Another week, and another write-up from the EverSec CTF at BSides Raleigh 2017.
EverSec CTF Strange Data #3 – Introduction
Steve suggested that I try his Crypto challenge, Strange Data #3.
This was a neat one, and I don’t think that many people were able to solve it.
First, I went to the challenge page to find a crypto challenge based on a few clues. Author’s note: The spaces in this matter, so make sure to keep any double spaces the way that they are. No one was able to solve this challenge originally until we caught this issue.
It seems like the Legion of Gloom was using Eversec’s infrastructure to host their Call of Duty 2 LAN parties. Seems like the top player was named Ihcbu, always playing on the German team. We can’t seem to get back on the machine to uninstall it. It’s costing us dozens of dollars every month in AWS costs! Please help! HAHGNASAAKHSAILHOJHHIASEHEIMZZEIILGHH CTZ-AH-EHAAG H-TLHJAAJE-N E-G-ATSNTOD-TTL-TSCSL --IZNI AAE AA AESA- -EIEA IA-N -BIINBE AJ TI W-S AKH T-TTHNZNZ--NNG -EEY L OTJEAEIHKYHNGS-HHIDSI NH -H LE-HHHH AH O -AAAZSE-I-ZAII-HLLL -NHSZC--I- HHAAD-TKL AH
Decoding – Part 1
After a bit of searching and poking at the cipher, I ended up back at one of my favorite places for crypto tools, Rumkin.com
Looking at this page, there was a cipher that exactly fit the bill! Übchi – A double columnar transposition cipher that uses the same key, but adds a number of pad characters. Used by the Germans in WWI.
This cipher includes the Call of Duty 2/German hint, as well as the top player’s name (backwards).
Using the decryption tool, I was able to get some output that appeared useful.
Decoding – Part 2
While I did not have a plain-text solution, I had something that looked like it could also be decoded.
THAN-ZIE TSE-GAH AH-JAH KLIZZIE-YAZZIE AH-JAH TSAH-AS-ZIH A-CHI DIBEH TSAH TSE-NILL A-KEH-DI-GLINI TSE-NILL AH-YA-TSINNE TLO-CHIN GLOE-IH TKIN A-WOH TSE-GAH TSE-NILL BESH-DO-TLIZ AH-JAH GAH NE-AHS-JAH MA-E NE-AHS-JAH GAH THAN-ZIE CHA AH-NAH A-KHA
With some expert Google-fu (literally just searching for “than-zie”), I was able to make some more progress.
Each block is actually a letter in the Navajo Phonetic Alphabet.
While I was not able to find a tool to decode this, it was simple enough manually. After the decoding process, I was left with the following plain-text.
I entered in “navaj0”, and received my points!
EverSec CTF Strange Data #3 – Conclusion
While this wasn’t a super complicated crypto challenge, it was still a fun one.
This challenge/write-up also showed the importance of testers for CTF challenges (or at least annoying competitors).
Ray Doyle is an avid pentester/security enthusiast/beer connoisseur who has worked in IT for almost 16 years now. From building machines and the software on them, to breaking into them and tearing it all down; he’s done it all. To show for it, he has obtained an OSCE, OSCP, eCPPT, GXPN, eWPT, eWPTX, SLAE, eMAPT, Security+, ICAgile CP, ITIL v3 Foundation, and even a sabermetrics certification!
He currently serves as a Senior Staff Adversarial Engineer for Avalara, and his previous position was a Principal Penetration Testing Consultant for Secureworks.
This page contains links to products that I may receive compensation from at no additional cost to you. View my Affiliate Disclosure page here. As an Amazon Associate, I earn from qualifying purchases.