Antriksh at Hardware.IO asked me if I could reprise the 'Wall Challenges' that I did for the 2017 and 2018 Hardwear.IO conferences in Den Haag (The Hague) in The Netherlands. '21 mysterious A4 pages blu-tacked to the walls with only a brief explanation' is something I've been doing for various events for some time, and it is a low-key, often mostly overlooked facet of the whole event - except for the people who get into it. If you go to one of the big, serious, 'suits' events, then you find teams of people who turn up just for the 'Capture the Flag' penetration or 'Capture the Signal' radio competitions etc., and they are usually pretty totally focussed on that for the whole event.
My 'Wall Challenges' are several opposites at the same time: they are carefully crafted training exercises, just like a 'Capture the Flag' contest; but they are also deliberately abstracted, which isn't a CTF or CTS feature. They are also fun challenges! So I thought that this might be a good time to look at what they are for, and why you might like to consider immersing yourself in one next time you see a sheet of paper stuck on the wall...(physical or virtual!).
Wall Challenges - what are they?
If you've ever wondered how people acquire an assured, casual ease with some technical subjects: 'facility' is one of the words that sometimes gets used, then one way to do it is not to read lots, or watch videos or attend lectures/seminars. Instead, actually doing something is often another good way to build familiarity, explore the limits of what you know (or don't know), and maybe extend your boundaries a bit. This is your cue: keep reading and do some WallChallenges!Wall Challenges are apparently simple problems that are often harder than they appear, and doing them is good for you! If you ever wanted a Sudoku that was more than just a few numbers in squares, or that required programming to solve, or that went into the mathematics or theory a bit more, then you might find that Wall Challenges are exactly what you are looking for.
What sort of topics are covered? Things like Binary, Hex, Number bases, ASCII, ROT-13, Hashes, Look-up tables, Modulo arithmetic, Pointers, Pictograms, Anagrams, Cryptic clues, Codes, the Periodic Table, Lateral thinking, Critical thinking, and more. Solving them can often be done with just pen and paper, although some require a spreadsheet, and the harder ones can require some programming (Python is what I've used...). In the course of finding solutions, you will also acquire a collection of interesting look-up tables (ASCII, Periodic Table...) that often have interesting histories and are very good things to know for Pub Quizzes or Only Connect (My Team didn't get onto TV, by the way...).
There's a school of thought that making things simple is both a work of genius and a genius-level way of making it look trivial. When Einstein wrote 'E=mc squared' then it looked simple enough, but the ramifications were universe-altering. Now, Wall Challenges aren't quite at that level, but they can change the way that you think...and that's the whole point. These aren't trivial ways to pass time, they are intended to make you think about things that might well be useful in Penetration Testing, Risk Assessments, Threat Modelling, Security Analysis, White and Black-hat Hacking, and so on and so on.
I'm going to show examples, and in each and every case, the answer will be 'Cryptography', and it will be in capitals, which is supposedly how 'real' cryptographers do writing (sometimes). Not the crypto of block-chain currencies, but the 'hidden writing' of encryption, AES, CIA and several other three-letter acronyms (that's Confidentiality, Integrity and Availability), of course...). The Wall Challenges shown here are deliberately simple and easy to solve, plus you already know the answer! Real Wall Challenges are a bit harder, and some, like the ones you find at hardware security conferences like Hardwear.io, are very hard indeed.
Anyway, here's the first Wall Challenge, which is called 'Bounce':
YCHRPYAPRTGO
Okay, so even though I've given you the answer, you are probably struggling to see how we went from cryptography to that! What you need are some strategies to get you started, and the first of these is:
Strategy 1: Start at the ends and scan across, skipping to see if anything looks interesting.
Well, the first letter is 'Y', reading from left-to-right, and 'Y' is the last letter of CRYPTOGRAPHY, but continuing gives 'YCHRPY' which isn't CRYPTOGRAPHY backwards (which is YHPARGOTPYRC, of course). The other end is 'O', and going right-to-left across gives 'OGTRPA' which isn't helping much either.
