Digital Silence CEO Justin Whitehead showed off his impressive hacker skills before DEFCON 31 even started. Check out this blog post about Justin and others cracking a hidden code from the Office of the National Cyber Director:
The Office of the National Cyber Director DEFCON Challenge at DEFCON
By: Ayyappan Rajesh
The Office of the National Cyber Director (ONCD) team tweeted the following a few days prior to DEFCON, announcing their new badge. Upon closer inspection, there was Morse code around the edges. Our team members, H0m3l3ss Hacker (Justin Whitehead) and Dr. DeWeaver, both veterans that had served in the Army and Air Force respectively had decoded the message to “I fight for the users”, which when googled referenced to Tron, the movie.
The lead for CHV, Justinjustin had met with the ONCD team and had informed me that the badge had RFID on it, followed by which he shared the screenshot below which came from Director Walden’s badge!
Record 1 of the tag reads
“Behind bytes and bits | Cyber strategy’s secret | Key reveals the path 2DF587”
Rabbit Holes
- One assumption that was made was that each badge was unique and collecting all readings of the badges may reveal more hints, although, most badges were similar, or had some additional hints referencing the Morse code.
- While talking to others about the challenge, another thing that was looked at was the hexa codes in the actual dump, as the clue mentioned Behind bytes and bits, which also did not result in the right answer.
- While thinking about the Cyber strategy and path, it was thought that maybe the key 2DF587 was a sub directory that would have another flag or the solution to it, although, this did not work.
Thinking about secrets, hexdump was used on the National Cybersecurity Strategy and then search it for 2DF587, although, this did not work either.
The next step was to check the metadata of the file, for which exiftool was used to analyze the National Cybersecurity Strategy.
base64 data in metadata
As seen in the figure above, the Signed section of the metadata included a string that appeared to be base64 encoded. The string is as follows
- ZYDUWtLQDbLDX5eZDaDQDZzAWZ/AStXEXICXRYDQDY3QX4HBAw==
The decoded text was still illegible, and our best guess was that it was encoded or encrypted with the key obtained from the RFID tag. We had looked at DES, 3DES, encryption standards that were relevant to the year 1982 (when TRON first came out).
We also went to the extent of learning about TRON encoding, which is a multi-byte character encoding used in the TRON project. It is like Unicode but does not use Unicode’s Han unification process: each character from each CJK character set is encoded separately, including archaic and historical equivalents of modern characters. Source: Wikipedia of course.
After trying multiple things, a member from the ONCD team hinted to us that we were looking too deep and that decoding it was a simple “operation”.
We then went back to the basics of electronics, back to logic gates and tried out AND, OR, NOR, NAND until we tried XOR, when the text looked like it had split up into words.
The string we got from that was “Hucw’g Gtrb. Ug iwtjwg squ hug xgrtv.”
Base64 string XOR’ed with the key.
We first tried the Ceaser Cipher bruteforcer on dCode.fr which did not give any flag or readable text. Followed by the Vigenere Cipher which bruteforced the text, and gave us the final string as shown below!
The flag is “That’s Tron, He fights for the users”
dCode.fr VIgenere Bruteforce
Of course, the Vigenere cipher key was ONCD!
After this, we picked up our badges the next day after explaining how we solved it!
Final Solution
Here’s a proxmark dump of the badge I picked up, which is the same as every other badge, but can be modified! I may or may not have gotten a few looks while attempting to read the badge with the Proxmark3 on my flight back home.
Proxmark3 Reading
Huge thank you to the ONCD team and the badge creators @RoRoRah and @cybertestpilot for one of the coolest CTF’s I’ve ever done. Will be keeping an eye out for more ONCD publications for flags in the future.
This would not have been possible without teamwork and help of h0m3l3ss (Justin Whitehead), Zoltan Wollner, Linted (Mike M.) and Dr. DeWeaver!
