User avatar
Davespice
Forum Moderator
Forum Moderator
Posts: 1662
Joined: Fri Oct 14, 2011 8:06 pm
Location: The Netherlands
Contact: Twitter

Re: I’m no Cryptographer…

Thu Dec 01, 2011 3:18 pm

A colleague of mine showed me this today;
http://www.canyoucrackit.co.uk/

It's all in hex, eight numbers to a line, two blocks of ten lines.
The input box only takes 15 characters!

Bizzo
Posts: 3
Joined: Tue Aug 23, 2011 12:08 pm
Contact: Website

Re: I’m no Cryptographer…

Thu Dec 01, 2011 3:55 pm

OCR'd if it helps anyone:

eb 04 af c2 bf a3 81 ec 00 01 00 00 31 c9 88 0c
0c fe c1 75 f9 31 c0 ba ef be ad de 02 04 0c 00
d0 c1 ca 08 8a 1c 0c 8a 3c 04 88 1c 04 88 3c 0c
fe c1 75 e8 e9 5c 00 00 00 89 e3 81 c3 04 00 00
00 5c 58 3d 41 41 41 41 75 43 58 3d 42 42 42 42
75 3b 5a 89 d1 89 e6 89 df 29 cf f3 a4 89 de 89
d1 89 df 29 cf 31 c0 31 db 31 d2 fe c9 02 1c 06
8a 14 06 8a 34 1e 88 34 06 88 14 1e 00 f2 30 f6
8a 1c 16 8a 17 30 da 88 17 47 49 75 de 31 db 89
d8 fe c0 cd 80 90 90 e8 9d ff ff ff 41 41 41 41

User avatar
meltwater
Posts: 1014
Joined: Tue Oct 18, 2011 11:38 am

Re: I’m no Cryptographer…

Thu Dec 01, 2011 4:13 pm

The answer is clearly 42.
______________
http://www.themagpi.com/
A Magazine for Raspberry Pi Users
Read Online or Download for Free.

My new book: goo.gl/dmVtsc

Meltwater's Pi Hardware - pihardware.com

Like the MagPi? @TheMagP1 @TheMagPiTeam

tnelsond
Posts: 120
Joined: Sun Aug 07, 2011 4:35 pm
Contact: Website

Re: I’m no Cryptographer…

Thu Dec 01, 2011 4:22 pm

I looked at the source, it takes up to 16 characters.

obarthelemy
Posts: 1399
Joined: Tue Aug 09, 2011 10:53 pm

Re: I’m no Cryptographer…

Thu Dec 01, 2011 5:57 pm

double ROT-13 FTW !


kkolev
Posts: 13
Joined: Wed Nov 16, 2011 11:14 pm

Re: I’m no Cryptographer…

Thu Dec 01, 2011 9:01 pm

`file` says the magic bits make it look like a COM file. Doesn't do anything in dosbox, though. Too lazy to do anything else.

User avatar
crundy
Posts: 310
Joined: Fri Aug 12, 2011 7:47 am

Re: I’m no Cryptographer…

Thu Dec 01, 2011 9:07 pm

Been discussing this elsewhere:
http://rationalwiki.org/wiki/R.....rack_it.3F
It seems It's in three parts. The hex code is an x86 executable which points to a js file on the server which is the second part. Haven't looked properly at it though.

Willofield
Posts: 29
Joined: Sat Aug 06, 2011 11:10 am
Location: Oldenburg, Germany
Contact: Website

Re: I’m no Cryptographer…

Thu Dec 01, 2011 10:21 pm

http://www.canyoucrackit.co.uk.....udidit.asp ;) anybodyinterested in a nice Job at GCHQ?....

User avatar
crundy
Posts: 310
Joined: Fri Aug 12, 2011 7:47 am

Re: I’m no Cryptographer…

Thu Dec 01, 2011 10:40 pm

Oh wow, so the whole thing was just a "security through obscurity" excercise and the application form was just sitting there as a static page all along? They didn't even bother to make the last step release a key which gets verified by the server before displaying the "congrats" page? Honestly, if this is this country's idea of security then we're all screwed.

I'm gonna see if the app form is vulnerable to a SQL injection exploit just to get my own back.

stuartreid1975
Posts: 4
Joined: Tue Sep 06, 2011 7:37 am

Re: I’m no Cryptographer…

Thu Dec 01, 2011 10:47 pm

It's a tv... Just not a 1960s TV...
Voyager has altered course....

User avatar
jojopi
Posts: 3085
Joined: Tue Oct 11, 2011 8:38 pm

Re: I’m no Cryptographer…

Thu Dec 01, 2011 11:18 pm

Quote from Bizzo on December 1, 2011, 15:55
OCR'd if it helps anyone:

... fe c9 ...


