Make something (or How I learned to stop worrying and love making things)

I’d like to encourage all of you (myself included) to make more things. I don’t care what kinds of things you make, but make something. You can do it by yourself, or you can work with someone else, or you can make something based on someone else’s work. Here are some suggestions of things you can make:

  • A bowl of pasta with homemade sauce and meatballs
  • A robot that you can play catch with
  • A story about a girl and her pet rat
  • A webpage that generates new, exciting, and sometimes nonsensical jokes about noses
  • An edit to wikipedia about a topic that interests you
  • A quilt for someone you care about like a pet
I enjoy every part/phase/stage of making.

There’s the planning stage, where you try and come with ideas, turn them around in your mind and tweak them until you can bring it into the world.

There’s the scavenging phase where you find and bring together all of the pieces/thoughts/feelings you need to make the thing inside your head(s).

There’s the doing phase, where you take something like a blank page, an existing project, or a box of parts and transform it into something new/different/better/worse than it was before

And then it starts over again. The thing you’ve made eventually changes again. Sometimes it’s entropy as it falls apart. Sometimes it’s you, coming back to tweak what you’ve created because you had another idea. Sometimes it’s teeth, because you’ve baked a delicious cake and there’s no point in letting a cake go to waste.

You’ll be able to look forward to some part of the making process, or think back to the end result and it’ll make you smile or frown or both.

If you need help making things, or want to share the things you’ve made, or you’re looking for people who like making just as much as you do, you should see if there’s a hackerspace/makerspace/sewing club/quilting mafia/organic food co-op near you and you should get involved. We humans are social creatures.


PS

____ ___ _ _ _ _____ ____ _____ _ ____ ___ ____ _ __
| _ \ / _ \| \ | ( )_ _| | __ )| ____| / \ | _ \_ _/ ___| |/ /
| | | | | | | \| |/ | | | _ \| _| / _ \ | | | | | | | ' /
| |_| | |_| | |\ | | | | |_) | |___ / ___ \ | |_| | | |___| . \
|____/ \___/|_| \_| |_| |____/|_____| /_/ \_\ |____/___\____|_|\_\

(This post was also sent to the listserv on 20140908)

DEFCON 22 Badge Challenge Walkthrough

Last week I was lucky enough to attend DEF CON for the first time and it did not disappoint. I’ve been out of commission for a few days with the con plague, but I’m feeling well enough now to try some blogging.

This isn’t the first write up to appear for the badge challenge. There’s the winning team’s write up, and runner up team potatoe sec’s write up.

Why am I writing another one? Mostly it’s because I wanted to make sure I really understood the challenge and it’s solution. Additionally, I’ve noticed that the other two are either missing steps, or contain mistakes.

Let’s start with some background (you can skip this if you know about the badge challenge). DEFCON is a hacker conference, and hackers love puzzles. As a result, for the past 5 years (I think) 1o57 has created a series of mind bending puzzles centered around the badges that DEFCON attendees get. It’s designed to be solved in 3 days and force people to interact and talk since there are multiple different types of badges.

My interest in the badge challenge first got piqued when I read through a DC21 walkthrough by last year’s winning team. I didn’t have a team or the willingness to miss all the other things going at DEFCON, so most of this walk through is based off of the two guides I mentioned above and a taxi ride with a member of the runner up team on the way to the airport, and the fine folks who hung around room 1057.

So, what follows is as legible and clear a walkthrough as I can manage. Please leave comments if you spot any mistakes, or feel I’ve explained something using an identity like 2+2=5.

If you want to follow along at home, you can download this archive which contains as much of the badge challenge materials as I could manage to gather together. I’m still missing good photos of the front and back of all the badges, so if you have a one, please send it my way.

Final note: unless otherwise noted, all materials that follow (include the text) is released under a creative commons attribution license

Lanyards

(source: me)

This is the lanyard. There are 3 important parts to it.

First, there’s the Chinese numbers on the left, which you can read with this handy chart:

一      1
二      2
三      3
四      4
五      5
六      6
七      7
八      8
九      9
十      10

Then, here are the weird symbols in the middle. Those are 4 digit numbers written using the Cistercian cipher from The Ciphers of the Monks. You can decode them with:

(source: The Ciphers of the Monks)

The last part is a Korean word, saying either vertical or horizontal

수직 (sujig): vertical

수평 (supyeong): horizontal

Big thanks to 1o57, who showed up at one point with a full set of EIGHT lanyards, pictured below

(source: me)

It was pretty tough trying to gather all of them. Initially, the total number of lanyards was unclear.

