DEFCON 22 Badge Challenge

Authors: image Jason “Thor” Hall image Brett Buerhaus


Myself, Brett, and Jon recently went to DEFCON and completed the Badge Challenge put together by 1o57.  Here is the entire adventure as we experienced it with all of the puzzles, their solutions, and the steps to solve them.  Understand that this document contains MASSIVE spoilers so if you do not want to ruin it for yourself please stop reading now.

Still here?
Alright, lets go!






Step_1


Taken from page 4 of the DEFCON Pamphlet

07-21-18-03-18-05-05-22-01-03-14-20-18-06
10-22-25-25-21-18-25-03-12-02-08-19-22-01
17-12-02-08-05-16-14-25-25-22-01-20-15-08
07-17-02-01-07-15-18-17-08-03-18-17-16-08
07-17-02-10-01-07-21-18-10-02-02-17-06-07
21-18-12-15-18-18-05-17-02-06-10-57-10-57


Digit to Alphabet Replacement
1=A 2=B etc…

G-U-R-C-R-E-E-V-A-C-N-T-R-F
J-V-Y-Y-U-R-Y-C-L-B-H-S-V-A
Q-L-B-H-E-P-N-Y-Y-V-A-T-O-H
G-Q-B-A-G-O-R-Q-H-C-R-Q-P-H
G-Q-B-J-A-G-U-R-J-B-B-Q-F-G
U-R-L-O-R-R-E-Q-B-F-J-57-J-57

Cleaned up the dashes and removed 1o57’s handle.

GURCREEVACNTRF
JVYYURYCLBHSVA
QLBHEPNYYVATOH
GQBAGORQHCRQPH
GQBJAGURJBBQFG
URLORREQBF

ROT 13
http://rumkin.com/tools/cipher/rot13.php

THEPERRINPAGES
WILLHELPYOUFIN
DYOURCALLINGBU
TDONTBEDUPEDCU
TDOWNTHEWOODST
HEYBEERDOS

Cleaned up the spacing

THE PERRIN PAGES
WILL HELP YOU FIND
YOUR CALLING BUT
DONT BE DUPED CUT
DOWN THE WOODS
THEY BE ERDOS


Open the DEFCON disc provided
This contains an image of a man.


Search for Erdos on google and find a picture of that man.

http://en.wikipedia.org/wiki/Paul_Erd%C5%91s
http://en.wikipedia.org/wiki/Erd%C5%91s%E2%80%93Woods_number

Flipping through the DEFCON pamphlet.
Many pages have a vertical number above them.

PageVertical
232
335
531
741
1053
1245
1641
1743
2252
2945
3345
344D
3641
3954
4645
5121
5621


Take the Erdos Woods numbered pages and cut them from the set.
16, 22, 34, 36, 46, 56 (CUT DOWN THE WOODS)

PageVertical
232
335
531
741
1053
1245
1743
2945
3345
3954
5121

Now for the Perrin pages.
http://www.mathpages.com/home/kmath345/kmath345.htm
(THE PERRIN PAGES WILL HELP YOU)

32:35:31:41:53:45:43:45:45:54:21

Now to cut the nearby duplicate values.
(DONT BE DUPED)

32:35:31:41:53:45:43:52:45:54

This translates to ASCII cleanly from HEX

251ASECRET

Which is the following phone number.
(FIND YOUR CALLING)

(251) 273-2738

Calling this number leads to Step_2.







Step_2


Calling the phone number from Step_1.

(251) 273-2738

This results in 5 rings and then a sequence of 109 piano notes.

I recorded this using some call recording software.

Writing down these sounds as notes gives the following set.

DGGBGBGGDGBDGDGBDDDBDGEGDGDGDBDDDBGDGBDDGEDGGDGBGDDDDBDDDDDBGGGGGBDDGGGEDGGDGBGGGBGDBGDGBGDBDGBDDGBGGGGBGDBGE

Converting the B’s and E’s into spaces gives us the following.

DGG G GGDG DGDG DDD DG GDGDGD DDD GDG DDG DGGDG GDDDD DDDDD GGGGG DDGGG DGGDG GGG GD GDG GD DG DDG GGGG GD G



This is starting to look promising.
Converting the D’s into dashes and the G’s into dots we get the following.

