourself, "Can I live in Cheltenham and earn a fraction of what I could get elsewhere?""

FWICR average pay for this job is <20K - take 6K off for travel costs and spread hourly rate over the 4+ hours travel time and you would be better off doing a couple of "would you like fries" jobs or some contract cleaning. I know of one local cleaner (surrey) who does private houses under contract and earns ~20K for what is a part time job.

0
0
Silver badge
FAIL

Anyone applying who has hacked illegally

I would have thought these were *exactly* the people you need to recruit .....

3
0
Silver badge

"hacked illegally"

Remember kids, it's only illegal when *you* do it!

1
0
zb

It is only illegal when you get caught.

3
0
Black Helicopters

They are x86 op codes.

Someone on a blog has disassembled it and it looks reasonable code. There is a mov instruction of xDEADBEEF and a couple of compares with x41414141 etc.

See this link

http://volatile-minds.blogspot.com/2011/11/can-you-crack-it-nope-i-tried-though.html

I have not really looked at the instuctions yet, but maybe this xDEADBEEF is an input to a cipher and the answer is the result.

Or there is something encrypted in the image itself on the weppage and this is barking up the wrong tree!

0
0
Anonymous Coward

oooh, nice, hadn't thought of Steganography

0
0

I think you're reading it the wrong way, it's not read across but down giving a 16 character password at the end, or at least the source code suggests a post of size 16.

0
0
Anonymous Coward

last mission

Speccy kid with Asthma required for fight with a maniac in a train compartment.

1
0
Thumb Up

Nearly chocked own my tongue reading that.....

0
0
Paris Hilton

wassis?

http://www.canyoucrackit.co.uk/15b436de1f9107f3778aad525e5d0b20.js

0
0
Silver badge

In response:

57 20 66 68 20 67 72 6f 6e 70 66 68 20 72 67 76

66 27 6e 20 51 20 46 42 72 20 72 6b 68 70 6e 67

79 6f 2c 72 71 20 72 62 61 66 67 27 7a 20 6e 72

20 61 67 76 6a 20 79 76 20 79 68 65 0a 61 00 00

ha ha!

0
0
Silver badge
Facepalm

Obligatory

"Be sure to drink your Ovaltine"

0
0
Anonymous Coward

hmmm

"Anyone applying who has hacked illegally will not be eligible to continue in the recruitment process."

Pity, because judging from some of the online info about solving it so far, it is only going to be people with a very high degree of skill in hacking who are likely to decode it...

2
0
Coat

15x9

If it's 0-based.

0
0

Meh

Do I really have to write my own VM in javascript ?

0
0
FAIL

Just one recruit?

Presumably only the first person to crack it will be eligible as after that no doubt the solution will be shared far and wide.

0
0

hmm

I would suspect that if they're the type of person to immediately publicise what they have discovered then they are not the type of person that GCHQ is looking for.

1
0
zb

Probably he will have hacked illegally, be ineligible and have not reason not to publish.

0
0

Lots of starting points

It may be:

A varying number (like a series of happy primes) added to the ASCII value of the text

Digital stenography on the image

Hex code that will run on a particular type of processor (I'm thinking of the old hex printings in many an old computer magazine)

And a few others that are a bit more fiddly to explain.

0
0
Anonymous Coward

Can't be bothered.

For anyone that can be bothered it's x86 assembly and there's a hidden piece of data hidden in the png comment which is either base64'd or uuencoded.

The x86 assembly presumably decodes the png comment and prints it out or something like that - never could be bothered learning x86 assembly.

0
0

Already solved

here:

http://pastebin.com/cqzbkw4H

http://pastebin.com/pJmZYbMy

From comments at:

http://volatile-minds.blogspot.com/2011/11/can-you-crack-it-nope-i-tried-though.html

0
0

I already figured it out.

And the answer's "no" - they can't afford me.

0
0
Devil

Steganography on the image led to a decription key for shell code in the hex bytes. This (compiled in the pastebins in the previous comment) returns the URL:

http://www.canyoucrackit.co.uk/15b436de1f9107f3778aad525e5d0b20.js

Which leads to part 2 of the challenge, which is to write a virtual machine compiler to run the next set of bytes to return the 3rd URL.

The Virtual machine is already written in python here:

http://pastebin.com/kMhhEgqm

Which leads to part 3 of the chalenge.

0
0

Page 1, Chapter 1: Thank you for purchasing this thousand page shellcode guide...

I'm actually quite impressed at the depth of knowledge required to do this. Bravo, chaps. No pandering to the "prizes for all" crowd here. Sadly :(

1
0
Facepalm

Not Encrypted

This site is reminiscent of Judy Susan Baker's CyberSecurityChallenge fiasco.

They are using an unencrypted website with fake domain registration information.

There's nothing to stop anyone engaged in hostile foreign surveillance (eg, like for example Phorm, Huawei, or Bluecoat to name but a few) identifying all those people who visit the site and especially those who successfully crack the code.

Genius; all your spooks are belong to us.