We had a hell of a time trying to gather all of the lanyards before 1o57, since we assumed the numerals were unique and didn’t look for the other 4 and we thought there might be a lanyard with a Chinese 1 or 3. Also, we thought there might even be 9 lanyards, since there were 3 “suits” in the DEFCON iconography: (the happy skull and cross-bones, the rotary dial and the floppy disk).

Anyway, how do you decode these?? It turns out the Cistercian numbers are all in the range of upper case decimal ASCII, but without an ordering it’s gibberish.

First, you have to divide the lanyards into vertical and horizontal.

At one point LoST mentioned that he really loved weaving potholders as a kid, so clearly the lanyards need to be woven together in some fashion.

Next, it turns out that all of the lanyards are less than 15, so they can be written in binary using only 4 bits.

Horizontal

 3 | 0 0 1 1
 4 | 0 1 0 0
 4 | 0 1 0 0
 9 | 1 0 0 1

Vertical

 5 10 11 14
 ---------------
 1  0  1  0
 0  1  1  0
 1  0  0  1
 0  1  1  1

Finally, you might also have noticed that two of the lanyards start with the encoded version for 1057.

Now, you can combine all of this information to form the solution.

The Chinese numbers can be arranged in such a way that it forms a grid of all 1s, indicating which square on which lanyard should be read to form the final message.

The ordering starts with 11 on top of the 4 lanyard with 1057 on it.

From there, there is always only one lanyard that can be placed such that the grid of all 1s is formed.

Here’s the final weave:

(source: me)

Reading off the numbers and converting to ASCII you get:

 1057DONTMISSTHEPOINTINCURIOUSCODES

or

 1057 DONT MISS THE POINT IN CURIOUS CODES

There are 2 things you need to solve this puzzle:

  1. 1o57 told us to take this literally. EXTREMELY LITERALLY
  2. There are a whole bunch of new TLDs that got released recently…

The solution is curious.codes, which leads to the following url:

http://curious.codes/

Which contains this link:

Did you get Nuke Nuke Mickey Lover yet?

Running file on it reveals that it’s a rar archive.

When you try to open it, you are asked for a password.

Program Code

(source: me)

In the DEFCON program under the section by 1o57, there’s a series of numbers transcribed below:

07-21-18-03-18-05-05-22-01-03-14-20-18-06
10-22-25-25-21-18-25-03-12-02-08-19-22-01
17-12-02-08-05-16-14-25-25-22-01-20-15-08
07-17-02-01-07-15-18-17-08-03-18-17-16-08
07-17-02-10-01-07-21-18-10-02-02-17-06-07
21-18-12-15-18-18-05-17-02-06-10-57-10-57

Notice that all of the numbers are less than 26 (with the exception of 1o57’s signature at the end), so it’s time to convert these numbers to letters (1 -> a, 2 -> b, etc…), which results in:

 gurcreevacntrfjvyyuryclbhsvaqlbhepnyyvatohgqbagorqhcrqphgqbjagurjbbqfgurlorreqbfj

The thing I learned doing the challenges: Always try rot13.

 THEPERRINPAGESWILLHELPYOUFINDYOURCALLINGBUTDONTBEDUPEDCUTDOWNTHEWOODSTHEYBEERDOS

or

the perrin pages will help you find your calling but dont be duped cut down the woods they be erdos

Above some of page numbers in the program, there are numbers written. Here is the whole set:

number: 32 35 31 41 53 45 41 43 52 45 45 4D 41 54 45 21 21 page: 2 3 5 7 10 12 16 17 22 29 33 34 36 39 46 51 56

A bit of googling reveals a few things. There are Perrin Numbers, which is a sequence defined by a recursive relation. The first few I grabbed from The Online Encyclopedia of Integer Sequences (yes there is apparently such a thing)

 3, 0, 2, 3, 2, 5, 5, 7, 10, 12, 17, 22, 29, 39, 51, 68

There are also things called Erdos-Woods numbers. Again from OEIS A059756:

 16, 22, 34, 36, 46, 56

Let’s start by reducing the numbers to just Perrin numbers

number: 32 35 31 41 53 45 43 52 45 54 45 21
page:    2  3  5  7 10 12 17 22 29 39 46 51

