2019-08-14

2019 Unofficial Defcon DFIR CTF Writeup - DFA Crypto Challenge


Question


"On the homepage you will notice the Champlain College Digital Forensics Association's Logo. Can you decipher the hidden message?"



Full disclosure: I wasn’t a fan of this challenge and furthermore I would not have solved it without talking to the question author.

It became apparent that it was likely a multi-stage challenge with the flag string encoded in multiple ways, made more complicated by you not having feedback that the intermediate step had been correct. 

After trying all sorts of encoding methods and some guessed possible keys I ultimately reached out to the author of the question and asked: 
“is the string 'poqdckhn', (with additional work) all you need for the crypto challenge. Or does something else need to be derived from the image/file to use in conjunction?”
They confirmed that there were three steps and when I asked if I would know that the intermediate step had been correctly solved, I was informed that I would not. But I was assured:
“When the challenge was created, we thought of some common ciphers that we were taught in the classroom.” 
So I wasnt to expect anything too exotic/ complicated.

Answer
The Logo obviously contains a string of hexadecimal characters:

70 6F 71 64 63 6B 68 6E

These all fall within the ascii alphabet range and correspond to:

poqdckhn

The kicker here is that you have to ROT13 (at least they didn’t use a less common ROT) the string, resulting in:

cbdqpxua

I tried various different cipher methods but ultimately determined that a Vigenère cipher was correct. I undertook an exercise to try and find possible keys early before this time and included the following list:
  • champlain
  • ccdfa (Champlain College Digital Forensics Association)
  • lcia (Leahy Center for Digital Investigatio)
  • audeamus (champlain college motto)
  • beaver (Chaplain College Mascot)

Throughout the process I used the fantastic tool CyberChef to allow me to quickly try different variations. My eventual recipe was as below:


Imagine my surprise (read moderate rage) when I found the flag had been under my nose all along. Using the key ‘champlain’, or specifically ‘champlai’ due to string length, resulted in the answer ‘audemus’. Due to the fact that the flag was Latin, to be honest I’m not sure I would have realised it was correct had I not previously researched the motto as a possible key.

2 comments:

  1. In a framework like that of the cryptocurrencies there is no server at all as the system is decentralized. Each companion in the system is engaged with checking whether the exchanges are substantial or is a potential twofold spend. Cryptocurrencies have a special component that they can have agreement without a focal position. This was first of a sort development into the world and that is the motivation behind why it has become so well known and broadly utilized when all other brought together advanced arrangement of currency has fizzled.If you want to know more, Please check out here: Bitmex Resources

    ReplyDelete
  2. casino, betting and gaming, review by Viscount and Cote
    Discover a 심바 사이트 full casino, betting and gaming 해외 야구 experience at mib 사이트 FilmfileEurope. The 네이버 룰렛 casino, 아이 벳 bet, and gaming, review by Viscount and Cote.

    ReplyDelete