Members of the SUNY IT Network and Computer Security Club attended the Security BSides hacker conference in Rochester on April 6th. The BSidesROC event consisted of a number of security and computer related talks and games. One of the games at the conference was the Crypto Challenge, created by Darth Null (@DarthNull). The group was determined on solving the challenge and dedicated a good portion of the day attempting to decrypt the message. After the CTF Battleship was hacked, more members dedicated their time to the Crypto Challenge.
There were four pieces of the puzzle required to solve the riddle, a 27x27 “tableau” printed on a piece of paper located on each of the tables in the main hall, a 10x10 grid of characters printed on the event schedule and shown on the projector, a spreadsheet of 237 single-digit numbers taped on the wall in various locations around the event area, and another 10x10 battleship style game board printed on the Presentation posters hung around the event area. The following will outline the process taken to finally solve the riddle.
First, the projector and the conference schedule had a 10x10 grid with each cell containing a single letter. The projector labeled the grid as “Axis”; there was no title given for the grid on the BSides schedule (Fig. 1). Both 10x10 grids contained the same set of characters. This was the first piece of the puzzle necessary for obtaining the tableau key.
Fig 1. "Axis" character grid
This grid alone doesn’t really give any information by itself. And there was no discernable pattern to the text given in the cells. One of the members noticed an interesting image on one of the Presentation documents hanging on the wall. This image is shown in Fig. 2.
Fig 2. Interesting diagram on the Presentations poster
The grid on the Presentation poster was what appeared to be a “Battleship” grid with hits and misse. It was also a 10x10 grid, which happened to match the size of the Axis grid shown above. The image from the poster has been re-created in Fig. 3, below.
Fig 3. Digital recreation of the image shown on Fig. 2
After assuming that these grids had something in common, we decided to map the “hits” on the ships to the letters on the other grid. These two grids have been combined together in Fig. 4 below. Note that the “hits” on the letters are shown in red.
Fig 4. Mapping the two grids
If we take the hits on the ships we get “MREASSYISEEK”, which is an anagram for “MISSES ARE KEY”. We assumed that this meant the shots that were shown on the board that did not hit a ship. So, we took the letters that did not hit a ship from the grid and we got “BOSSERDIC”, which is another anagram for “BSIDESROC”. Bingo, we have our key.
Now that we had the key we had to set up the tableau that was provided as part of the challenge. The tableau, labeled “Broh, do you even crypto?” was a grid separated into 9 blocks (in a 3x3 grid fashion) where each block was itself a 9x9 grid of letters. The tableau in its original form is shown in Fig. 5.
Fig 5. Original tableau layout
We noticed the string “SOOPERSEKRIT” going down the first column on the original grid. Darth Null informed us that this particular string was an example of the how to adjust the board layout if “SOOPERSEKRIT” was the key. Since we had our “BSIDESROC” key, we adjusted the board in a similar fashion. The board is adjusted by shifting each row in the tableau until the desired character is in the first column, then moving to the next row and doing the same until the key is shown down the first column. Since the original board had “SOOPERSEKRIT” down the first column only once, we modified our board in a similar fashion. This is shown in Fig. 6 as “Modified tableau - version 1”. We worked with this version of the board for a while without success, and we were later informed via a hint by Darth Null that the key should be repeated down the first column unlike in the example on the original board. We made the necessary adjustments and ended up with the tableau shown in Fig. 7.
Fig 6. Modified tableau- version 1
Fig 7. Final tableau layout
Now for the spreadsheet of numbers. This was posted on the wall and looked like an Excel-type spreadsheet. Each cell in the spreadsheet contained a single digit from 1-9. The spreadsheet was made up of 37 columns and 7 rows but the last row only had the first 15 cells filled in, giving a total of 237 1-digit cells. We assumed that this was our cipher text, but we weren’t quite sure how to make it work. Another hint provided to us said that the final plaintext message was less than 80 characters and our calculations showed that 237 happened to be (3x79) so that verified our assumption that we had our ciphertext. The full list of all 237 digits is shown below, in the order given on the spreadsheet.
By splitting the cipher text in to tuples of 3 digits we figured that this could be used to map out a specific character in the tableau. For example, the first 3 digits of the cipher text are 8,4,4 this could be interpreted as Block 8, Row 4, Column 4. This allowed us to map out any specific cell in the tableau, since there were 9 blocks and each block had 9 rows and 9 columns (Fig.8 & Fig.9).
We mapped our tableau into the following blocks:
Fig 8. Tableau block layout
And each (9x9) block was mapped as follows:
Fig 9. Row/Column layout
We split our cipher text into a group of mapping coordinates in the format (BLOCK,ROW,COLUMN) and ended up with the following:
(8,4,4) (5,6,1)(1,9,7) (1,8,4) (3,1,2) (5,8,5) (9,1,5)…
We attempted to map all of these coordinates out and nothing seemed to be working out and we weren’t getting anything but garbage. We were so close but we were missing one key component. Another hint from Darth Null gave us the last piece to the puzzle. He mentioned that the cipher text was transposed, so we had to do more work to get the correct coordinates.
Since we had 3x79 coordinates, we laid them out into three equal rows and read out the coordinates from each column. This is shown below:
8 4 4 5 6 1 1 971843125859151869817352592681576717286113673547522258...
9 7 1 3 9 6 3 321848248421755665791145688266571435923273994871314369...
3 4 7 8 8 8 4 319326287389344646872435466961747455834131416553352693...
After mapping out all of these new coordinates (again), we ended up with the following decrypted message:
NOW TELL BSIDESROC THAT THE MAGIC WORDS ARE SQUEAMISH OSTRICH AND YOU WIN THE CRYPTO CHALLENGE