Next, let’s ‘cut down the woods’ by removing the Erdos Woods Numbers that aren’t also Perrin numbers (‘don’t be duped’). NOTE: This bit seems to have been missed by a the 2 other write-ups

 16, 34, 36, 46, 56

.

number: 32 35 31 41 53 45 43 52 45 54 21
page:    2  3  5  7 10 12 17 22 29 39 51

How do we decode 32 35 31 41 53 45 43 52 45 54 21? Well we saw earlier that one of the superscripts was 4D, so let’s go with ASCII Hex

 251ASECRET!

Hey, that’s a phone number (the hint being calling)

251-273-2738

If you call it, it will ring and ring and eventually you’ll get a recording of a piano, which you can listen to below:

piano.wav

Transcribing the notes we get:

DGGBGBGGDGBDGDGBDDDBDGEGDGDGDBDDDBGDGBDDGEDGGDGBGDDDDBDDDDDBGGGGGBDDGGGEDGGDGBGGGBGDBGDGBGDBDGBDDGBGGGGBGDBGE

Hrmmm, not many Bs or Es… Let’s try removing those to see what it looks like

DGG G GGDG DGDG DDD DG GDGDGD DDD GDG DDG DGGDG GDDDD DDDDD GGGGG DDGGG DGGDG GGG GD GDG GD DG DDG GGGG GD G

Since there’s only 2 letters it’s either binary or morse code. Let’s see what it looks like if the Ds are dashes and Gs are dots

-.. . ..-. -.-. --- -. .-.-.- --- .-. --. -..-. .---- ----- ..... --... -..-. ... .- .-. .- -. --. .... .- .

(source wikipedia)

Putting that string into a morse code translator

We get:

 DEFCON.ORG/1057/SARANGHAE

SarangHae is Korean for I love you, so fixing the capitlization we get

https://www.defcon.org/1057/SarangHae/

Which reads:

Who we gave free love to

at

1o57

Are you being served?

Alright, we have to pause on this track for now since we don’t know “Who we gave free love to” (googling reveals nothing), although Are you being served is apparently a british TV Show.

This looks like it might be an email address though: SOMETHINGGOESHERE@1o57.uk

Badges

There are quite a few cool things about the badge. It’s a fully programmable propeller including an astounding array of through holes for attaching your own electronics to. It also has a microusb port so it’s pretty easy to program from any computer.

According to the parallax forums there are 15 types of badges: 1 uber, 1 press, 1 speaker, 1 vendor, 1 goon, 1 contest, 1 artist and 8 human badges.

The differences between the human badges seem to be the following:

  1. Different styles of writing Human across the bottom
  2. The pattern of pads just above the 8 LEDs
  3. The symbol and numbers on the back

Badge Pads

One of the other weird features of the badges is that there are 2 different types of pads: circular and square. These are a binary encoding, where the circular pads are zeros and the square pads are ones. Writing this out from top to bottom and left to right gives us the following:

0110
0101
0111
0110
0110
0110
0110
0101
0111
0111
0100
0110
1000
0101
1000
0011

Which we can turn into the following numbers

6
5
7
6
6
6
6
5
7
7
4
6
8
5
8
3

Grouped in twos

 65 76 66 65 77 46 85 83

and converted into ASCII (base 10) gives us:

 ALBAM.US

http://albam.us/

Which contains a bunch of weird looking text

 Bsz zfw vbffn up cbei dt la xvf op wtpskcuujjo? Rdjuk cybet uf
 evlc dbfovozivnj?

 T'fm mzu pqp ie zh b mduknz svnlfu...rivp D'm wpymjih ugalreye J
 npdgoidpm uidob qa flyhz mduknz wfcxt, mdlv uzxktff (svxi-tvr!) ryx tvyevpgy Z'x
 vbdf gvggier fjlz J tci dzlf ju do rivie. Yix xcbk yvs ksuu poivt aueys xpme? Zv
 MERWFZ ive da iudmys...J ptlcglp suwf op kjdnb zz ju zjxjo tzxyt ji b iqr bvqisf D gvgg
 lzvy nznfch vgrth...