So let's repeat that, but skipping every other letter, and we get 'YHPARG' and 'OTPYRC'. Woah! That's CRYPTOGRAPHY backwards isn't it? So if we start at the C, second letter in from the left, and miss out every other letter, then we get 'CRYPTO' as we go across from left-to-right, and then we need to reverse direction and go right-to-left to get 'GRAPHY'. So at the end of the word, we 'bounce' and reverse direction. Maybe there should be a brick wall graphic on the piece of paper on the right hand-side?
So, we now know that doing a bit of adjusting of the order of letters can hide a word, but what use is that? Well, one of the basic transformations that encryption algorithms like AES use is shuffling the order of the data bytes...
Here's the second Wall Challenge, which is called 'Inside out':
PARG
HRCO
YYPT
Starting at the 'P' on the left and going across to the right doesn't give anything useful (PARG might be the start of PARGETER, but it is an unusual word, and there aren't any 'E's!), so try right-to-left from the 'G' - which gives 'GRAP' and we know that is in the middle of the word we are looking for... But in a real challenge then we would not know what the hidden word is, and so this wouldn't be that useful.
What we probably need is a revised strategy:
Strategy 1: Start at the ends and scan across, vertically and diagonally, skipping to see if anything looks interesting.
If we do this from the lower left hand 'Y', then we get 'YHP', and if we turn the corner at the 'P' to go across to the right, then we get 'YHPARG', which is the end half of CRYPTOGRAPHY, but reversed. If we carry on going round then we eventually hit the 'Y' where we started, so let's turn and carry on in a spiral, which takes us all the way to the 'C', giving 'YHPARGOTPYRC', which is CRYPTOGRAPHY backwards again. So this time, the word was written 'inside out', as a spiral from the initial letter 'C'. Here's me trying to make it more obvious by using coloured letters for the first three letters in the spiral:
PARG
HRCO
YYPT
...and then the last letters...
PARG
HRCO
YYPT
What have we learned this time? Well, it seems that people who are used to reading from left-to-right can find it difficult to go from right-to-left, and that turning things into a 4x3 grid and using a spiral is hard to read. So the shuffling that encryption algorithms carry out looks like it can be effective at obfuscating (a fancy way of saying 'concealing') the sequence of letters in a word. Now, I'm not aware of any cryptographic algorithms that use spirals - they tend to just shuffle or rotate rows or columns. But spirals occur all over the place in nature, and people like them, so there may well be a bias in my usage of them.
The third challenge changes tack, and goes for numbers instead of letters, and is called 'Index':
Whenever numbers appear in a Wall Challenge, then you use another strategy:
In this case, the numbers appear to be decimal. Often the '3' will be shown as '03' to make you think that it might be in hexadecimal or some other base. Notations like 0x8E for indicating hexadecimal numbers are quite rightly used in programming to make it unambiguously perfectly clear that the '8E' is in hex, but in Wall Challenges there are no rules, and so clues like '0x' are rare. In fact, if I did use that notation, then it would probably be mis-direction!
Oh, nearly forgot:
So we have a list of numbers which might be decimal, so what do we do next? A variation of Strategy 1 is a good starting point: look at the ends, and then scan across and find the largest and smallest numbers. In this case, 3 and 25 are the ends, 1 is the smallest value, and 25 is the largest value. This information is full of clues - can you think of something that comes in a set with about 25 different members?
How about the alphabet? 26 letters... So starting on the left, what is the 3rd letter of the alphabet? 'C'. The 18th? Er, and here you get to the first lookup table. Open your favourite spreadsheet of choice and create a table that has the numbers from 1 to 26 in the first column, and then the letters from A-Z in the second column. Voila - you now have a useful Wall Challenge solving aid, and the beginnings of a collection of tables about symbols and numbers that you will be using a lot. Here's what I produced:
The fourth introductory Wall Challenge is a bit different, and is called 'Standard Interchange':
This time, the ends are bigger than the previous example, at which point experienced Wall Challenge solvers use another strategy:
The lowest is 65, and the highest is 89 which is a range of 24, so immediately you should be suspecting something based on the alphabet. Now 65 is one of those 'magic' numbers that shouts out for attention, because the capital letter A is 65 in ASCII, the 'American Standard Code for Information Interchange'. 89 is Y, and so it looks like this is the time to get or make an ASCII lookup table for your collection.
