Here's the badge that I designed for the NULLCON 2022 Berlin security conference (and highly recommended training!).
|
The NULLCON 2022 badge...
|
There are three, and arguably four, puzzles hidden in the badge, plus a hint, as you will see, to a very different text obfuscation technique that looks like strong crypto, but has a very light CPU overhead. That's quite a bargain for something that most people will dismiss as a silly bit of graphics on the back of a piece of thick cardboard.
Let's start by looking at the grid of characters in the centre section, by rotating it by 90 degrees:
|
Not a word-search grid... |
At first glance, this looks like it might be a word-search grid, and so you might go along the rows and columns, looking for words...
And you will get 'NULL', '2022' and 'FOR', which isn't very helpful. But you do also get some incomplete words: 'BERLI' and 'SECUR', which looks like they might be 'Berlin' and 'Security' - but the other required letters are in different rows or columns... Also, the 'N' at the beginning of 'NULL' was bigger...
Underneath the grid of characters, there is the NULLCON logo, although it has a few additions:
|
A slightly modified NULLCON logo... |
The logo starts from a circular blob, along a path indicated by an arrow, and ends up at an exclamation mark, where the dot of the symbol is the end of the path.
Imagine that the NULLCON logo is a map, where the path that is indicated is the path that you must follow on the map. Also imagine that the character grid is the map...
It seems that the circular blob at the start coincides with the big 'N' at the start of 'NULL', so what happens if you trace along the path? To make it easier to see, the next image colours all the off-path characters in light blue:
|
The character grid and the NULLCON logo path... |
Starting at the 'N' blob, it now reads: 'NULLCON2020BERLINGE' as you trace along the path. it is easier to see this if the background is also light blue:
|
Blue on blue... |
Looking at the logo, the diagonal line across the zero or zed or zee (it depends how you look at it!), is quite a shallow angle, so maybe the path isn't adjacent characters? Aha! From the 'G', you should be able to find an 'E', then and 'R', then an 'A', and finally an 'N' - and turning round again a 'Y' on the right. So the path now reads:
NULLCON2022BERLINGERMANY
Which can be split up into:
NULLCON 2022 Berlin Germany
Because, as you should know, cryptographers always:
USECAPITALLETTERSDONTUSEPUNCTUATIONANDDONTUSESPACES
If we carry this along the path, then we get the name and part of a phrase from the NULLCOM 2022 web-site (I have added capital letters and punctuation where appropriate...):
NULLCON 2022, Berlin, Germany. A unique platform for security showcasing!!
The two exclamation marks were added by me, of course!
And that's the first part of the answer to the badge puzzle...
---
At the very top of the badge is some strange text:
It looks like it is maybe upside down, or rotated? But no matter what you do with rotations or mirroring, it just doesn't turn into anything readable... But do you notice anything about the NULLCON logo - does it have rotational symmetry? Could this be a clue?
Let's rotate it by 180 degrees and put the two versions one above the other:
You might be able to see that now, the lambda has become a 'y', that weird rounded 'w' has become an 'm', and the rotated 'e' has become an 'e'.
If you alternate letters from left to right, then the letters which are the right way up are these:
p z l b a t n u s
and the other alternate letters are rotated by 180 degrees:
u z e y m r i r s
And if you put these letters together, you get:
puzzle by martin russ
Basically, your eyes are quite happy with rotations and mirroring if they affect the whole of the text, but if you do it on individual characters, then your brain stops being able to read it without a lot of concentration.
You can use a variant of this technique to obfuscate text to avoid any simple dictionary-based text scanning program from finding any plain text that you have left as strings in a program. Just add 1 (or any other number - this is the 'key') to alternate letters (so A becomes B, etc.) and you have something that no longer looks like text:
PVZALFBZMBRUIORVST
This also wrecks conventional letter frequency analysis, has high entropy (so binwalk highlights it as keys!) , and looks like strong crypto, except the 'key' is a single (or double) digit number and there is no ordinary crypto! Just obfuscation!
There are various things you can do to this to make it even more obscured. Adding '=' instead of spaces makes it look like broken Base-64 URL encoding, for example. Another wrinkle is to rotate through QUJZ?!=+ and use those as spaces, and now it looks like very broken Base-64 URL coding! I'm sure you can figure out a neater variation, and then a fast encode/decode routine (the more obtuse the code, the better - my personal preference is to make it look like an AES routine, because people will then automatically assume that it is AES, and not delve any deeper...).
<sound of frustrated cryptographer scouring the code, desperately looking for the key transfer mechanism (that isn't there!) so they can decode the above text....>
This text obfuscation is probably worth your time reading this, already!
---
The other badge puzzle is simpler, but because it is in two parts, it is harder to spot. Plus, it is so simple that most people will dismiss it as being trivial.
At the top, there is another NULLCON logo and another character grid, and then another bit of graphic at the bottom:
|
The other puzzle is in two parts... |
Note also that the bottom of the badge contains the first 24 characters of the answer to the first 'path map' puzzle, just to make it easier to solve that one!
The top part of this is exactly what it looks like, another path map. This time, by tracing out the logo's path (not the edges!), you get 'GOA' 11 times, followed by 'BER' (Don't forget the turn upwards to get the 'R'!). It turns out that there have been eleven NULLCONs held in Goa, and this is the twelfth NULLCON - the first held in Berlin, Germany.
The end of the path is a '*' (with 5 ends, not six... which isn't significant), and this leads to the bottom part of the puzzle, where the star points to a 3x9 matrix of dots, some of which are filled in, and some of which are empty. There are two clues to what to do here. The first is the 'puzzle by martin russ' text at the top of the badge - you have to rotate alternate characters by 180 degrees to be able to read all the characters. So rotate the badge 180 degrees (remember that the NULLCON logo has 180 degree rotational symmetry), and look at the 3x9 matrix - it spells: 'LIN'. The second clue is in the name text right at the bottom of the badge - it says: 'NULLCON 2022 Berlin Germany' (as you probably well know by now!). But look at the positioning of the 'Ber' text in the name, and the 'LIN' spelled out in the 3x9 matrix - do you see an alignment?
Yep, the size of the matrix and the arrow are set so that the 'Ber' and the 'Lin' line up, (you go up from the 'r' and you hit the 'L', and then go across backwards) as an extra clue! (plus the rotation aligns the logo again!) I did think about using the '|' vertical character instead of the lower case 'L', but decided that this made it too obvious...
So the 'puzzle by...' text, and the name text at the bottom of the badge are not accidental, and the size of the matrix and the arrow are connected to them. On a larger scale, this would be called a meta-puzzle...
The second puzzle is thus a reminder of the history of NULLCON: 11 in Goa, and one in Berlin, Germany.
So here's a photo of one of the winning entries:
What I like about this is the way that an image of the badge itself has been annotated as the answer!
---
If you find my writing helpful, informative or entertaining, then please consider visiting this link (only one store for all my blogs!):
(Encourage me via a different route entirely...)
Or just tell someone else that there's this amazing blog about security