This looks pretty garbled and it’s not a simple rot13 either. We will come back to this later once we have the key

Badge Output

You can plug the DEFCON 22 badges into a computer and connect to it as a serial terminal. An easy way to do this is to install the PropellerIDE. You can also connect to it using screen (or with busybox microcom I think). The baud rate for the connection is 57600

When you first connect the badge spits out a lot of nonsense like this:

                MARRY AND REPRODUCE
                  NO IMAGINATION
      MARRY AND REPRODUCE
                NO IMAGINATION
                WATCH TV
                    NO INDEPENDENT THOUGHT
                  MARRY AND REPRODUCE
              WORK EIGHT HOURS
                EAT
                NO INDEPENDENT THOUGHT
    NO INDEPENDENT THOUGHT
      EAT
              BUY
            WORK EIGHT HOURS
            MARRY AND REPRODUCE
            BUY
              OBEY
            CONFORM
                WATCH TV
    CONSUME
                      DO NOT QUESTION AUTHORITY
MARRY AND REPRODUCE
              MARRY AND REPRODUCE
              BUY
  CONSUME
                        NO INDEPENDENT THOUGHT
  STAY ASLEEP
    OBEY
                      CONFORM
  WATCH TV
    EAT
              NO INDEPENDENT THOUGHT
WATCH TV
                NO IMAGINATION
                        CONSUME
                  CONSUME
CONSUME
                        EAT
                        BUY
CONSUME
                    BUY
                    NO IMAGINATION
                DO NOT QUESTION AUTHORITY
                  DO NOT QUESTION AUTHORITY
                EAT
  NO INDEPENDENT THOUGHT
                  WORK EIGHT HOURS
          NO IMAGINATION
WORK EIGHT HOURS
                      CONFORM
      SUBMIT
      DO NOT QUESTION AUTHORITY
                    BUY
  SUBMIT
                      OBEY
                        DO NOT QUESTION AUTHORITY
      STAY ASLEEP
                      CONFORM
                    NO INDEPENDENT THOUGHT
SUBMIT
        WATCH TV
          MARRY AND REPRODUCE
        CONSUME
            EAT
      MARRY AND REPRODUCE
  MARRY AND REPRODUCE
                  CONSUME
    STAY ASLEEP
    CONSUME
          STAY ASLEEP
              BUY
      NO IMAGINATION
EAT
                        SUBMIT
                MARRY AND REPRODUCE
                    SUBMIT

All of these are references to a movie called They Live but there’s nothing particularly interesting in this output. The REALLY interesting stuff happens when you push the buttons on the badge.

What buttons you ask? Well the E F C O in DEFCON along the bottom of the badge are capacitive buttons! Here’s the output for various combinations of button pushes

Pushing the C (0010)

WELCOME TO DEFCON TWENTY TWO

COME AND PLAY A GAME WITH ME

Pushing the O (0001)

WHERE TO BEGIN I KNOW FIND HAROLD

Pushing the F and O (0101)

DEFCON DOT ORG SLASH ONE ZERO FIVE SEVEN SLASH I WONDER WHAT GOES HERE

Pushing the F C and O (0111)

TRY THE FIRST HALF OF HIS PHONE NUMBER FOLLOWED BY HIS LAST NAME THEN THE SECOND HALF OF HIS NUMBER

Pushing the E (1000)

ALBERT MIGHT BE ON THE PHONE WITH HAROLD SO IF ITS BUSY TRY BACK

Pushing the E and O (1001)

WHITE LINES IN THE MIDDLE OF THE ROAD THATS THE WORST PLACE TO DRIVE

We need to find a Harold so we can use his phone number to build a url. 1o57 tweeted a pretty huge hint about this part of the challenge:

[twitter url=”https://twitter.com/1o57/status/497892280838025216”]

Major hint- this is Defcon 22- 22 is a Smith number.

Some googling reveals that a Smith Number is a number where the sum of the digits are the equal to the sum of the digits of it’s prime factors. They were discovered by Albert Wilansky who noticed that his brother in law Harold Smith had a phone number with this property. Sounds promising!

His phone number from Wikipedia is 493-7775. Since there are a few possible ways to assemble this, you have to try a few URLs before you succeed with 493SMITH7773 resulting in:

https://www.defcon.org/1057/493SMITH7775/

There’s a few import things about this page. First the poem:

 Why be
 ye searchin' answers here?
 Oh are
 ye 1o57? The question
 queue be
 long...be ye not in despair,
 em for
 keepin' ye from spinnin' yer wheels they be.

