Hacker Newsnew | past | comments | ask | show | jobs | submitlogin
GCHQ Code Cracking Challenge to recruit code breakers (canyoucrackit.co.uk)
51 points by samwillis on Dec 1, 2011 | hide | past | favorite | 29 comments


Here's a handy typed in version of the image on the site:

Left hand side:

  eb04afc2 bfa381ec 0cfec175 f931c0ba d0c1ca08 8a1c0c8a
  fec175e8 e95c0000 005c583d 41414141 753b5a89 d189e689
  d189df29 cf31c031 8a14068a 341e8834 8a1c168a 1730da88 
  d8fec0cd 809090e8
Right hand side:

  00010000 31c9880c efbeadde 02040c00 3c04881c 04883c0c 
  0089e381 c3040000 7543583d 42424242 df29cff3 a489de89 
  db31d2fe c0021c06 0688141e 00f230f6 17474975 de31db89   
  9dffffff 41414141
There are lots of interesting features in this.

I should add, cryptically, that there's more to the challenge, I believe, than simply meets the eye.

  42424242 32000000 c291d8f1 6d70203a ab67c29a 0bc4c291 
  fbc7660f fccdccb4 02fad777 b45438ab 1f0ee38e d30deb99    
  c3c293fe d12b1b11 c611efc8 ca2f


If you're a bit stuck try pasting:

eb 04 af c2 bf a3 81 ec 0c fe c1 75 f9 31 c0 ba d0 c1 ca 08 8a 1c 0c 8a fe c1 75 e8 e9 5c 00 00 00 5c 58 3d 41 41 41 41 75 3b 5a 89 d1 89 e6 89 d1 89 df 29 cf 31 c0 31 8a 14 06 8a 34 1e 88 34 8a 1c 16 8a 17 30 da 88 d8 fe c0 cd 80 90 90 e8 00 01 00 00 31 c9 88 0c ef be ad de 02 04 0c 00 3c 04 88 1c 04 88 3c 0c 00 89 e3 81 c3 04 00 00 75 43 58 3d 42 42 42 42 df 29 cf f3 a4 89 de 89 db 31 d2 fe c0 02 1c 06 06 88 14 1e 00 f2 30 f6 17 47 49 75 de 31 db 89 9d ff ff ff 41 41 41 41

into either:

http://www.onlinedisassembler.com/

or

http://pyms86.appspot.com/desasm_hex


eb 04 af c2 bf a3 81 ec 00 01 00 00 31 c9 88 0c 0c fe c1 75 f9 31 c0 ba ef be ad de 02 04 0c 00 d0 c1 ca 08 8a 1c 0c 8a 3c 04 88 1c 04 88 3c 0c fe c1 75 e8 e9 5c 00 00 00 89 e3 81 c3 04 00 00 00 5c 58 3d 41 41 41 41 75 43 58 3d 42 42 42 42 75 3b 5a 89 d1 89 e6 89 df 29 cf f3 a4 89 de 89 d1 89 df 29 cf 31 c0 31 db 31 d2 fe c0 02 1c 06 8a 14 06 8a 34 1e 88 34 06 88 14 1e 00 f2 30 f6 8a 1c 16 8a 17 30 da 88 17 47 49 75 de 31 db 89 d8 fe c0 cd 80 90 90 e8 9d ff ff ff 41 41 41 41 42 42 42 42 32 00 00 00 91 D8 F1 6D 70 20 3A AB 67 9A 0B C4 91 FB C7 66 0F FC CD CC B4 02 FA D7 77 B4 54 38 AB 1F 0E E3 8E D3 0D EB 99 C3 93 FE D1 2B 1B 11 C6 11 EF C8 CA 2F