If you replace 67 with the ASCII letter equivalent, you get 'C'. 82 is R, 89 is Y, and before you know it, you have: 'CRYPTOGRAPHY'.
There's an interesting thing to note here. The index table for the alphabet is actually a sub-set of part of the ASCII table - if you add 64 to the first column then it decodes CYRPTOGRAPHY perfectly fine, and this could be added as a fourth 'Shifted ASCII column'... But the ASCII table has lots of other characters in it - numbers, lowercase letters and all sorts of symbols, plus characters that control what a printer does (line feed, carriage return and those curious references back to mechanical printers that borrowed terminology and actions from mechanical typewriters...), as well as characters that don't actually print anything. If you go beyond the 127th character, then ASCII changes from something which is pretty consistent everywhere, to something with lots of alternatives. This 'Extended ASCII' is still standard, it's just that there are lots of standards covering all the variations.
So a nefarious puzzle-setter who wanted to hide some text might well make the capital A have the value 65, but that doesn't mean that it is automatically ASCII. Suppose B was 64, and C was 63? The correct reaction at this point is to already have your spreadsheet open and be adding a column, by the way...
That completes this first introduction to Wall Challenges. If you want more examples, then there are a few posts in this blog that contain them, and attending a Hardwear.io or Nullcon conference might get you a view before anyone else...
Hardwear.IO Virtual Con 2020 Questions Only - this is the 'Questions Only' version of the Wall Challenges from the Hardwear.IO Virtual Conference 2020 held online on the 30th of April and 1st of May 2020.
Hardwear.IO Virtual Con 2020 Questions and Answers
Hardwear.IO 2018 Questions
Hardwear.IO 2018 Questions and Answers
Hardwear.IO 2017 Questions
Hardwear.IO 2017 Questions and Answers
Hardwear.IO are excellent hardware security conferences!
Nullcon is a recommended security conference...
The Nullcon 2020 Badge meta-puzzle...
---
If you find my writing helpful, informative or entertaining, then please consider visiting the following link for my Synthesizerwriter alias (I write several blogs, but it makes sense to only have one 'Coffee' donation link!):
The third challenge changes tack, and goes for numbers instead of letters, and is called 'Index':
3 18 25 16 20 15 7 18 1 16 8 25
Whenever numbers appear in a Wall Challenge, then you use another strategy:
Strategy 2: Are the numbers in decimal, hex or another base?
In this case, the numbers appear to be decimal. Often the '3' will be shown as '03' to make you think that it might be in hexadecimal or some other base. Notations like 0x8E for indicating hexadecimal numbers are quite rightly used in programming to make it unambiguously perfectly clear that the '8E' is in hex, but in Wall Challenges there are no rules, and so clues like '0x' are rare. In fact, if I did use that notation, then it would probably be mis-direction!
Oh, nearly forgot:
Strategy 0: There are no rules, standard practices or conventions. (The bad guys break them all the time anyway.)
So we have a list of numbers which might be decimal, so what do we do next? A variation of Strategy 1 is a good starting point: look at the ends, and then scan across and find the largest and smallest numbers. In this case, 3 and 25 are the ends, 1 is the smallest value, and 25 is the largest value. This information is full of clues - can you think of something that comes in a set with about 25 different members?
How about the alphabet? 26 letters... So starting on the left, what is the 3rd letter of the alphabet? 'C'. The 18th? Er, and here you get to the first lookup table. Open your favourite spreadsheet of choice and create a table that has the numbers from 1 to 26 in the first column, and then the letters from A-Z in the second column. Voila - you now have a useful Wall Challenge solving aid, and the beginnings of a collection of tables about symbols and numbers that you will be using a lot. Here's what I produced:
Producing lookup tables like this also has a strategy:
Strategy 3: Whenever you need a look-up table, make one, save it, and add a few extra columns so you are better prepared for next time...