Every second line can be written as letters

 YB
 OR
 QB
 M4

The second thing we have from this page is found in the source code as a comment

 YQESMJDOJOTM

This is a dead end for now, but don’t worry we will come back to it.

Badge Serial Numbers

Sadly, I don’t have pictures of the back of all of the badges, but here is mine:

(source: me)

As you can see in the top right corner there’s a symbol. It’s either a Chinese or a Korean cardinal symbol. Here’s a table from Team PotatoSec

Badge          Serial_1     Serial_2     Direction    Language
Human          55586753     01458934     West         Chinese
Human          25348567     02933985     East         Chinese
Human          30303031     38563748     South        Chinese
Human          56456387     01924834     North        Chinese
Human          32439751     50932487     North        Korean
Human          77798753     00478041     West         Korean
Human          81303557     85345360     South        Korean
Human          05978344     85758673     East         Korean
Artist         94841634     88172253     South        Chinese
Contest        09856563     23454311     East         Chinese
Vendor         05729856     57380999     North        Korean
Speaker        31337017     34029545     South        Chinese
Goon           94841634     88172253     South        Chinese
Press          06060606     00000000     South        Korean
Uber           37584205     23785634     North/South  Korean

We have to stop here again, because we don’t yet know what to do with these.

X.XX Codes

At the conference, there were 2 large standing maps containing a series of numbers, and one large floor sticker also containing similar looking numbers. They were all in red, had a single Korean character above them and mostly followed the format of XX.XX

(source: me)

전
1.23
2.23
3.23
3.13
3.22
2.22
0.00
6.22
3.01
1.02
0.20
0.03
0.10

(source: me)

화
0.12
0.01
0.20
6.23
3.02
4.01
8.01
6.02
3.12
9.02
5.22
4.02
2.11

(source: me)

기
1.13
6.12
5.23
9.12
5.11
6.13
12.02
4.23
4.13
1.11
15.02
9.22
8.22

It turns out that the letters above spell telephone in Korean

Telephone: 전화기 (jeonhwa)

Now, in order to decode this mess, we first have to consider a phone keypad.

(source wikipedia)

Now, all the numbers directly to the right are between 0 and 2, and all of the final digits are between 0 and 3. And we have a 3 by 4 grid… It’s a coordinate system for sure. Now the logical numbering would be from top to bottom and left to right… but that’s wrong. Here’s the numbered grid

(source: me and wikipedia)

The numbers to the left of the dot indicate how many times you should “press” the number, just like texting on a dumbphone.

Now the numbers decode to the following:

 전 = DEFCON*ORG#10
 화 = 57#FISSILINGU
 기 = ALELUCIDATION

giving us DEFCON*ORG#1057#FISSILINGUALELUCIDATION

cleaned up and capitalized properly

https://www.defcon.org/1057/FissilingualElucidation/

Which contains

Here, I wrote you a poem:
lorem ip
Lorem ipsum dolor si
Lorem ipsum do
Lorem ipsum dolor s
lorem ipsum ama
Lorem ipsum dolor sit amet
Lorem ipsum dolor sit ame

Lorem ipsum dolor sit
lorem ipsum ips
lorem ipsum lor
lorem ipsum lo
lorem ipsum lorem
lorem ipsum amat
Lorem Ipsum

So the key for this was to run the poem through google translate, which through some fluke or possibly easter egg would translate to this:

Let's see if
We give
Pussycat Dolls
The Free Love
It can be used
Our goal is to ame

Our goal is to
vehicle dimensions
Free of pain
China, elsewhere
Free Internet
China loves
NATO

Sadly, this no longer works for me (and others it seems, so big thanks once again to Team PotatoSec for their write up

Anyway, with this information we can now complete the email address from earlier! Free love is is given to Pussycat Dolls

Email to pussycatdolls@1o57.uk

 To: Manfred Manx <f.alt.alt@gmail.com>
 From: "1o57" <pussycatdolls@1o57.uk>
 Subject: Can you feel the love tonight?
 DEFCON.ORG/1057/ WHO DOES CHINA LOVE + Mickey's Key

Ok, well we don’t have Mickey’s Key yet, but the poem tells us that China loves NATO. Let’s continue on until we find Mickey’s key.