-.. . ..-. -.-. --- -. .-.-.- --- .-. --. -..-. .---- ----- ..... --... -..-. ... .- .-. .- -. --. .... .- .

This is morse code and decodes into a URL.
http://rumkin.com/tools/cipher/morse.php

DEFCON.ORG/1057/SARANGHAE


Fixing the capitalization we are able to connect.

http://defcon.org/1057/SarangHae/



Going to this URL leads to Step_3a.









Step_3a


Going to the URL from Step_2.

http://defcon.org/1057/SarangHae/

Page source:
Step_3a_Source.txt (pastebin)


Picture of the page.



This page contains an image.

The page has a hint shown here.

Who we gave free love to
at
1o57
Are you being served?

Since we do not know who we gave free love to we have reached a dead end.


Move on to Step_3b









Step_3b


Continue from dead end on Step_3a


We have found a large pattern on the floor near the 1o57 room.






There are other symbols around DEFCON with different numbers and characters.
(No Images)


Taking all of the numbers we get the following list.
We also have a number of Korean symbols associated.

1.230.121.13
2.230.016.12
3.230.205.23
3.136.239.12
3.223.025.11
2.224.016.13
0.008.0112.02
6.226.024.23
3.013.124.13
1.029.021.11
0.205.2215.02
0.034.029.22
0.102.118.22


Taking the Korean symbols and mixing them around we eventually come to.

전화기

This translates to Phone.
We now have a hint as to how this puzzle works.


Taking a modern phone we can see that it is laid out as follows.

1    2    3
4    5    6
7    8    9
*    0    #


Adding 0 based rows to this we get the following layout.

3    1    2    3
2    4    5    6
1    7    8    9
0    *    0    #
    0    1    2


Taking the numbers from the floor and dropping the first number.

231213
230112
232023
132312
220211
220113
000102
220223
011213
020211
202202
030222
101122


This associates with the Column and Row on the phone.

Example
23 = Column 2, Row 3 = 3


Decoding all of this we get the following.

352
375
3#3
235
648
673
*74
643
752
448
#64
146
086


Ordering this by the characters that spell the word phone we get.

333266*674#1057#34774546482535824328466


Using the letters associated on a phone and discovery of some crazy words we get the following.

DEFCON*ORG#1057#FISSILINGUALELUCIDATION


Cleaning this up we have our new target URL.

defcon.org/1057/FissilingualElucidation


Continue to Step_3c with our newfound page.









Step_3c


Going to the URL from Step_3b
http://defcon.org/1057/FissilingualElucidation

Page source:
Step_3c_Source.txt (pastebin)


Picture of the page.



This page contains an animated gif.


The poem on this page reads as follows.

Here, I wrote you a poem:
lorem ip
Lorem ipsum dolor si
Lorem ipsum do
Lorem ipsum dolor s
lorem ipsum ama
Lorem ipsum dolor sit amet
Lorem ipsum dolor sit ame

Lorem ipsum dolor sit
lorem ipsum ips
lorem ipsum lor
lorem ipsum lo
lorem ipsum lorem
lorem ipsum amat
Lorem Ipsum


Dropping this into Google Translate we see a very interesting bug.
Our Lorem Ipsum text translates to the following.

Internet ip
Let's see if
We give
Pussycat Dolls
The Free Love
It can be used
Our goal is to ame

Our goal is to
vehicle dimensions
Free of pain
China, elsewhere
Free Internet
China loves
NATO


The source page from the site we found in step 3a_1 talked about a poem.
It also stated “Who we gave free love to”

In this poem we see that the “free love” is given to the “Pussycat Dolls”


Continue to Step_3d with this new information.









Step_3d


Using the newfound information from Step_3c.

We give
Pussycat Dolls
The Free Love

We can add this to the puzzle from Step_3a

Who we gave free love to
at
1o57
Are you being served?

This then becomes

PussycatDolls
at
1o57
Are you being served?

"Are you being served?" is a UK based comedy show.

http://en.wikipedia.org/wiki/Are_You_Being_Served%3F

Adding that to the puzzle we get.

PussycatDolls
at
1o57
UK

This then becomes an email address.

PussycatDolls@1o57.uk

Emailing anything to this address leads us to Step_4a.









Step_4a


Writing the email from Step_3d we get the following response.

