[crackme] RSA 2012 #sophospuzzle

[kao]

At this year's RSA2012 conference, Sophos is giving away cool crypto-puzzle T-shirts. Meet us on Booth #1817 and claim yours!

You don't have to be at the show to take part in the puzzle. The text to use in solving the puzzle is shown below:

#include~<string.h>!int~putchar(int~c);char~*m="noncen.cmh/alu/puyxs.hrhb\xd\xa";void~main(int~argc,char~**argv){if(argc>1&&strlen(argv[1])==8){int~i=0;while(*m){putchar(*m+(*m<0x41?0:argv[1][(++i>8?i=1:i)-1]-0x61));m++;};};}

Solve this puzzle and you'll get a URL. Visit the URL and you'll face the second stage. Solve this and email the answer to Naked Security writer Paul Ducklin and get in the draw to win a NERF N-STRIKE Vulcan EBF-25.

Source: http://nakedsecurity...win-a-nerf-gun/

Cheers,

kao.

Disclaimer: I am in no way affiliated with Sophos.

EDIT: edited topic title to keep automatic checker happy.

Edited February 28, 2012 by kao

[deepzero]

aha!

looked at this for 10 mintes this morning, couldnt solve it.

Now i see they updated the code!

[DE!]

lol... got the url working.. .. second test.. ermm

[Killboy]

The first one is kinda cheap, you can solve it without a computer.

Number two is... irritating, not sure what they're getting at.

Edited February 28, 2012 by Killboy

[DE!]

The first one is kinda cheap, you can solve it without a computer.

Number two is... irritating, not sure what they're getting at.

Yea...first check is easy...... second task.. well.. i understand what they're getting at.. but don't have the slightest idea on how to start on it....

[Killboy]

Wow I just spent half an hour writing a multithreaded python solution just to find out CPython only allows running one thread at a time. WTF. Now I'm running 7 python instances in their own cmd window. All for one stupid toy gun

[kao]

I just spent half an hour writing a multithreaded python solution just to find out CPython only allows running one thread at a time. WTF.

The challenge is supposed to be fun, not frustrating. On the other hand, I failed to solve even the first stage. Crypto-puzzles are not my field of expertise..

[Killboy]

The challenge is fun, great afternoon entertainment. Python, on the other hand, isn't

[Killboy]

Got it

Make sure you use all the tips on the website of the second stage, you'll need a hint if you didn't accidentally use the right 'source'.

Edited February 28, 2012 by Killboy

[cozofdeath]

Got the first one down. Had to use a compiler. I'm not a crypto/math kinda guy so compiling it worked a little easier for me. The second one confused me. I didn't understand how you could calculate what they want. Before giving up I checked the twitter link and the right "source" was found. I still didn't go through with all the stuff afterwords but I think I get the process now.

[redblkjck]

I used a python script with shutil.copyfileobj to append the files in stream and passed a temp file to md5 hashlib. This worked out fine but I think there must be a faster way. Glad the final answer wasn't too far up from the prodcut of xy... The Dragon Tattoo challenge Sophos did the week of the movie release was pretty good.

[redblkjck]

They posted a video solution on Sophos for the RSA 2012

..http://nakedsecurity.sophos.com/2012/03/20/video-how-to-solve-the-rsa-2012-sophospuzzle/