Remind me again, what the hell is it that GCHQ are mean to be experts in...?

0
0
Anonymous Coward

why would you?

want a job with GCHQ?

Ok we'd like to offer you the job.

Great what are the benefits?

Well you'll be an HEO or SEO so pay will be around £25k

ermmmmmm, ok bit shite what about prospects?

well only 1% pay rises for the next 2 yrs and you'll need to jump through hoops to get promotion to SEO or SSO.

Ok how about health care, expense account, share options, car, etc?

HAHAHAHAHAHAHAHAHA

Pension must be good I've heard so much about this gold plated pension.

Well it was pretty good but you'll need to find an extra 50% contribution from April and then more again next year.

Ermmmmm right I think I'll take that job in ASDA instead, I get a staff discount

2
0
Jop

Worked out the xor'ed shellcode and found the base64 string looking at the PNG in a hex editor, but using the second part in a virtual java thingy got me stumped. Pass me the script kiddy dunce hat please!

0
0
Silver badge

Pointless publicity stunt

Either modern encryption schemes like AES are broken (or even breakable) - in which case why don't we own the world? Or they aren't - in which case you can have all the crossword fiends in the world but there's no point.

So if all GCHQ does is listen in on SMS messages and arrest people for texting clash lyrics - I can see why they might have issues luring the best and brightest mathematicians away from the city.

2
1
Anonymous Coward

A. Annerl

hahaha. Is would be much easier and fast just to do a google search like:

site:canyoucrackit.co.uk

it will return a link to an .js file which contain the solution. http://www.canyoucrackit.co.uk/15b436de1f9107f3778aad525e5d0b20.js

we can always count on the incompetence of MI5/6 managers and IT personnel.

Happy Xmas

0
0

Er, no

I think you'll find the solution needs a bit more work than that..

0
0
Silver badge
Happy

Simples. Use your working on solving this (and other toys) in your CV when you apply for a real job in the private sector.

0
0
Anonymous Coward

Using google search

site: www.canyoucrackit.co.uk

Sometimes google can be your friend.

It doesn't give you the answer but does tell you where you'll be after you answer the question.

0
0
Jop
Facepalm

While there is some code breaking there, the shellcode part of it suggests they are looking for hackers or someone who can decrypt custom tools/exploits that foreign government funded hackers are using.

0
0

And the answer is:

Pr0t3ct!on#cyber_security@12*12.2011+

Which takes you to:

http://www.canyoucrackit.co.uk/soyoudidit.asp

for a crappy £25k job advert.

Yes, you too can get a low paid job with no prospects as long as you have a 2:1 degree, and skills in shellcode, cryptanalysis, DOS decompilation and javascript VMs.

0
0

GCHQ fail

One of the final puzzles is to avoid the supposedly mandatory atdmt click through tracker as this third party tracker had been hacked in the past. Kudos to anyone who posts a list of those who applied broken down by browser, location etc.

If you prefer to avoid the merkins(+hackers) knowing, simply go direct to

https://apply.gchq-careers.co.uk/fe/tpl_gchq01ssl.asp?newms=jj&id=35874

Numeric job ids - have these muppets never heard of OWASP?

If this sort of job "tickles you boat", try applying for CYBER/SCAR/11 its the same dosh as cheltenham but based in scarborough which would allow you to rent a flat instead of having to live in a cardboard box/tent/...

0
0
Happy

Well, I couldn't work it out in the couple of hours I gave it before finding the answer posted above. On the plus side, though, I now know how to write shellcode, which should turn out to be a lot more lucrative than working for GCHQ.

0
0
FAIL

So the solution page is

http://www.canyoucrackit.co.uk/soyoudidit.asp

which leads to an application page that says:

"...whether you've got a relevant technical degree or YOU'VE DEVELOPED YOUR OWN EXPERTISE [my emphasis], you could really make a difference..."

and then expects you to send a CV demonstrating a "graduate with a minimum 2:1 degree". Human Resources strikes again!

0
0

Classic ASP?

It's a Classic ASP page? In 2011 on a site developed by supposedly the most high-tech place in the country?

Welcome to GCHQ. The time is currently 2002.

0
0
Black Helicopters

"So I did it...!"

Took about 90 seconds. Go me.

0
0
Silver badge

Moral courage

I must say I'm impressed. I thought the security services were immoral opportunists who would do and say anything to protect the country and supply suitably sexy dossiers to their masters

But that they would have the moral courage to risk the lives of British troops in foreign wars and allow Britain to come under attack from totalitarian regimes - rather than employ somebody who sneaked a look at their exam marks in school - shows really moral fibre

0
1
Anonymous Coward

Lol

When you click the 'apply' button for the job it takes you to ADTMT.COM - which I block as advertising/ad-clicking/tracking/nasty piece or work/etc.

I expect that a lot of people in my line of work (Information & IT security) will get the same result - so GCHQ are asking security people to lower their security settings to enable them to apply for a job to show how good at security they are - GENIUS.

Lol.

0
0
This topic is closed for new posts.