After seeing all the people posting on Twitter/Facebook/Blogs how they have solved the cipher challenge on the CyberSecurityChallenge website when all they have done is take the first step, I thought it might be nice to post a small walkthrough to give some pointers, help, and show them that first impressions are not always correct.

Only read on if you have stopped trying to solve the puzzle yourself, or if you just need a push in the right direction. AKA, here be spoilers.

Step 1: The starting line.

So you went to https://cybersecuritychallenge.org.uk/cipher.html and looked at the big pile of gibberish. While wondering how to start you noticed the gibberish had a familiar look & feel. Kinda like images in emails. You have an eureka moment and base64 decrypt the gibberish and get an image.  When you stop cheering, please pay attention to the Image. You are not at the end of the rabbit hole yet.

Step 2: Into the Rabbit Hole.

Look at the picture above, does anything look a bit Hinky? What about that odd looking border to the image? Do the pixels give you any ideas? (Nope its not morse, but good thinking)  What if i Say the pixels are lengths 1-7? Thats right they are binary 1’s and 0’s. Here is the binary output going from top, right, bottom, left:

0100001101111001011100100110111001100110011100100010000001110
0110110001001111001011110010110001001101010001000000110011101
1101010111011001100110001000000111100101110110011000010111100
000111010001000000010000000100000001000000010000000100000
01110101011001110110011101100011011001100011101000101111001011
11011100000110110001101111011100100110010101100110011100100111
0000011010000110010101110110011001110110110001110000011101010
11011100111100101111001011100100110000101110100011100100010111
0011000100110010101110100001011100110100001111000001011110011
10000011001100110100011101110110011101100011001011100111010101
10011101111010011110010010000001110101011001110110011101100011
01100110001110100010111100101111011100000110110001101111011100
1001100101011001100111001001110000011010000110010101110110011
00111011011000111000001110101011011100111100101111001011100100
1100001011101000111001000101110011000100110010101110100001011
1001101000011110000010111100111000001100110011010001110111011
00111011000110010111001110101011001110111101001111001000000

So a quick conversion to ASCII using one of the many free online app’s gives us :-

Cyrnfr sbyybj guvf yvax: uggcf://plorefrphevglpunyyratr.bet.hx/834wgc.ugzy uggcf://plorefrphevglpunyyratr.bet.hx/834wgc.ugzy

Step 3: That’s almost readable.

Gibberish right? did you guess the binary thing wrong? But, uggcf:// looks very much like https://,  in fact the characters are just 13 apart from each other? Yes, it really could be that simple. a ROT13 cipher.

we now have. :-

Please follow this link: https://cybersecuritychallenge.org.uk/834jtp.html https://cybersecuritychallenge.org.uk/834jtp.html

Step 4: The New Code.

68edcdec4e2c8eae8d2c8e2dedcd6e04d2042fedae52ceac04ccedaecd8c042ccd
8c046cedad0e8dac8eac8c048e0dac044aa82889046c0d2c8d8daccdecacc504
2bedae4e04ee2dcd046ced8cac042d6e04046c2f4c664ea76e666cae4e268e2f4
56c0d088d8d66cdecac6546c6a506e6a546062606c504a141a1410a8dac2c6ea
c04acad2c2d8d048e0d2d6e046ced8cac048eed04edae4e048eac2cad042c8e0
4adac8c2d2c086c2f4cac4e6eac6cae4e2d8e2f6c0d2c8d8daccdecacc5ed4eecc5
ae6dc50429cc042fedae524eac048e0dac04cc2d4e6e8e040eac4e6eedcd048ee
d048ced046eed85042ccd8c046c2ccd040e4eedceac042fedae04adacac8e048
e0dac04ac8d2dec2d4c2d8d2d8e2f046c4e2d8eac4e2d2c0405484e2d8e2d6e0
d046c2d8e2d4faccd046cae4e4eaccd8e8d2f044eac6e2d8caccd8e042dcd048
e0dac04aa692504eeac04ee2d8d8d044cac042dcd048eedae6c0d048eed042c
8cce2d6eac040dedee048eed046c8d2c2dad042fedae4e040e4e2d4facc504eaa
c8d8d048cedcdac042ccd8c04eceded8c048dae6c6d042dcd048e0dac04682f4
cac4e046aac6cae4e2d8e2f04680d2c8d8daccdecac046cedad0eac8e2d8e2ded
cd6e048e2c6d2dcdec040e8d2c6cac048e0d4eedaeec0dedae8e048e0dac044e
ac6e8e04edcc048e0dac042fac2c4ec5

I added the carriage returns to make the code fit on the page better. So are you wondering if there is a light at the end of the tunnel yet? and if there is, will it turn out to be a train?

Do not worry, you are just one step away from completing the challenge. there is nothing fancy about this last code, its a simple text substitution code,  swamping letters, numbers, & symbols with two bit hex values. So using simple Number frequency analysis you can work out most the text in the message. (A clue to start you off, 04 appears 77 times so lets say space.  c5 is the last character so lets say . Adding the next 4 most popular characters will give you enough of a URL to get more characters)

Now using this method you will solve the message telling you how to report your success. You will just not get the actual code to use. But come on, you have the substituted vales for a,b,c,d,e,f,etc. You should be able to realise the system they used to pick the substitutions.

Step 4: The end

Congratulations d2 you’ve found and completed the REAL challenge. Your win code is  REDACTED.

Please email this code to our team at REDACTED. If you’re the first person to do so, and can prove you meet the eligibility criteria (British citizen currently resident in the UK) we will be in touch to advise how to claim your prize. well done and good luck in the Cyber Security Challenge competitions taking place throughout the rest of the year.

Well you did not expect me to just give you the code/email address so you could claim you solved it without doing some of the work?