Friday, 13 March 2020

Nullcon 2020 Conference Badge Answers

The Nullcon Goa 2020 Conference Badge is a meta-puzzle. There is lots of data all over it, and it obviously has some meaning, but it isn't the usual 'little bit of manufacturer metadata in the corner' stuff, or even a Verhoeff checksum. At a security conference, then there is almost no need to have any further instructions - the badge is intrinsically a challenge to people whose modus operandi is to question everything.

Of course, it might all mean nothing. Unless someone published the answers. If you don't want to know what all that data means, then stop reading now and click away ( Try this as a distraction! ). If you carry on reading, then welcome down the rabbit hole!

The badge was laser etched onto clear plastic (Now this is tricky - I'm not sure if that gorgeous green/orange plastic is 'clear' or 'transparent' - language is an impressively imprecise communication medium!) The design was produced as a DXF file, and has two slots for the lanyard, plus three other holes/circles (manufacturing detail!) There are more than twenty interconnected puzzles (hence the word: meta-puzzle) on the badge, and it looks very cool!  

(In the graphics that follow, I have deliberately left room around the central area so that when you print out this blog, there is plenty of room for notes and calculations...)

The first thing that you probably notice is the central 'tile', which looks like an entry in an alternative Periodic Table - or maybe one from a different universe (paywall) in the multiverse (not paywalled), where the elements are slightly different... A Google search for Nullconium doesn't reveal much, and assuming that it is a Latin word is satisfyingly self-referential. 'Nu' isn't an abbreviation for any element, either. ( Link to useful list for puzzle designers )  Atomic numbers as high as 2000 are way beyond current physics, and 2000+ fails as an atomic number because it isn't unique. The mass number of 20.167 is all wrong as well - it should be larger than the atomic number! At this point, it should be clear that this isn't a tile for an element - but an eye-catching device to gab your attention. 

Warning: if you don't want to know, stop reading now!

The Answers!




The 2000+ is a reference to one of the many year numbering systems that are in use around the world. In the Gregorian Calendar, the current year is 2020, the 20th year of the 21st century. So the 2000 is a hint, and the 20.167 is 20 years, plus .167 of a year, which is meant to be the elapsed part of the year to the beginning of March when Nullcon Goa 2020 started. The 1st of March is day 54 out of 365, which is 0.147, so Nullcon obviously started after that... Day 61 is the 8th of March, which is the day after the last day of the conference. Nullconium thus appears to have the unusual property that the mass number of its most stable isotope increases over the course of a year, then resets, increments and continues to rise: two concatenated sawtooth waveforms...

The green holes/circles allow a 20-sided regular icosagon to be drawn, which is unlikely to be very useful in most security-related areas, but it is interesting that it is another occurrence of '20'... This also highlights an interesting security consideration: The green layer has been interpreted by the badge manufacturer as the 'holes/drill layer' and so they have cut or drilled holes at those points (and probably wondered why I didn't put targets instead of circles! But I forgot this, and so added the screen '+' sign to the middle hole as a extra clue (as it says in the diagram above). I should have moved the green cross to another layer so that it got laser-etched and would be visible...

Of course, a security-minded person quickly realises that this is a classic potential vulnerability - the designer made a mistake that is subtle and hard to spot, but which may have consequences that the designer wasn't anticipating. In my case, a clue was missing and the diagram above highlights this! This type of vulnerability is not restricted to DXF files, of course: any place where two things are affected when only one was supposed to be, or when the coder assumes that two things are related when they shouldn't be, crops up in all sorts of coding situations. A bug like this is very hard to spot because people are very good at seeing patterns and associating things as groups - and in this case, this is exactly wrong - the hole and the '+' symbol should definitely be on two different layers. For a security analyst, this gives a clue to how to find this type of potential vulnerability: look for things that are out of context, exceptions or variations, or where multiple similar things happen at once - you can almost guarantee that a copy/paste/modify will have been done wrong, or that one or more references or paths or pointers will be wrong. people are very good at king this type of mistake, and very bad at spotting their mistake. Hiding in plain sight!

On the lowest edge of the badge are what look like books on a book-shelf, with some them falling over. You either see it immediately, or else you suddenly can see it when it is pointed out to you - a binary visual interpretation. once seen, you can't un-see it! These spell 'Nullcon' in a rather arcane way, but serve as a clue to some of the other numbers around the edge... I always try to include hints and pointers to things to get people started...

Having said this about leaving clues: the two holes for the lanyard do not have any significance (and 'lanyard-puzzles' are another related class of meta-puzzle!). This is probably the most difficult challenge on the badge. As in many security-related investigations, the hardest problem to solve is one that is not a problem with an answer!