DEFCON.ORG/1057/ WHO DOES CHINA LOVE + Mickey’s Key



We know who China loves from our previous Lorem Ipsum poem solved on Step_3c

China loves
NATO


Our URL then becomes

defcon.org/1057/NATO + Mickey’s Key


As we have no idea what Mickey’s Key we have reached a dead end.

Move on to Step_4b









Step_4b


Continue from dead end on Step_4a

We noticed all of the convention lanyards had writing in Korean, numbers in Chinese, and a set of glyphs.






We rushed to record all of the lanyards much like we did with the symbols on the ground earlier.
The results of that are as follows.

SymbolKoreanChinese
Dial수평
Skull수평
Key수평
Disk수평
Dial수직一一
Skull수직
Key수직一四
Disk수직



The Korean translates to Horizontal and Vertical.
We assumed this meant the direction the lanyards should be placed.


The Chinese characters are a set of numbers which is possibly the order in which they should be placed.


The glyphs themselves are an obscure cipher for numbers used by a group of monks in the middle ages.



http://www.davidaking.org/Ciphers.htm


If we take each glyph and cut it into quarters we get 4 unique cipher symbols resulting in a 4 digit number.
The numbers are then listed as follows.

SymbolKoreanChineseGlyphs
Dial수평10 57 68 79 79 77 72 73
Skull수평83 83 79 78 83 67 79 73
Key수평78 83 73 78 65 82 67 65
Disk수평68 69 83 67 79 68 69 83
Dial수직一一10 57 78 68 78 84 79 85
Skull수직67 55 84 72 79 78 83 67
Key수직一四78 84 69 80 67 85 82 89
Disk수직77 73 65 73 82 73 80 84


Weaving the Horizontal and Vertical lanyards together we get conflicts between the Glyphs.
This results in the following pattern.

0100
1001
0100
0011
1011
0101
1110
1010

If we only take the numbers from this we get the following.

     6879
8383           7973
     7378
          7968 6983
1057      7884 7985
     8472      8367
7884 6980 6785
7773      8273

Collapsing these into a stack we get this new block.

8383 6879 7968 7973
1057 7378 7884 6983
7884 8472 6785 7985
7773 6980 8273 8367

Splitting these into blocks of two and then converting that into ASCII we get this jumbled text block.

SS DO OD OI
   IN NT ES
NT TH EP MI
OU SC CU RI

Unjumbling this block shows us the encoded message.

  
DO NT MI
SS TH EP OI
NT IN CU RI
OU SC OD ES

DONT MISS THE POINT IN CURIOUS CODES.

The point in curious codes is a period.

curious.codes

Continue to Step_4c with our newfound page.









Step_4c


Going to the URL from Step_4b
curious.codes

Page source:
Step_4c_Source.txt (pastebin)


Picture of the page.



This page contains an image.



At the bottom of the page is a link.

The link starts a file download for “NukeNukeMickeyLover”


Opening the file in a text editor we see the following.

Rar!


Converting the file to a .rar we are presented with an encrypted rar file and we don’t have the password.

With no password we have reached a dead end.


Move on to Step_4d









Step_4d


Continue from dead end on Step_4c

Time to rip open the badges.


The following are strings discovered in the source code provided on the DEFCON disc.

