BSides London 2019 Challenge
This is my writeup for a security puzzle that gave me the possibility to attent the BSides 2019 IT-Security Conference
Last updated
This is my writeup for a security puzzle that gave me the possibility to attent the BSides 2019 IT-Security Conference
Last updated
Security BSides is a community-driven framework for building events by and for information security community members.
The idea behind the Security BSides events is to organise a free Information Security conference where professionals, experts, researchers, and InfoSec enthusiasts come together to discuss. It creates opportunities for individuals to both present and participate in an intimate atmosphere that encourages collaboration. It is an intense event with discussions, demos, and interaction from participants and these events are already happening in major cities all over the world!
The main reason why I feel myself driven to that kind of events is because of getting informed about actual InfoSec topics regarding trends and strategies from attackers and defenders view. It’s also a great source of inspirations for me how someone did solve a specific problem or to get new ideas around the whole landscape of InfoSec. Sometimes it could just be a gain for having a good chat with someone during lunch or the breaks.
For the fist time I did sign up myself for the BSides London waiting list. On april 4th I’ve received a message with the subject: „BSidesLDN2019 Prepare Yourself and Gain a Ticket„
Beside there was a puzzle to solve and I’ve decided to give it a chance.
I bet your machine didn’t predict 677376206d76636720687667206c75206772787076676820646c666f77207a6969726576206c6d2031353534343833363030303030303030303030207a67207367676b683a2f2f7968727776686f77 6d323031392e7665766d6779697267762e786c2e6670
You hear that, Mr. Anderson? That’s the sound of inevitability, dXppdyd3IGxzcyBmcmlhZSBnbiB3bXV2c2d2IHJlcGh4bHJ5IGxoIDE1NTQ0ODM2MDAwMDAwMDAwMDAgdXdoY3Q6Ly90YWxod2R6cXEyMDE5LnNpZmZiZXZhZXMucHIuaXg=, goodbye, Mr. Anderson
HAL9000: I know I’ve made some very poor decisions recently, but I can give you my complete assurance that my work will be back to normal. … HAL9000: Rbfb sldoiqt or afp ndsnsgqob bit pb bbllvad dsakhc gn 1554483600000000000 ngqnvn tk smymu://qwxgtuzog2019.kplnulrvxp.hu.wy
Puzzle 1
This looks like HEX Code. Using a HEX to Text converter gave me this:
gsv mvcg hvg lu grxpvgh dlfow ziirev lm 1554483600000000000 zg sggkh://yhrwvhowm2019.vevmgyirgv.xl.fp
The last part looks like an URL and sggkh:// stand for https://
The Atbash cipher is a very common, simple cipher. It was for the Hebrew alphabet, but modified here to work with the English alphabet. Basically, when encoded, an „A“ becomes a „Z“, „B“ turns into „Y“, etc.
Using a ATBASH Decoder gave me this:
the next set of tickets would arrive on 1554483600000000000 at https://bsidesldn2019.eventbrite.co.uk
It seems to be logical that the numbers 1554483600000000000 is an encoded date/time, but what is it?
Maybe it was just a coincidence, but I had the word „Unix timestamp“ in my mind and this was the solution. Using a Unix time stamp converter revealed the timeframe to order a ticket:
Puzzle 2
The encoded string looks like base64. A hint for that is always when you see the character = at the end of a text string.
Using a base64 decoder gave me this:
uziw’w lss friae gn wmuvsgv rephxlry lh 1554483600000000000 uwhct://talhwdzqq2019.siffbevaes.pr.ix
Focusing again on the URL it seems that the encryption isn’t just a shifting of the alphabet. My assumption was that a cipher with a keyword was used and maybe it has something to do with that quote of the famous movie „the matrix“.
I couldn’t solve that puzzle finally, but a friend of mine gave me the hint that it is the Vigenere Chiffre and the keyword to decode is: bsideslondon and not Mr.Smith
The decoded phrase is:
that’s the sound of tickets dropping at 1554483600000000000 https://bsidesldn2019.eventbrite.co.uk
Puzzle 3
Sorry no plan ;-)