eb 04 af c2 bf a3 81 ec 00 01 00 00 31 c9 88 0c 0c fe c1 75 f9 31 c0 ba ef be ad de 02 04 0c 00 d0 c1 ca 08 8a 1c 0c 8a 3c 04 88 1c 04 88 3c 0c fe c1 75 e8 e9 5c 00 00 00 89 e3 81 c3 04 00 00 00 5c 58 3d 41 41 41 41 75 43 58 3d 42 42 42 42 75 3b 5a 89 d1 89 e6 89 df 29 cf f3 a4 89 de 89 d1 89 df 29 cf 31 c0 31 db 31 d2 fe c0 02 1c 06 8a 14 06 8a 34 1e 88 34 06 88 14 1e 00 f2 30 f6 8a 1c 16 8a 17 30 da 88 17 47 49 75 de 31 db 89 d8 fe c0 cd 80 90 90 e8 9d ff ff ff 41 41 41 41


eb 04 af c2 bf a3 81 ec 0c fe c1 75 f9 31 c0 ba d0 c1 ca 08 8a 1c 0c 8a fe c1 75 e8 e9 5c 00 00 00 5c 58 3d 41 41 41 41 75 3b 5a 89 d1 89 e6 89 d1 89 df 29 cf 31 c0 31 8a 14 06 8a 34 1e 88 34 8a 1c 16 8a 17 30 da 88 d8 fe c0 cd 80 90 90 e8 00 01 00 00 31 c9 88 0c ef be ad de 02 04 0c 00 3c 04 88 1c 04 88 3c 0c 00 89 e3 81 c3 04 00 00 75 43 58 3d 42 42 42 42 df 29 cf f3 a4 89 de 89 db 31 d2 fe c0 02 1c 06 06 88 14 1e 00 f2 30 f6 17 47 49 75 de 31 db 89 9d ff ff ff 41 41 41 41


eb 04 af c2 bf a3 81 ec 0c fe c1 75 f9 31 c0 ba d0 c1 ca 08 8a 1c 0c 8a fe c1 75 e8 e9 5c 00 00 00 5c 58 3d 41 41 41 41 75 3b 5a 89 d1 89 e6 89 d1 89 df 29 cf 31 c0 31 8a 14 06 8a 34 1e 88 34 8a 1c 16 8a 17 30 da 88 d8 fe c0 cd 80 90 90 e8 00 01 00 00 31 c9 88 0c ef be ad de 02 04 0c 00 3c 04 88 1c 04 88 3c 0c 00 89 e3 81 c3 04 00 00 75 43 58 3d 42 42 42 42 df 29 cf f3 a4 89 de 89 db 31 d2 fe c0 02 1c 06 06 88 14 1e 00 f2 30 f6 17 47 49 75 de 31 db 89 9d ff ff ff 41 41 41 41


eb 04 af c2 bf a3 81 ec 0c fe c1 75 f9 31 c0 ba d0 c1 ca 08 8a 1c 0c 8a fe c1 75 e8 e9 5c 00 00 00 5c 58 3d 41 41 41 41 75 3b 5a 89 d1 89 e6 89 d1 89 df 29 cf 31 c0 31 8a 14 06 8a 34 1e 88 34 8a 1c 16 8a 17 30 da 88 d8 fe c0 cd 80 90 90 e8 00 01 00 00 31 c9 88 0c ef be ad de 02 04 0c 00 3c 04 88 1c 04 88 3c 0c 00 89 e3 81 c3 04 00 00 75 43 58 3d 42 42 42 42 df 29 cf f3 a4 89 de 89 db 31 d2 fe c0 02 1c 06 06 88 14 1e 00 f2 30 f6 17 47 49 75 de 31 db 89 9d ff ff ff 41 41 41 41


eb 04 af c2 bf a3 81 ec 0c fe c1 75 f9 31 c0 ba d0 c1 ca 08 8a 1c 0c 8a fe c1 75 e8 e9 5c 00 00 00 5c 58 3d 41 41 41 41 75 3b 5a 89 d1 89 e6 89 d1 89 df 29 cf 31 c0 31 8a 14 06 8a 34 1e 88 34 8a 1c 16 8a 17 30 da 88 d8 fe c0 cd 80 90 90 e8 00 01 00 00 31 c9 88 0c ef be ad de 02 04 0c 00 3c 04 88 1c 04 88 3c 0c 00 89 e3 81 c3 04 00 00 75 43 58 3d 42 42 42 42 df 29 cf f3 a4 89 de 89 db 31 d2 fe c0 02 1c 06 06 88 14 1e 00 f2 30 f6 17 47 49 75 de 31 db 89 9d ff ff ff 41 41 41 41


what is this ?