RayNelson byte

"IAIHG TPJNU QU CZR GALWXK DC MHR LANK FOTLA OTN LOYOC HPMPB PX HKICW",0
Test4 byte
"DID YOU REALLY THINK THAT IT WOULD BE SO EASY? Really? Just running strings?",0
Greets byte
16,77,85,66,83,69,67,85,32,74,69,32,84,85,86,83,69,68,32,74,77,85,68,74,79,32,74,77,69,13,0
Detective byte
13,74,85,82,69,82,32,71,66,32,79,82,84,86,65,32,86,32,88,65,66,74,32,83,86,65,81,32,85,78,69,66,89,81,13,0
Scientist byte
76,81,84,89,86,70,32,82,75,66,32,83,78,90,32,83,81,87,83,85,32,87,82,65,32,73,77,82,66,32,67,70,72,82,32,90,65,65,65,65,32,73,89,77,87,90,32,80,32,69,65,74,81,86,68,32,89,79,84,80,32,76,71,65,87,32,89,75,90,76,13,0
Diver byte
10,"DBI DRO PSBCD RKVP YP RSC ZRYXO XEWLOB PYVVYGON LI RSC VKCD XKWO DROX DRO COMYXN RKVP YP RSC XEWLOB",CR,0
Driver byte
"SOMETIMES WE HAVE ANSWERS AND DONT EVEN KNOW IT SO ENJOY THE VIEW JUST BE HAPPY",0
Politician byte
83,83,80,87,76,77,32,84,72,67,65,80,32,81,80,32,74,84,32,73,87,69,32,87,68,88,70,90,32,89,85,90,88,32,85,77,86,72,88,72,32,90,65,32,67,66,32,80,65,69,32,88,82,79,76,32,70,65,89,32,73,80,89,75,13,0
Test3 byte
"ZGJG MTM LLPN C NTER MPMH TW",CR,0
Football byte
"IT MIGHT BE HELPFUL LATER IF YOU KNOW HOW TO GET TO EDEN OR AT LEAST THE WAY",0
Mystery byte
"OH A MYSTERY STRING I SHOULD HANG ON TO THIS FOR LATER I WONDER WHAT ITS FOR OR WHAT IT DECODES TO?",0

Hooking the badge up to PC via micro-usb and dumping commands to terminal we can receive output from these variables.

WELCOME TO DEFCON TWENTY TWO
COME AND PLAY A GAME WITH ME
WHERE TO BEGIN I KNOW FIND HAROLD
TRY THE FIRST HALF OF HIS PHONE NUMBER FOLLOWED BY HIS LAST NAME THEN THE SECOND HALF OF HIS NUMBER

DEFCON DOT ORG SLASH ONE ZERO FIVE SEVEN SLASH I WONDER WHAT GOES HERE
ALBERT MIGHT BE ON THE PHONE WITH HAROLD SO IF ITS BUSY TRY BACK
WHITE LINES IN THE MIDDLE OF THE ROAD THATS THE WORST PLACE TO DRIVE

We have no idea who Harold is but we know that he may be on the phone with Albert.
We also have a set of variable names and a reference to a possible URL.

TO THE INTERNET!!!


Searching for Harold and some of variable names we find the following.

Harold Smith a renowned Detective which is one of our variable names.
http://en.wikipedia.org/wiki/Harold_Smith_%28detective%29


From here we start searching for Harold Smith.

Jackpot
http://en.wikipedia.org/wiki/Harold_Smith

All of the variable names can be found on this page.
We are moving in the right direction.


Searching for more information on Harold we start to pull in searches for Albert

"Harold Smith" Albert wikipedia


One of the entries on the page is regarding Smith numbers.

http://en.wikipedia.org/wiki/Smith_number

Bingo, this is what we wanted.
Smith numbers were created by Albert Wilansky of Lehigh University.
He noticed the property in his brother-in-laws phone number “493-7775”
His brother-in-law was named Harold Smith.

Knowing this we can now complete the puzzle.

DEFCON DOT ORG SLASH ONE ZERO FIVE SEVEN SLASH I WONDER WHAT GOES HERE
TRY THE FIRST HALF OF HIS PHONE NUMBER FOLLOWED BY HIS LAST NAME THEN THE SECOND HALF OF HIS NUMBER

This becomes…

defcon.org/1057/493SMITH7775/
Continue on to Step_4e with our newfound page.









Step_4e


Going to the URL from Step_4d

http://defcon.org/1057/493SMITH7775/

Page source:
Step_4e_Source.txt (pastebin)

Picture of the page.



This page contains an image.

The page contains another riddle.

Why be
ye searchin' answers here?
Oh are
ye 1o57? The question
queue be
long...be ye not in despair,
em for
keepin' ye from spinnin' yer wheels they be.

The page source contains a string of characters in a comment.

<!--YQESMJDOJOTM-->



This string of characters can be found on an image provided on the DEFCON disc.
It is a picture of Cryptex given to 1o57 as a wedding gift.




The string is the bottom most visible row on the Cryptex.
I set to record all of the visible information in the picture.