CD

On the CD there’s a picture of a Cryptex which contains an awful lot of letters and numbers… Perfect for use as key material! Here’s a picture

(source: 1o57 I think)

And here’s the whole thing transcribed

CIZDRURREGUI
DVTQIMUFNXNV
QOHULDILKCFO
PG2LTGEWPZRH
KNRIGZWIOTIK
BBVB4RCVARLU
YQESMJDOJOTM

HEY! That’s last line is the same as the one from 493SMITH7775 page!

It turns out that BBVB4RCVARLU is the passphrase for the block of text we saw earlier

Bsz zfw vbffn up cbei dt la xvf op wtpskcuujjo? Rdjuk cybet uf
evlc dbfovozivnj?

T'fm mzu pqp ie zh b mduknz svnlfu...rivp D'm wpymjih ugalreye J
npdgoidpm uidob qa flyhz mduknz wfcxt, mdlv uzxktff (svxi-tvr!) ryx tvyevpgy Z'x
vbdf gvggier fjlz J tci dzlf ju do rivie. Yix xcbk yvs ksuu poivt aueys xpme? Zv
MERWFZ ive da iudmys...J ptlcglp suwf op kjdnb zz ju zjxjo tzxyt ji b iqr bvqisf D gvgg
lzvy nznfch vgrth...

One of the other teams thought this was an OTP, but in fact it’s just a straight up Vigenere Cipher which we can decode with this handy tool

The decrypted text using a key of BBVB4RCVARLU results in

Are you about to hang it up due to frustration? About ready to
call shenanigans?

I'll let you in on a little secret...when I'm feeling deflated I
sometimes think of funny little words, like sextile (rawr-rar!) and suddenly I'm
back feeling like I can dial it in again. Now what was that other funny word? It
REALLY had my number...I usually have to think of it eight times in a row before I feel
like myself again...

So, some googling leads us to discover that a Sextile looks a lot like an asterix! And there’s a reference to the word dial, so we’re looking for a funny word relating to telephones and dialpads or something.

That word is Octothorp, but what to do with it? Well the poem does mention rar, so it’s got to be the password to the rar file from earlier. There’s also a reference to the number 8, which leads us to a password of

OCTOTHORPOCTOTHORPOCTOTHORPOCTOTHORPOCTOTHORPOCTOTHORPOCTOTHORPOCTOTHORP

Time to decrypt that RAR! This gives us a folder containing 2 files. A copy of a song called The Box by Ostritch and this image

(source 1o57)

Well, that’s a pretty funny picture of Kim Jong-un but notice that he has Mickey on his belly. Somehow this image will help us create Mickey’s key.

From earlier, we have a bunch of badges with North written in Korean and South written in Korean, which is probably why there’s a picture of the leader of North Korea and Psy who’s from South Korea.

The epsilon symbol indicates that the serial numbers should be summed and the grumpy cat indicates we should concatenate those two in order to get the key. (Completely obvious I know)

The sum of the North Korean serials is:

32439751 + 50932487 + 05729856 + 57380999 = 146483093

The sum of the South Korean serials is:

81303557 + 85345360 + 06060606 + 00000000 = 172709523

To create Mickey’s key: 146483093172709523

Final Puzzle

With the Mickey’s key (146483093172709523) and the answer to who China love’s (NATO) we can now finish the URL from earlier

DEFCON.ORG/1057/ WHO DOES CHINA LOVE + Mickey’s Key

= DEFCON.ORG/1057/NATO146483093172709523

https://www.defcon.org/1057/NATO146483093172709523

Well the page is called Almost There!, so we must be close! On that page there’s a silly moon gif and this:

(source 1o57)

Now this turns out to be written in a language called Ogham

(source: (source wikipedia)

Which gives us the following translation:

I OFT CORRECT NGOUR GRAMMER
OR TELL NGOU TO NEE A NGSNGCHIATRIST
BUT THE FILEN ASSIFTNG TO NGIERCE
THE LAFD THAT CRAFEN FEST UNGOF
MIGHT LEAD NGOU TO DINCOER
FAME OS THE MOOF AT CODES THAT ARE CURIOUS

Alright, time to clean that up. There are a few substitutions we need to make

NG -> Y

N -> S

S -> F

F -> N

Y -> P

But only sometimes, and sometimes more than once. For example I had to replace the 3 S’s in ASSISTNG, and then replace the 3rd F with an N. EDIT: turns out I transcribed the ogham wrong. Thanks Chris in the comments.

