Sign in Subscribe

2019 Unofficial Defcon DFIR CTF Writeup - DFA Crypto Challenge

Adam Harrison

2 min read
2019 Unofficial Defcon DFIR CTF Writeup - DFA Crypto Challenge

Question

"On the homepage you will notice the Champlain College Digital Forensics Association's Logo. Can you decipher the hidden message?"

DFA.png

Full disclosure: I wasn’t a fan of this challenge and furthermore I would not have solved it without talking to the question author.

It became apparent that it was likely a multi-stage challenge with the flag string encoded in multiple ways, made more complicated by you not having feedback that the intermediate step had been correct.

After trying all sorts of encoding methods and some guessed possible keys I ultimately reached out to the author of the question and asked:

“is the string 'poqdckhn', (with additional work) all you need for the crypto challenge. Or does something else need to be derived from the image/file to use in conjunction?”

They confirmed that there were three steps and when I asked if I would know that the intermediate step had been correctly solved, I was informed that I would not. But I was assured:

“When the challenge was created, we thought of some common ciphers that we were taught in the classroom.”

So I wasnt to expect anything too exotic/ complicated.

Answer

The Logo obviously contains a string of hexadecimal characters:

70 6F 71 64 63 6B 68 6E

These all fall within the ascii alphabet range and correspond to:

poqdckhn

The kicker here is that you have to ROT13 (at least they didn’t use a less common ROT) the string, resulting in:

cbdqpxua

I tried various different cipher methods but ultimately determined that a Vigenère cipher was correct. I undertook an exercise to try and find possible keys early before this time and included the following list:

  • champlain
  • ccdfa (Champlain College Digital Forensics Association)
  • lcia (Leahy Center for Digital Investigatio)
  • audeamus (champlain college motto)
  • beaver (Chaplain College Mascot)

Throughout the process I used the fantastic tool CyberChef to allow me to quickly try different variations. My eventual recipe was as below:

blog_1.JPG

Imagine my surprise (read moderate rage) when I found the flag had been under my nose all along. Using the key ‘champlain’, or specifically ‘champlai’ due to string length, resulted in the answer ‘audemus’. Due to the fact that the flag was Latin, to be honest I’m not sure I would have realised it was correct had I not previously researched the motto as a possible key.

Sign up for more like this.

Enter your email
Subscribe