E    L    L    E    N    A    N    D    R    Y    A    N
W    W    B    V    F    E    J    U    V    K    H    N
C    I    Z    D    R    U    R    R    E    G    U    I
D    V    T    Q    I    M    U    F    N    X    N    V
Q    O    H    U    L    D    I    L    K    C    F    O
P    G    2    L    T    G    E    W    P    Z    R    H
K    N    R    I    G    Z    W    I    O    T    I    K
B    B    V    B    4    R    C    V    A    R    L    U
Y    Q    E    S    M    J    D    O    J    O    T    M

From here I noticed something interesting about the riddle we had found.
The two word sentences could be replaced with single letters or numbers.

Why be        YB
Oh are        OR
queue be    QB
em for        M4

The Cryptex contains 4 rows that have these characters right next to eachother.
This showed us we were on the right path.


However with nothing to use the code for we have reached a dead end.

Move on to Step_4f









Step_4f


Continue from dead end on Step_4e


We move to looking at the front of our badges.

There is a series of pin slots on the badge that aren’t standard for normal boards.
Normally a square is used for a grounding slot however all of the grounding slots are placed erratically all over the board.

There are two rows of pin slots on the right and left.



We can get a binary output from reading the pin slots from left to right.
There are marks on the badge connecting to some of the bits and the line lengths are different between them.

0    1    1    0
0    1    0    1
0    1    1    1
0    1    1    0
0    1    1    0
0    1    1    0
0    1    1    0
0    1    0    1
0    1    1    1
0    1    1    1
0    1    0    0
0    1    1    0
1    0    0    0
0    1    0    1
1    0    0    0
0    0    1    1

From here we must then convert each line into it’s decimal equivalent.
0110 = 6
0101 = 5
0111 = 7
0110 = 6
0110 = 6
0110 = 6
0101 = 5
0111 = 7
0111 = 7
0100 = 4
0110 = 6
1000 = 8
0101 = 5
1000 = 8
0011 = 3

We then join these decimals into blocks of two and convert to ascii.
65 = A
76 = L
66 = B
65 = A
77 = M
46 = .
85 = U
83 = S


This decodes into the following URL.

albam.us


Continue to Step_4g with our newfound URL.









Step_4g


Going to the URL from Step_4f

albam.us

Page source:
Step_4g_Source.txt (pastebin)


Picture of the page.



This page contains an image.

The page contains an encoded message on the front.

Bsz zfw vbffn up cbei dt la xvf op wtpskcuujjo? Rdjuk cybet uf
evlc dbfovozivnj?

T'fm mzu pqp ie zh b mduknz svnlfu...rivp D'm wpymjih ugalreye J
npdgoidpm uidob qa flyhz mduknz wfcxt, mdlv uzxktff (svxi-tvr!) ryx tvyevpgy Z'x
vbdf gvggier fjlz J tci dzlf ju do rivie. Yix xcbk yvs ksuu poivt aueys xpme? Zv
MERWFZ ive da iudmys...J ptlcglp suwf op kjdnb zz ju zjxjo tzxyt ji b iqr bvqisf D gvgg
lzvy nznfch vgrth...
To solve this we must return to our Cryptex dead end from Step_4e.

The Cryptex reads as follows.
E    L    L    E    N    A    N    D    R    Y    A    N
W    W    B    V    F    E    J    U    V    K    H    N
C    I    Z    D    R    U    R    R    E    G    U    I
D    V    T    Q    I    M    U    F    N    X    N    V
Q    O    H    U    L    D    I    L    K    C    F    O
P    G    2    L    T    G    E    W    P    Z    R    H
K    N    R    I    G    Z    W    I    O    T    I    K
B    B    V    B    4    R    C    V    A    R    L    U
Y    Q    E    S    M    J    D    O    J    O    T    M

ELLENANDRYAN
WWBVFEJUVKHN
CIZDRURREGUI
DVTQIMUFNXNV
QOHULDILKCFO
PG2LTGEWPZRH
KNRIGZWIOTIK
BBVB4RCVARLU
YQESMJDOJOTM

Taking the following line from the Cryptex we can decode our message.

BBVB4RCVARLU


This is whats called an OTP or One Time Pad encryption.
http://rumkin.com/tools/cipher/otp.php

OTP cannot be decrypted unless you discern the unique pad.


The outcome of our decryption is as follows.
Are you about to hang it up due to frustration?  About ready to
call shenanigans?  

