EverSec CTF (BSides Raleigh 2017) Strange Data #3

Another week, and another write-up from the EverSec CTF at BSides Raleigh 2017.

EverSec CTF Strange Data #3 – Introduction

Steve suggested that I try his Crypto challenge, Strange Data #3.

This was a neat one, and I don’t think that many people were able to solve it.

The Challenge

First, I went to the challenge page to find a crypto challenge based on a few clues. Author’s note: The spaces in this matter, so make sure to keep any double spaces the way that they are. No one was able to solve this challenge originally until we caught this issue.

It seems like the Legion of Gloom was using Eversec’s infrastructure to host their Call of Duty 2 LAN parties. Seems like the top player was named Ihcbu, always playing on the German team. We can’t seem to get back on the machine to uninstall it. It’s costing us dozens of dollars every month in AWS costs! Please help!

HAHGNASAAKHSAILHOJHHIASEHEIMZZEIILGHH CTZ-AH-EHAAG  H-TLHJAAJE-N E-G-ATSNTOD-TTL-TSCSL --IZNI AAE  AA AESA- -EIEA IA-N -BIINBE AJ TI W-S AKH T-TTHNZNZ--NNG -EEY L OTJEAEIHKYHNGS-HHIDSI NH -H LE-HHHH AH O -AAAZSE-I-ZAII-HLLL -NHSZC--I- HHAAD-TKL AH

Decoding – Part 1

After a bit of searching and poking at the cipher, I ended up back at one of my favorite places for crypto tools, Rumkin.com

Looking at this page, there was a cipher that exactly fit the bill! Übchi – A double columnar transposition cipher that uses the same key, but adds a number of pad characters. Used by the Germans in WWI.

This cipher includes the Call of Duty 2/German hint, as well as the top player’s name (backwards).

Using the decryption tool, I was able to get some output that appeared useful.

EverSec CTF Strange Data #3 - Decoded

Decoding – Part 2

While I did not have a plain-text solution, I had something that looked like it could also be decoded.

THAN-ZIE TSE-GAH AH-JAH KLIZZIE-YAZZIE AH-JAH TSAH-AS-ZIH A-CHI DIBEH TSAH TSE-NILL A-KEH-DI-GLINI TSE-NILL AH-YA-TSINNE TLO-CHIN GLOE-IH TKIN A-WOH TSE-GAH TSE-NILL BESH-DO-TLIZ AH-JAH GAH NE-AHS-JAH MA-E NE-AHS-JAH GAH THAN-ZIE CHA AH-NAH A-KHA

With some expert Google-fu (literally just searching for “than-zie”), I was able to make some more progress.

Each block is actually a letter in the Navajo Phonetic Alphabet.

While I was not able to find a tool to decode this, it was simple enough manually. After the decoding process, I was left with the following plain-text.

thekeyisnavajowithazerofortheo

I entered in “navaj0”, and received my points!

EverSec CTF Strange Data #3 – Conclusion

While this wasn’t a super complicated crypto challenge, it was still a fun one.

This challenge/write-up also showed the importance of testers for CTF challenges (or at least annoying competitors).

doyler on Githubdoyler on Twitter
doyler
Ray Doyle is an avid pentester/security enthusiast/beer connoisseur who has worked in IT for almost 16 years now. From building machines and the software on them, to breaking into them and tearing it all down; he's done it all. To show for it, he has obtained an OSCP, eCPPT, eWPT, eWPTX, eMAPT, Security+, ICAgile CP, ITIL v3 Foundation, and even a sabermetrics certification!

He currently serves as a Senior Penetration Testing Consultant for Secureworks. His previous position was a Senior Penetration Tester for a major financial institution.

When he's not figuring out what cert to get next (currently GXPN) or side project to work on, he enjoys playing video games, traveling, and watching sports.

Leave a Comment

Filed under Security Not Included

Leave a Reply

Your email address will not be published. Required fields are marked *

*