DEF CON 27 Electronic Shoot Badge Challenge Walkthrough

I created a crypto/puzzle challenge for the DEF CON 27 shoot badge. This page is a walkthrough for the challenge. The entry point and first steps were on the lanyard.

Step 1, Entry Point

On the lanyard, the numbers 48,8,71,36,14,63,21,52,31,70,21,43,58 were printed. There was also supposed to be a clue "Ehdoh" which is "Beale" in ROT-23. The "Ehdoh" part did not print with sufficient resolution on the lanyards, so I gave people the clue "Beale" outright, either when purchasing the badge or following on the shoot Slack or Twitter. The clue is a reference to The Beale Ciphers. The known Beale cipher is a book cipher that uses the Declaration of Independence as a key. Luckily, dcode.fr book cipher decoder already has the Declaration of Independence preloaded as the key, making this easier to solve.

Solving the numbers using the Beale key leads you to this site, gigsatdc.com

If you would like to attempt the rest of the challenge, stop now and visit the entry point which was on the main page of this site when the contest was running. Reading further will give spoilers for the rest of the puzzle!

SPOILER BREAK













Keep scrolling for the rest of the walkthrough/spoilers













Step 2, C64

The user is presented with a C64 style web site. Attempting to run LOAD "*",8 and RUN leads to a hint that they should look up how to get a disk directory on a C64, which is LOAD "$",8 and LIST.

Listing the directory presents the following files on disk:

Loading "JOKE" and running it is a red herring, it presents the "longest joke" for them to read, and has nothing to do with completing the challenge.

Step 3, Wardialing

Loading the wardialer should give several hints, as well as the overall 80s theme. Welcome to "Falken-Dialer" is the biggest one, i.e. Professor Falken from Wargames. A lot of people got stuck here, this is probably the hardest leap to make.

At this point, you can wardial area codes. The area code that WOPR was in, in Wargames, was 311, a non-existing, invalid area code. I had to drop a few hints on twitter to get people to try area code 311.

Step 4, Dialing up

After scanning area code 311 (or any area code), a list of possible hits is returned. If the user scans 311, the second phone number is always the number for WOPR. I made it the second one so they'd find out pretty quickly that they got it right. The only way to test numbers returned is to "reboot" the web page and load MODEM, just like on a C64 the only real way to load something new often was to reboot the whole system.

Step 5, Hacking WOPR

The password for WOPR, from the movie Wargames, is Joshua. This is pretty easy to find.

WOPR asks if you want to play a game. The only proper response is "GLOBAL THERMONUCLEAR WAR". This tripped up some people as well who wanted to follow the script of the movie verbatim.

Step 6, Final Decoding

After the world is destroyed, Moscow sends an encrypted message, which comes in slowly over about a minute, emulating a 300/1200 baud modem with a bad connection: szdhatfgotfmzdb lzg bzoeuc mf uptmo hmhbfthhtaf tf hptmo czf szp nmfi fiu qiatbu fzz ptdl busaufb EOT

Running this through quipqiup.com (it's a cryptogram), gives: "congratulations you solved it email gigstaggart XX XXXXX XXX XXX with the phrase too many secrets". Email address censored here for spam bots, but it's "at gmail dot com" where the X's are.

Congratulations to MtnViking and son of MtnViking for being the first to solve!

The contest ended on Saturday during DEF CON 27, MtnViking and his young son claimed the prize of a special blue Boom Badge 80% lower, two very limited edition black electronic shoot badges, and some challenge coins.