For this table, I added the third column, which is a reversed index to the alphabet. This is good preparation for what myself and lots of other security analysts call 'The T-Shirt Effect'. We all wish that we had a T-Shirt that says on it: 'There's no way that would ever happen!', because this occurs every time in a Risk Assessment or Threat Modelling session - there's always someone who says these words. In fact, governments around the world probably heard the same or similar words when they looked at the risk of a problem with a new virus epidemic at any time in the last decade...
Anyway, the table makes looking up the 18th letter of the alphabet much easier: 'R'. Going across from left to right, converting from the index number to the corresponding letter of the alphabet, we get: 'CRYPTOGRAPHY' just like you knew we would.
The fourth introductory Wall Challenge is a bit different, and is called 'Standard Interchange':
67 82 89 80 84 79
71 82 65 80 72 89
This time, the ends are bigger than the previous example, at which point experienced Wall Challenge solvers use another strategy:
Strategy 4: Is the range of numbers 26, 36, or some other small number that might contain an alphabet and numbers?
The lowest is 65, and the highest is 89 which is a range of 24, so immediately you should be suspecting something based on the alphabet. Now 65 is one of those 'magic' numbers that shouts out for attention, because the capital letter A is 65 in ASCII, the 'American Standard Code for Information Interchange'. 89 is Y, and so it looks like this is the time to get or make an ASCII lookup table for your collection.
If you replace 67 with the ASCII letter equivalent, you get 'C'. 82 is R, 89 is Y, and before you know it, you have: 'CRYPTOGRAPHY'.
There's an interesting thing to note here. The index table for the alphabet is actually a sub-set of part of the ASCII table - if you add 64 to the first column then it decodes CYRPTOGRAPHY perfectly fine, and this could be added as a fourth 'Shifted ASCII column'... But the ASCII table has lots of other characters in it - numbers, lowercase letters and all sorts of symbols, plus characters that control what a printer does (line feed, carriage return and those curious references back to mechanical printers that borrowed terminology and actions from mechanical typewriters...), as well as characters that don't actually print anything. If you go beyond the 127th character, then ASCII changes from something which is pretty consistent everywhere, to something with lots of alternatives. This 'Extended ASCII' is still standard, it's just that there are lots of standards covering all the variations.
So a nefarious puzzle-setter who wanted to hide some text might well make the capital A have the value 65, but that doesn't mean that it is automatically ASCII. Suppose B was 64, and C was 63? The correct reaction at this point is to already have your spreadsheet open and be adding a column, by the way...
That completes this first introduction to Wall Challenges. If you want more examples, then there are a few posts in this blog that contain them, and attending a Hardwear.io or Nullcon conference might get you a view before anyone else...
Resources
My YouTube channel. Go to the 'Playlists' and look for 'Wall Games'. There are quite a few other videos here to look at, covering topics like security, anime and music...Hardwear.IO Virtual Con 2020 Questions Only - this is the 'Questions Only' version of the Wall Challenges from the Hardwear.IO Virtual Conference 2020 held online on the 30th of April and 1st of May 2020.
Hardwear.IO Virtual Con 2020 Questions and Answers
Hardwear.IO 2018 Questions
Hardwear.IO 2018 Questions and Answers
Hardwear.IO 2017 Questions
Hardwear.IO 2017 Questions and Answers
Hardwear.IO are excellent hardware security conferences!
Nullcon is a recommended security conference...
The Nullcon 2020 Badge meta-puzzle...
---
If you find my writing helpful, informative or entertaining, then please consider visiting the following link for my Synthesizerwriter alias (I write several blogs, but it makes sense to only have one 'Coffee' donation link!):
No comments:
Post a Comment
Note: only a member of this blog may post a comment.