The 'book-shelf' clue leads nicely into the data around the top edges. From the left, clockwise, these get gradually more difficult. CLLNNOU is just the letters in 'Nullcon' sorted alphabetically, which leads to 3522143, which is just the alphabetical positions in CLLNNOU (1223345) undone by forming NULLCON (3522143) and then reversing the order. Over on the right hand side, the 1876^2 + 2767 gives a result of 3,522,143, which is the non-reversed order of the letters of a sorted Nullcon. 
The long row of two digit numbers at the top of the badge is just Nullcon 2020 in 'ASCII', but using character 00 with its meaning of 'Null' instead of spelling out 'NULL' as 78,  85, 76, 76. So not quite normal ASCII... But the inclusion of 2020 is also a clue for the other two sets of numbers. 04 08 04 00 is meant to look like ASCII, but is actually a number: 4,080,400, which is 2020^2, and 4080400 is the same 2020^2 again, but this time shown without commas. At this point, you are probably thinking that 'Nullcon' and '2020' seem to be the answers to the challenges, but this is not true for all of the challenges... 


Underneath the 'tile', there are four rows of numbers and symbols. In general, the numbers are numbers, whilst the symbols are used to indicate the number base that has been used to express the number. So the top left number of 3744 is to the left of an octagon, and turns out to be 2020 in octal (base 8), even with a typo in the diagram! (The missing '4' - which is not missing for any reason other than a typo!) The 011 111 100 100 to the right is also in octal, but binary octal (which is octal expressed in binary form!): '011' is 3, '111' is 7, etc. 

The next row has what looks like binary again, because it is! The '\' symbol indicates binary just as the octagon indicates base 8. I did consider using Unary (base 1), where no symbol at all indicates zero, a single 1 represents 1, 11 is 2, 111 is 3, 1111 is 4, and so on, but decided that having 2020 1's in a row was going to be difficult to count! By using the '\' symbol as a clue that the base changes, the four pentagons indicate base 20, which is slightly outside most people's experience. Anyway, 510 is 2020 in base 20, which looks like there's some interesting patterning going on, and I'm sure that Numberphile et al on YouTube have covered this... (I'm reasonably sure, but didn't search too hard for it...) 

The next row down has base 5, base 18 (well outside my usual path!) and what looks like it might be an ethernet address... Well, it is, for the Tsinghua University in Beijing, China, but this is base 10: decimal, and those dots are shorthand for 'multiply'. So it means 101 x 5 x 2 x 2 = 2020. I'm very fond of giving you a repeated pattern and then suddenly jumping to something entirely different. Lulling you into a false sense of security, as they say!

Now that the context switch has happened, the final row is in base 10 (decimal), then hex (base 16) and then hex again. 45^2 - 5 = 2020, which is interesting, and 7E4 does look like hex, but it's just a straight conversion from 2020. D^2 - B1 is just hex arithmetic to try and test your agility.  

At this point, you might think you were finished. But there is one final puzzle - the numbers on the right hand side...


26, 20, 9 and 0 aren't ASCII, and they don't seem to be 2020 in any base. So what are they? If you replace the values in the rows with the number bases that are used, then you just get a grid of numbers. But if you add them up (clue is the + in front of the numbers on the right) then you get a very special number: 42. (42 is special in lots of ways !) I didn't use the Catalan 5-significance of 42 in this meta-puzzle - that would be for a maths conference, not a security conference...

Finally, after all of those 'Nullcon's and '2020's, we get to a different special number: '42'. Yay!

(It would have been boring if that was a 2020 as well, wouldn't it? Of course, 48.0952381..... x 42 is 2020, but that's another story.)

I hope you found the 42. If not, you now know how to find it!

And a summary!



---

More...


To find the first part of this post on the Nullcon badge, visit this page...

If you want more depth about one of the challenges above, then please visit this page...

---

I would like to thank the wonderful people at Payatu Technologies, who organise Nullcon, for great conferences (hardware.io, for example), and for asking me to do this badge design for Nullcon Goa 2020. 

---

If you find my writing helpful, informative or entertaining, then please consider visiting this link for my Synthesizerwriter alias (I write several blogs, and it makes sense to only have one donation page!):




   



No comments:

Post a Comment

Note: only a member of this blog may post a comment.

NULLCON 12, Berlin, April 2022

Here's the badge that I designed for the NULLCON 2022 Berlin security conference (and highly recommended training!).  The NULLCON 2022 b...