Pasting ay. lol im going to be up all night


58 3d 41 41 41 41


58 3d 41 41 41 41


The repititions have me curious.

Do you, or anyone, happen to know of a cypher-text analysis tool that will allow for example to quickly workout distributions of substrings, perform simply replacements and the like?

I guess I could code such a thing but my coding is pretty rusty.

---

Edit: I found these but question is still open if someone has a good tool to suggest.

http://crypto.lkdev.com/fa.php http://www.richkni.co.uk/php/crypta/freq.php


script to do it automagically, using tesseract:

http://git.aeminium.org/~slug/?p=programming/security.git;a=...

unsigned char image_com[] = { 0xeb, 0x04, 0xaf, 0xc2, 0xbf, 0xa3, 0x81, 0xec, 0x00, 0x01, 0x00, 0x00, 0x31, 0xc9, 0x88, 0x0c, 0x0c, 0xfe, 0xc1, 0x75, 0xf9, 0x31, 0xc0, 0xba, 0xef, 0xbe, 0xad, 0xde, 0x02, 0x04, 0x0c, 0x00, 0xd0, 0xc1, 0xca, 0x08, 0x8a, 0x1c, 0x0c, 0x8a, 0x3c, 0x04, 0x88, 0x1c, 0x04, 0x88, 0x3c, 0x0c, 0xfe, 0xc1, 0x75, 0xe8, 0xe9, 0x5c, 0x00, 0x00, 0x00, 0x89, 0xe3, 0x81, 0xc3, 0x04, 0x00, 0x00, 0x00, 0x5c, 0x58, 0x3d, 0x41, 0x41, 0x41, 0x41, 0x75, 0x43, 0x58, 0x3d, 0x42, 0x42, 0x42, 0x42, 0x75, 0x3b, 0x5a, 0x89, 0xd1, 0x89, 0x5c, 0x78, 0x24, 0x36, 0x89, 0xdf, 0x29, 0xcf, 0xf3, 0xa4, 0x89, 0xde, 0x89, 0xd1, 0x89, 0xdf, 0x29, 0xcf, 0x31, 0xc0, 0x31, 0xdb, 0x31, 0xd2, 0xfe, 0xc0, 0x02, 0x1c, 0x06, 0x8a, 0x14, 0x06, 0x8a, 0x34, 0x1e, 0x88, 0x34, 0x06, 0x88, 0x14, 0x1e, 0x00, 0xf2, 0x30, 0xf6, 0x8a, 0x1c, 0x16, 0x8a, 0x17, 0x30, 0xda, 0x88, 0x17, 0x47, 0x49, 0x75, 0xde, 0x31, 0xdb, 0x89, 0xd8, 0xfe, 0xc0, 0xcd, 0x80, 0x90, 0x90, 0xe8, 0x9d, 0xff, 0xff, 0xff, 0x41, 0x41, 0x41, 0x41, 0x42, 0x42, 0x42, 0x42, 0x32, 0x00, 0x00, 0x00, 0x91, 0xd8, 0xf1, 0x6d, 0x70, 0x20, 0x3a, 0xab, 0x67, 0x9a, 0x0b, 0xc4, 0x91, 0xfb, 0xc7, 0x66, 0x0f, 0xfc, 0xcd, 0xcc, 0xb4, 0x02, 0xfa, 0xd7, 0x77, 0xb4, 0x54, 0x38, 0xab, 0x1f, 0x0e, 0xe3, 0x8e, 0xd3, 0x0d, 0xeb, 0x99, 0xc3, 0x93, 0xfe, 0xd1, 0x2b, 0x1b, 0x11, 0xc6, 0x11, 0xef, 0xc8, 0xca, 0x2f }; unsigned int image_com_len = 221;


If you submit the correct solution, do you get put on a list of "dangerously computer competent" people?


