1

So a couple weekends ago I attended a cyber Security workshop where I met a prospective employer who gave me a business card. On one side it read "There are two individual challenges that lead to a third) and the other was this.

https://i.stack.imgur.com/JIaZV.jpg

So far I have figured out the following: The first two lines of white text are ascii data and reveal: '[0-9a-z .]* XOR random 32bht key' that the following text is encoded using the above. once brute forced using a ruby script provided by a friend it said:

now its time to find what is hidden at 13.56 mhz

the red characters on the card read out e280-[bunch of chars], e280 being the utf encoding for read right to left. This gave HERENFC, which further confirmed my suspicions of a NFC chip inside the card he gave me. Scanned it and got a big bunch of data.

base64->7zip (elf password is the location hinted to by img): N3q8ryccAAO51A6KBgIAAAAAAAAiAAAAAAAAAD5mzWIAJOCkAAf+balKKKORaarWyJiLJeTWHRJVHIEgJz/czH7tYJXny/HfNnNRkRlOIjzLMtjdLBDregzoh1+tXUBBuw4cpJ33zcf4L+POxPdkzJJ49ESxLT7MY0/Ksq7aqgqk/SDuHpYV+6YHaAolL0KOgUQG4p/xx1GiEoUrRqMqe+hitJk37v2fZXrKMEllLnYyREZdS62Pa69rjOhJyYxNEHd5vlFhN2jt5LWOYL1OLzNtw6DPPfC+dNYVgewO5/PttAitk5yK4z4Eme32yB6jeBcRli3cwTfPAAsOC7U4Pr1IODxVlQ7cIJnXKORVk5iblQeksZMYXNGB8/4P7amcWXdBE9o3NaAlBW6WAcWGP2nTEEan7G2Zty8mm7F45xGv6iCzUbulCKfOHi8YlQWMPQxXj5fQI1kxj3oPyu1E5Zy3OJ6jFz7ld5wKFiUjxn1iXxO0U5uQ/wudHqosOpnq1fHTqhOQFe99dz5zJE7KegYH1eY0T4/2jpIqbhwv/EKBjqILccTblk5AAACBMweuMZ7dMFw/KDXD5SrD2xIUL0tMwVZq35QApnkHFcpn63JExNCjbiv5H9OLqbVtkgehxuu9HDnuibc1CGWVO7Nh5WcSTqRlaYgfHkcgVKAH2SRsgnoktPvpjWVdiATfwfGVXnbS7diXCMCHQcwLcoUw3pUH4aAAABcGgYoBCXwABwsBAAEjAwEBBV0AEAAADICDCgFtjZ9MAAA=

I then decoded in linux using base64 --decode and then zipped that file. When you open it there are two files, 1 is a file with no extension which when opened with paint is a low res football (i think) and the other is a pw protected ELF.

so now my problem comes, i've tried Johntheripper (incl. jumbo suite) but it cannot create a PW hash from a 7zip, fcrackzip wasn't compatible, and rarcrack won't allow me to pass wordlists into it.

So it's either that or someone help me see what i'm missing in the password hint. All help appreciated, hoping to get a placement at a very cool company out of this before my final year of uni.

Donghead
  • 11
  • 1
  • That's a soccer ball. I assume this is a British cyber security firm because I managed to guess it. Where do they play the F.A. Cup final? (7,7) – Rup Oct 26 '15 at 10:17
  • Oh my god. Wembley was one of the first things we tried. Shoulda tried the possible combinations on top of it. Thanks very much :) – Donghead Oct 26 '15 at 11:13
  • I don't get it. Attempting to unzip the file, my software asks me for the password. And the password hint is inside the zipped file. Therefore, you can only guess the password after you unzipped the file without the password?? (Anyway, the (7,7) hint did it for me. A very nice multi-technique challenge I must say.) – Jongware Oct 26 '15 at 22:27
  • the password hint is not password protected, you get the first bit of the hint when you read the NFC chip and the second part once you create the zip file and open the .img file. You can't extract the zip file, but you can extract the Img – Donghead Oct 28 '15 at 12:51

0 Answers0