Should be "fe c0"! Talk about help.

If that was really OCR'd then I would suggest overclocking less and running memtest more.

User avatar
jojopi
Posts: 3085
Joined: Tue Oct 11, 2011 8:38 pm

Re: I’m no Cryptographer…

Thu Dec 01, 2011 11:37 pm

Quote from crundy on December 1, 2011, 22:40
They didn't even bother to make the last step release a key which gets verified by the server before displaying the "congrats" page?


I do not think it is part of their applications process as much as a means of promoting themselves to the right kind of people.

There was an item on Channel 4 News a few months back about the difficulty they have recruiting and retaining staff and how their salaries (fail to) compare with those at technology and anti-virus companies.

User avatar
Davespice
Forum Moderator
Forum Moderator
Posts: 1662
Joined: Fri Oct 14, 2011 8:06 pm
Location: The Netherlands
Contact: Twitter

Re: I’m no Cryptographer…

Fri Dec 02, 2011 12:29 pm

Quote from Willofield on December 1, 2011, 22:21
http://www.canyoucrackit.co.uk.....udidit.asp ;) anybodyinterested in a nice Job at GCHQ?....
Oh good one, so did you crack the code and input the value to get to that page - or did you just look at the page source and figure out the link that way?

Lakes
Posts: 267
Joined: Wed Aug 24, 2011 2:17 pm

Re: I’m no Cryptographer…

Fri Dec 02, 2011 1:18 pm

Quote from crundy on December 1, 2011, 22:40
Oh wow, so the whole thing was just a "security through obscurity" excercise and the application form was just sitting there as a static page all along? They didn't even bother to make the last step release a key which gets verified by the server before displaying the "congrats" page? Honestly, if this is this country's idea of security then we're all screwed.

I'm gonna see if the app form is vulnerable to a SQL injection exploit just to get my own back.That`ll get you "noticed" alright! lol
Maybe they`ll offer you a job? :)

aeiah
Posts: 24
Joined: Tue Nov 08, 2011 2:00 pm

Re: I’m no Cryptographer…

Tue Dec 06, 2011 11:34 am

Quote from crundy on December 1, 2011, 22:40
Oh wow, so the whole thing was just a "security through obscurity" excercise and the application form was just sitting there as a static page all along? They didn't even bother to make the last step release a key which gets verified by the server before displaying the "congrats" page? Honestly, if this is this country's idea of security then we're all screwed.

I'm gonna see if the app form is vulnerable to a SQL injection exploit just to get my own back.

what makes you think they were trying to hide the page? lets see how far you get when you put on the application form: 'i just googled for the answer' :?

User avatar
crundy
Posts: 310
Joined: Fri Aug 12, 2011 7:47 am

Re: I’m no Cryptographer…

Tue Dec 06, 2011 1:56 pm

This user account has been seized under the Terrorism Act 2000 for unlawful access to Government data.

Only joking. I did think the challenge was a bit crap though. Although at the end of the day it did drive more potential candidates towards the (frankly low paying) cybercrime posts, so I guess it worked.

jamesh
Raspberry Pi Engineer & Forum Moderator
Raspberry Pi Engineer & Forum Moderator
Posts: 23965
Joined: Sat Jul 30, 2011 7:41 pm

Re: I’m no Cryptographer…

Tue Dec 06, 2011 3:51 pm

Quote from crundy on December 1, 2011, 22:40
Oh wow, so the whole thing was just a "security through obscurity" excercise and the application form was just sitting there as a static page all along? They didn't even bother to make the last step release a key which gets verified by the server before displaying the "congrats" page? Honestly, if this is this country's idea of security then we're all screwed.

I'm gonna see if the app form is vulnerable to a SQL injection exploit just to get my own back.

Did you actually watch the video of the guy solving it? Three stages of complexity, including code, steganography (sort of), then some other stuff.

Of course, you could just guess the 40 character random named JS webpage in stage 2.

I'd be inclined not to try hacking GCHQ!
Principal Software Engineer at Raspberry Pi (Trading) Ltd.
Contrary to popular belief, humorous signatures are allowed. Here's an example...
“I think it’s wrong that only one company makes the game Monopoly.” – Steven Wright

User avatar
Davespice
Forum Moderator
Forum Moderator
Posts: 1662
Joined: Fri Oct 14, 2011 8:06 pm
Location: The Netherlands
Contact: Twitter

Re: I’m no Cryptographer…

Thu Dec 08, 2011 4:46 pm

Here are some videos of it being solved, very interesting actually.



Return to “Off topic discussion”