I'll let you in on a little secret...when I'm feeling deflated I
sometimes think of funny little words, like sextile (rawr-rar!) and suddenly I'm
back feeling like I can dial it in again. Now what was that other funny word? It
REALLY had my number...I usually have to think of it eight times in a row before I feel like myself again...
This is clearly referencing our encrypted .rar file we found previously and solves our dead end on Step_4e.

(rawr-rar!)


A sextile is an astrological term used to describe two celestial bodies that are 60 degrees apart.
The symbol for this is what we commonly know as the Asterisk. *

This symbol can be found on any modern numpad phone on the bottom left.
The reference to “feeling like I can dial it in again.” also points to phones.


"It REALLY had my number" leads us to the number symbol also found on a phones numpad.


"I usually have to think of it eight times in a row before I feel like myself again…"

This shows that whatever the .rar’s password is will be the same word 8 times in a row.
This is a good method of stopping brute forcing of the password as the string is so long.


Trying ######## we see that its not the way to handle this so we move to research the number sign.

http://en.wikipedia.org/wiki/Number_sign


From here we can see that another “funny word” for a number sign is octothorp.


We then try the following password and unlock the .rar

OCTOTHORPOCTOTHORPOCTOTHORPOCTOTHORPOCTOTHORPOCTOTHORPOCTOTHORPOCTOTHORP

The .rar opens and our dead end on Step_4c has been cleared.


Now that we have opened the .rar we can move on to Step_4h









Step_4h


The contents of the .rar from Step_4c are revealed!

Opening the .rar presents us with an image and a m4a format song file.
(TheBox.m4a)


The image shows the symbol Sigma, a rather hilarious picture of Kim-Jong-Un, Grumpy Cat, Psy, and a key.


Seeing the image of Mickey on Kim-Jong-Un and the key on the page immediately leads us to believe this will be Mickey’s Key which is required to complete the dead end on Step_4a.


During most of the convention we had been taking pictures of everything we could find.
This included the backs of all of the badge variants which are as follows.

BadgeSerial_1Serial_2DirectionLanguage
Human5558675301458934WestChinese
Human2534856702933985EastChinese
Human3030303138563748SouthChinese
Human5645638701924834NorthChinese
Human3243975150932487NorthKorean
Human7779875300478041WestKorean
Human8130355785345360SouthKorean
Human0597834485758673EastKorean
Artist9484163488172253SouthChinese
Contest0985656323454311EastChinese
Vendor0572985657380999NorthKorean
Speaker3133701734029545SouthChinese
Goon9484163488172253SouthChinese
Press0606060600000000SouthKorean



The symbol for Sigma is used to express the sum of a set of numbers.
http://mathlesstraveled.com/appendices/sigma-notation/

From the images of Psy and Kim-Jong-Un we can guess that this most likely means the sum of North Korea and South Korea seperately with some kind of operation in-between.


Pulling our previously obtained badge information we get the following relevant sets of information.

Vendor0572985657380999NorthKorean
Human3243975150932487NorthKorean
Press0606060600000000SouthKorean
Human8130355785345360SouthKorean

Summing the numbers ends in the following values.

North05729856+57380999+32439751+50932487146483093
South06060606+00000000+81303557+85345360172709523

Grumpy Cat in the picture refers to ConCATenation
http://en.wikipedia.org/wiki/Concatenation


This will take our values and concatenate them as follows.
146483093172709523

With that in mind we can now solve our dead end from Step_4a

defcon.org/1057/NATO + Mickey’s Key
defcon.org/1057/NATO146483093172709523

With our newfound URL in hand we can continue to Step_5









Step_5


Going to the URL from Step_4h

http://defcon.org/1057/NATO146483093172709523/

Page source:
Step_5_Source.txt (pastebin)

Picture of the page.



This page contains an image and a gif.





The language displayed is called Ogham which was used between the 4th and 9th century.
While the origin is uncertain we do know how to translate it roughly as it uses a system much like the alphabet but with 25 letters.
The provided image translates to the following block.

