Sunday, 11 July 2021

Hardwear.IO USA 2021 Wall Challenge Extras

Photo by Yogendra Singh on Unsplash

OK, so it may have been a bit difficult to solve this time...

The Wall Challenge that I produced for the Hardwear.IO USA 2021 hardware security conference was a little different to previous puzzles. I've always been a fan of the 'metapuzzle', where everything is interlinked. Cliff Johnson's 'Fool's Errand' is a very refined version of a metapuzzle...

So the Wall Challenge was all about a defective printer, and why it was incorrectly printing the virtual badges for an online conference. As always, the premise is just window-dressing. The intended purpose of a Wall Challange, as I have said many times before, is training people in security hacking: 

How to solve unfamiliar puzzles

Which is why the instructions are often sparse, and the setting is unusual. One way of thinking about it is to imagine the total opposite of a 'Capture The Flag' (CTF) contest, where the setting, purpose, methodology, approach to solving (and more) are all known beforehand, are well understood, and are familiar. In contrast, the best indicator of a high quality Wall Challenge is when people say: 'I haven't seen a puzzle like this before - how do I solve it?' 

Which is why previous Wall Challenges have used underlying mechanisms like resistor colour codes, flags, a CNC machine-engraved plastic conference badge, and more. So what could the theme be for a conference held in the United STATES of America?

Resources

Just as in security, doing the background research is important. In this case, two main resources were used:

https://www.ssa.gov/international/coc-docs/states.html

https://en.wikipedia.org/wiki/United_States (and the pages for individual states...)

Two other implied resources were used, although it was assumed that most conference attendees would be familiar enough with them:

Printers

Conference Badges

This assumption is important, because it means that explanations of how they work, what they do, etc. are not required. 

Finally, two essential online resources for readers of this blog - two YouTube videos:

Questions Only (recommended starting place)

Questions and the Answers (for later...)

Discord

In a real conference, Wall Challenges are sheets of A4 paper, blu-tacked to the wall around the venue. People can see them, they can talk to others about them, and the physical act of standing in front of one, brow furrowed trying to figure it out, is one pf the most effective pieces of advertising known to human beings. Especially motivated problem-solvers like the people at a hardware security hacking conference!

At a virtual conference, an online equivalent is required. The one that is used at Hardwear.IO conferences is Discord - there are other software applications with a similar feature set, but Discord is particularly well-evolved, and is my personal favourite of this type of team messaging application.

In a virtual/online conference, Discord is where the challenges are posted/published. It is also where people chat, discuss, and generally engage in discourse about the challenges - a total analogue of people standing around in front of sheets of paper stuck on the wall... It is also where hints and clues can appear. Here are some from the USA 2021 conference (and others):

(For newbies:)

How to start? Read everything - there are clues everywhere. Try looking for the differences between the cards.

The whole experience is meant to be an analogue of the real hardware hacking experience: You have no idea what is going on inside the hardware, but you can see some external effects...

(Hints for those struggling:)

Is any information missing on the cards?

Everything is a clue... Read the introduction, and everything in the challenge pictures...

Don't know where to start? Look for what should be on the cards. Are there any clues in any of the pictures?

suppose the printer can't fit any more than two red characters into the space... what does it do?

what if the red characters in challenge 1 were the beginning and ending of two words?

the red characters on the left are important!

(Sometimes the hints are themselves clues:)

so what makes the cards in the 2nd challenge different to the 1st challenge?

why is all the printing on the badges in capital letters? could this be important?

is there a typo in challenge 1? shouldn't it be 'HardWear.IO'? what is the abbreviation?

what is going on in the set of red characters in challenge 1?

(Sometimes the hints just repeat what is in the picture, to make it more obvious:)

Ha! - no, I know there isn't a web-site for American Wave Ascenders, Inc.

"...a total state of confusion..." (it's a clue!)

(Associated concepts:)

Georg Cantor

(Responses and clarifications to email queries:)

none of the hardwear.io staff were from spokane! (the printer is confused!)

(Additional clues when people are really struggling:)

the answer to challenge 1 is two US states. the answers to challenges 2 to 6 are one US state in each case...

to solve challenge 7 it helps if you have some of the answers to 1 to 6...

---

Thanks to everyone who participated in the Wall Challenge. It seems that this one was more difficult to solve than I thought. Sometimes the pre-testing doesn't give a good indication of reality...

Oh, and grateful and sincere thanks to Unsplash, who provide me with excellent, nicely-themed photos for several blogs! And they can do the same for you...

Photo by James on Unsplash

---

If you find my writing helpful, informative or entertaining, then please consider visiting the following  link for my Synthesizerwriter alias (I write several blogs, but it makes sense to only have one 'Coffee' donation link!):











No comments:

Post a Comment

Note: only a member of this blog may post a comment.

NULLCON 12, Berlin, April 2022

Here's the badge that I designed for the NULLCON 2022 Berlin security conference (and highly recommended training!).  The NULLCON 2022 b...