Also, Ogham doesn’t contain a letter for W, so we have to add it where it’s missing.

Here’s there cleaned up version:

I WONT CORRECT YOUR GRAMMER
OR TELL YOU TO SEE A PSYCHIATRIST
BUT THE NILES AFFINTY TO PIERCE
THE LAND THAT CRANES NEST UPON
MIGHT LEAD YOU TO DISCOVER THE
NAME OF THE MOON AT CODES THAT ARE CURIOUS

There are a few references here that need to be gathered together to make sense. If you google niles pierce and crane, you get to a page about David Hyge Pierce who played a psychiatrist on Frasier, so clearly we’re on the right track. A search for moon on that wikipedia page reveals that Niles’ wife in the show is Daphne Moon.

The line about “name of the moon at codes that are curious” seems to indicate an email address for the curious.codes domain.

“Name of the moon” hints that we want the actress that plays Moon who is Jane Leeves

Now to send an email to:

janeleeves@curious.codes

THE END?

You will get a reply

To: Manfred Manx <f.alt.alt@gmail.com>
From: "1o57" <janeleeves@curious.codes>
Subject: The end of the journey

+++
Well done!

Find 1o57, and hand him a note- written on blue paper....

On the note must be your name(s)  / team name - and this phrase:

perfer et obdura; dolor hic tibi proderit olim

Congratulations, you have earned a spot ... but I've said too much...

Include an email :)

----

Wooo! That’s the end! I hope you enjoyed the ride. If you’re the curious type (which I have no doubt is the case if you’ve made it this far), the latin translates to “Be patient and tough; someday this pain will be useful to you”

I’ve got to thank 1o57 for putting together this puzzle, Elegin and Team PotatoSec without their guides I wouldn’t have been able to put this guide together.

Appendix

Dead ends

So there are a lot of dead ends in this quest. There were quite a few references to The Last Dragon which didn’t lead anywhere.

There were lots of images included all over the place that didn’t lead anywhere (the mighty boosh moon, the popcorn gif, the lost boys movie poster)

There’s the song file that was included in the RAR archive.

If you go to https://www.defcon.org/1057/ directly, you’ll notice at the bottom that there’s some hidden text that reads “ Did you try 1057 yet?”

https://www.defcon.org/1057/1057/ seems to just be taunting you.

There also seems to be some variations in the style of pads on the front of the badges.

The badges include an IR transmitter and receiver, and goon badges can control the human badges. Likewise, the uber badge can control all the other badges. Some folks on reddit decoded the meaning of the flashing

The floor decal includes some bumps and such, but I don’t think it will decode to anything.

What’s the reference to “WHITE LINES IN THE MIDDLE OF THE ROAD THATS THE WORST PLACE TO DRIVE” in the badge?

There’s references to a bunch of different names and types in the badge firmware code:

RayNelson
Test4
Greets
Detective
Scientist
Diver
Driver
Politician
Test3
Football
Mystery

These are just some of the dead ends I saw while putting this together.

  • http://elegin.com/dc22/
  • http://potatohatsecurity.tumblr.com/post/94565729529/defcon-22-badge-challenge-walkthrough
  • http://www.reddit.com/r/Defcon/comments/2cwgnr/badge_hacking/

  • http://albam.us/
  • https://www.defcon.org/1057/FissilingualElucidation/
  • https://www.defcon.org/1057/SarangHae/
  • https://www.defcon.org/1057/493SMITH7775/
  • https://www.defcon.org/1057/NATO146483093172709523
  • http://curious.codes/

This work is licensed under a Creative Commons Attribution 4.0 International License

Laser Cut Dominion Playing Field




It’s my girlfriend’s birthday this week, so I decided to try and improve our experience while playing dominion. If you’ve ever played before, you know that you need quite a bit of space to lay out the 15 (at least) cards. I found these designs on thingiverse for a pretty sweet looking board (which you can find here http://www.thingiverse.com/thing:19144). I have access to a Epilog Zing laser cutter through Artengine. It’s a pretty cool machine, with a bed size of 24" by 12" and it can cut through 1/4" MDF with no problem. The problem was that the 2 file formats included wouldn’t open in inkscape! I have to open them in order to ensure that the lines are 0.001" thick if I want a vector (cut), rather than a raster (engraving) to come out of the laser.
First attempt to check the DXF files was with Inkscape, which complained about libxml2 missing when I tried using the Mac version. Next, I tried opening them in Autocad, Qcad, Inventor Fusion and DraftSight. Some of the programs worked, but I couldn’t set the line width that was used when creating a PDF. Finally, I gave up and set up Ubuntu 14.04 inside virtual box and installed Inkscape there. Success! I was able to create both SVG and PDF versions of the DXF files with the appropriate linewidths and document size.
You can download the altered things here: http://www.thingiverse.com/thing:363426
Big thanks to flomo for the initial designs.