I OFT CORRECT NGOUR GRAMMER
OR TELL NGOU TO NEE A NGNNGCHIARINF
BUT THE FILEN ASSISITNG TO NGIERCE
THE LAFD THAT CRAFEN FENT UNGOF
MIGHT LEAD NGOU TO DINCOER THE
FAME OS THE MOOF AT CODEN THAT ARE CURIOUN

This needs to be decoded further to make any kind of sense.
We accomplished this using the following key.
NG    Y
N    S
F    N

This gives us a slightly more readable message.
I OFT CORRECT YOUR GRAMMER
OR TELL YOU TO SEE A YSYCHIARISF
BUT THE NILES ASSISITNG TO YIERCE
THE LAFD THAT CRANES NEST UYON
MIGHT LEAD YOU TO DINCOER THE
NAME OS THE MOON AT CODES THAT ARE CURIOUS

From here we eyeballed it and performed changes to transform them into proper words.
I OFT CORRECT YOUR GRAMMER
OR TELL YOU TO SEE A PSYCHIARIST
BUT THE NILES AFFINITY TO PIERCE
THE LAND THAT CRANES NEST UPON
MIGHT LEAD YOU TO DISCOVER THE
NAME OF THE MOON AT CODES THAT ARE CURIOUS

At face value this appeared to be a reference to the egyptian name of the moon.
Attempting this at curious.codes gave us the following URL.

http://curious.codes/Iah


However, in the source of this page we can see that it is fact a 404 message.

<TITLE>404 Curious.Codes</TITLE>


Either we have the wrong name or we are looking in the wrong place.

It turns out we were wrong on both counts.


The riddle is referring to the show Fraiser.

http://en.wikipedia.org/wiki/Frasier


This is further backed up by the name of the Ogham message “ScrambledEggs.jpg” which was a line from the shows opening song.


The wife of Niles Crane is Daphne Moon and the actress who plays her is Jane Leeves.

We can then take her name and, much like our previous “pussycatdolls” riddle, send it to @curious.codes
JaneLeeves@curious.codes


With our email sent and a response inbound we can now move to Step 6.









Step_6


Writing the email from Step_5 we get the following response.

+++
Well done!

Find 1o57, and hand him a note- written on blue paper....

On the note must be your name(s)  / team name - and this phrase:

perfer et obdura; dolor hic tibi proderit olim

Congratulations, you have earned a spot ... but I've said too much...

Include an email :)



My heart skipped a beat, we had reached the finish line.
After some frantic calls and a scramble to get a blue piece of paper, we turned in our submission and it was accepted.


The line “perfer et obdura; dolor hic tibi proderit olim” translates to the following.

"Be patient and tough; someday this pain will be useful to you."


Thank you 1o57, this was a grand adventure indeed.









Bonus Round


For those who enjoyed the challenge put forth by 1o57 I have a little something extra for you.

Stepping into the world of crypto can be a bit daunting at first.
But once you are On The right Path you can always look back at everything you accomplished.


Dkqp gqoe. 
Bqv hhbj wrnweg vie jnfpogogh.
Rpsa g wisnz wlvi Pvzfxr Mjnj coydnjvh ko iw up I rtta bqv croqllzjh lv.
J mliit pyxyh hvrwjfr jnfpogoghu jn anj jxvvrh.
  1. blackwhiteschizoid reblogged this from potatohatsecurity
  2. guttoslucky reblogged this from potatohatsecurity
  3. foxtongue reblogged this from potatohatsecurity
  4. vpetersson reblogged this from potatohatsecurity and added:
    This is very cool. The guys at Defcon sure knows how to geek out and create a challenge. Here’s the Badge Challenge...
  5. nurrrrrd reblogged this from potatohatsecurity and added:
    King Edward the Potato King!
  6. cptnbrittish reblogged this from potatohatsecurity and added:
    If anyone is confused about the google translate bug:...
  7. tombadger reblogged this from potatohatsecurity
  8. pawelabramowicz reblogged this from potatohatsecurity and added:
    Potato King of Security - ekipa Potato Hat opisuje swoje wrażenia z rozwiązywania (jak dla mnie) piekielnie trudnej...
  9. diffie-hellman reblogged this from potatohatsecurity and added:
    Potato King great job guys!
  10. alexanderpf reblogged this from potatohatsecurity and added:
    Jason “Thor” Hall Brett Buerhaus via potatohatsecurity Myself, Brett, and Jon recently went to DEFCON and completed the...
  11. rememberlenny reblogged this from potatohatsecurity