I remember them having a puzzle on their website about 11 years ago when I was still living in England, almost like a scavenger hunt with different smaller puzzles. The answer was an email address to send your CV. Unfortunately being Canadian I wasn't eligible.


The American equivalent of the GCHQ, NSA, frequently holds competitions on a website called TopCoder (http://topcoder.com).

Usually, they've have a recruitment officer in the lobby of the TopCoder chat room. Very interesting competitions of varying skill levels.


[Cryptic spoilers]

The first stage seems pretty luck based - you either recognize it pretty quickly as the type of code it is, or you're stuck there for days trying every interpretation you can think of. It doesn't help that a portion of the code is deceptively hidden :/

"stage 2 of 3", however, looks quite fun :)


(Partial) solution? http://twitter.com/badeip http://pastebin.com/pJmZYbMy http://pastebin.com/cqzbkw4H


WARNING SPOILER http://www.canyoucrackit.co.uk/15b436de1f9107f3778aad525e5d0...


Could anyone translate these into English for the non C speakers?


All it does is allocate a block of memory, write data to it, fix it up a little, and then execute it.


maybe mips?

""" 0x00000010 d0c1ca08 j 0x32b0740 0x00000014 8a1c0c8a lwl t4,7306(s0) 0x00000018 fec175e8 swc2 $21,-15874(v1) 0x0000001c e95c0000 0x5ce9 0x00000020 005c583d 0x3d585c00 0x00000024 41414141 0x41414141 0x00000028 753b5a89 lwl k0,15221(t2) 0x0000002c d189e689 lwl a2,-30255(t7) 0x00000030 d189df29 slti ra,t6,-30255 0x00000034 cf31c031 andi zero,t6,0x31cf 0x00000038 8a14068a lwl a2,5258(s0) 0x0000003c 341e8834 ori t0,a0,0x1e34 0x00000040 8a1c168a lwl s6,7306(s0) 0x00000044 1730da88 lwl k0,12311(a2) 0x00000048 d8fec0cd lwc3 $0,-296(t6) 0x0000004c 809090e8 swc2 $16,-28544(a0) 0x00000050 00010000 sll zero,zero,0x4 0x00000054 31c9880c jal 0x22324c4 0x00000058 efbeadde ld t5,-16657(s5) 0x0000005c 02040c00 srl zero,t4,0x10 0x00000060 3c04881c 0x1c88043c 0x00000064 04883c0c jal 0xf22010 0x00000068 0089e381 lb v1,-30464(t7) 0x0000006c c3040000 sra zero,zero,0x13 0x00000070 7543583d 0x3d584375 0x00000074 42424242 c0 0x424242 0x00000078 df29cff3 scd t7,10719(s8) 0x0000007c a489de89 lwl s8,-30300(t6) 0x00000080 db31d2fe sd s2,12763(s6) 0x00000084 c0021c06 0x61c02c0 0x00000088 0688141e 0x1e148806 0x0000008c 00f230f6 sdc1 $f16,-3584(s1) 0x00000090 17474975 jalx 0x5251c5d 0x00000094 de31db89 lwl k1,12766(t6) 0x00000098 9dffffff sd ra,-99(ra) 0x0000009c 41414141 0x41414141 """


The BBC have and good article about it: http://www.bbc.co.uk/news/technology-15968878


Here's the Australian equivalent:

  https://plus.google.com/103685227755333384561/posts/VasNhJpVFA4
Although not as tough as GCHQs


[hint] Don't forget to look in the image itself


especially the comment field...


why not crack the site directly


Commit a criminal offence against a website created for a technically competent government agency?




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: