Scribd
Upload
154 views4 pages

Defcon18 Crypt200

This document provides steps to solve a crypto puzzle involving QR codes and Morse code. The QR codes link to subsequent clues, including a hidden clue in an MP3 file that contains Morse code. Translating the Morse code using Audacity leads to text that refers to the Enigma machine. Looking up the Enigma machine provides the solution - decrypting the Morse code using an Enigma machine simulator with the given settings reveals the solution message.

Uploaded by

securedigital
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
154 views4 pages

Defcon18 Crypt200

This document provides steps to solve a crypto puzzle involving QR codes and Morse code. The QR codes link to subsequent clues, including a hidden clue in an MP3 file that contains Morse code. Translating the Morse code using Audacity leads to text that refers to the Enigma machine. Looking up the Enigma machine provides the solution - decrypting the Morse code using an Enigma machine simulator with the given settings reveals the solution message.

Uploaded by

securedigital
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 4

Crypto Badness 200

Clue: Some puzzles for you


Write up by Sakebomb – Painsec
www.painsec.com

Step 1:
The initial link is http://quals.ddtek.biz/quals/c200_6ea9650d99520e18.html
It provides the following qrcode code:

Scan it with your phone or with http://zxing.org/w/decode.jspx and it will translate to this
link: http://quals.ddtek.biz/quals/c200_8e452fdd2a9b9744.html

Step 2:
Following that link gives you another qrcode:

Doing the same steps as before, http://zxing.org/w/decode.jspx translates the qrcode to


http://quals.ddtek.biz:8080/qrcode/
Step 3:
Following the new link leads to a page that renders as this:

Not knowing what to upload at first, submitting any file would take you to:
http://quals.ddtek.biz/quals/qrsolve.html which is a redirect to
http://www.youtube.com/watch?v=dQw4w9WgXcQ (RickRoll -> smooth move ddtek)

By running the “strings” command in linux on the first qrcode, the output shows:

Step 4:
Generate the qrcode for “too many secrets” at http://qrcode.kaywa.com/ based on the
clue we found hidden in the jpeg. It looks like this:
Using this file as the upload key on the answer submission page leads you to:
http://quals.ddtek.biz/quals/c200_840bc203130f3638.html

Step 5:
On this page, there is another qrcode and an mp3 file called
c200_9f5bcf9abbcfe85c.mp3 that is hidden but you can clearly hear it when the page
loads.

The new page displayed this qrcode:

Translating the qrcode once again with http://zxing.org/w/decode.jspx provides:


C,VIII,II,VI,03,20,06,D,D,T,AV,FI,DR,TX,EU,HK

Step 6:
While listening to the mp3 file it becomes obvious that it is Morse code. Two solutions to
getting the information, find someone with the lost art of Morse code translation on the
fly or using Audacity http://audacity.sourceforge.net/ to open the mp3. This makes it easier
to watch and listen to make sure the whole code is translated properly to dots and
dashes.

Using Audacity to zoom in on the audio file and playing the file looks like this:
Write the code down and it looks like this:
-... --- .-- ... -.. .-.. --.- -..- ..-. -..- ..- - -.- .. -.- .-.. .. -..- -.-- - .-- .-- ...-
-..- ...- - .--. -. .-.. ...- .--. --.- --.- .-.. .- -. ..-. .-. .-- -... ...- -- .... -.. -..

Step 7:
Translating the morse code from dots and dashes to readable text through
http://www.onlineconversion.com/morse_code.htm becomes:
BOWS DLQX FXUT KIKL IXYT WWVX VTPN LVPQ QLAN FRWB VMHD D

Step 8 - Final:
This next part is not too obvious unless you know a bit about crypto or World War II.
This will help explain a bit more about how the qrcode translation lead to the the
conclusion: http://en.wikipedia.org/wiki/Enigma_machine
Reading up on this give you all the clues you need to solve the rest.

Finding the right decoder was the trick here. The decoder used was
http://users.telenet.be/d.rijmenants/en/enigmasim.htm
(Cryptool 2 beta http://www.cryptool.org/ had potential but it did not work properly for this)

Using these settings:


Reflector (Kriegsmarine M3 UKW): C
Rotors (in order): VIII – II – VI
Ring Position: 03 – 20 – 06
KEY (initial setting): DDT
Plug connections: AV FI DR TX EU HK

Enter in the text to decrypt the readable morse code:


DDTE KISA RIDD LEWR APPE DINA MYST ERYI NSID EANE NIGM A

Fixing the spacing provides the key:

DDTEK IS A RIDDLE WRAPPED IN A MYSTERY


INSIDE AN ENIGMA

You might also like