A Noob's attempt at the 2014 DEF CON CTF Qualifiers

By a happy coincidence, the DEF CON Capture the Flag Qualifiers were 2 weekends ago, the same weekend I was cooped up and doped up after my wisdom teeth removal. Figuring that I had nothing to loose by at least checking out the challenges. I signed myself up as team TTT

What went down

I managed to score myself 2 whole points! That’s almost 40 points behind the winner, but they had like way more people and I figure 2 points isn’t too shabby given that I was a single person, on codeine with about zero relevant experience.

Routarded

The challenge consisted of a url that led to an unsecured router. Step 1 was to guess the default password. I tried admin / admin, admin / password and admin / (nothing) without any luck. This led me to http://www.routerpasswords.com/ which contains the default passwords for most routers. I figured I would work my way through the list. Thankfully I got lucky, the first new combo I treid was (blank) / admin. Now to look for the flags…

I poked around a bit, tried changing the password (it reset) and a few other things. I settled on the utitlies tab, which let you ping an ip address / host. It seemed like the output was exactly the output of ping on the command line… I wonder if they sanitize their input? Checking the HTML for the page shows that there’s a js function that’s called on form submission that strips characters. At first, I tried using curl to post data directly, but I couldn’t get the cookie jar working quite right. Instead, I just replaced the sanitization function with an identity function and tried submitting ‘; ls’ and voila! I got a directory listing! Oh hey, there’s a file called flag. Next up submitting ‘; cat ./flag’ and I had my first flag!

Hackertool

This next one asked you to submit the MD5 for a file and contained a link to a torrent. The file in the torrent was called EVERY_IP_ADDRESS.txt. My first guess was that I might be able to extract the hash directly from the torrent file, since I’m pretty sure you have to be able to compare the hash of the file you torrent to what it should be. Sadly I didn’t have any luck in this approach, probably due to my incompetence, but also because the spec uses SHA1…

Next thought, why not just generate every ip address myself? I wrote a ruby script, and then a go script to do this since it took nearly 40 minutes.

After the game was over, I realized I didn’t actually have to create the 65GB txt file, I could have just fed the input into a MD5 hash function without finalizing the hash.

3DTTT

This one was fun! I banged my head against it for much too long though and I never got the point for it… You were given an address that you could telnet into a play a game of 3d tic tac toe against an AI. But you had to write a script to do it for you, since if you took too long, the connection closed.

Here’s the source for my bot… It doesn’t do especially well. Sometimes I’d get lucky and win more than I lost, but generally I’d loose too many and I’d have to start over.

Except once! One time I got lucky and I won a bunch of games in a row, but I didn’t have any code written to deal with a winning state, nor did I output the ordering that led to my miraculous bot wins… I felt like such an idiot

Other challenges

I tried a few other ones, but they were mostly incomprehensible to me. I need to know more about disassembling programs, which apparently means learning how to use a tool called Ida. Also, I should learn WAY more assembler. If you want to read some solutions to the other challenges, check out http://www.routards.org/2014/05/defcon-22-quals-dosfun4u.html

Knitting with Paracord!

My girlfriend recently finished sewing a bag for me, but it doesn’t have a strap yet!
At first I tried making Slatts Rescue Belt by following this instructable on how to make a paracord rescue belt, but I didn’t turn out the way I was hoping at all…
Instead I figured I would try knitting the strap. I’ve never tried knitting paracord before, but the strap that I end up with would just as well as the other method since I end up with a flat strap that I can unravel quickly.
If you want to learn how to knit check out this video:

or this book: Knit: Step by Step It has lots of patterns and is pretty good if you like learning from books.
The pattern I’m using is one row knit, one row purl and it’s 6 rows wide.

subscribe via RSS