This year was my first trip to Shmoocon. The experience was amazing and I had a chance to meet some of the my idols from growing up like Katie Moussouris, Jason Street, Brendan O'connor and more. But this article is specifically about the Trimarc Crypto challenge.
The rules of the challenge:
- The challenge starts at 9:30AM at the Trimarc Booth
- Each coin has an encoded passphrase on the top and a piece of the final passphrase on the bottom
- You must present both the appropriate coin and its passphrase to the correct vendor to receive the next coin
- The first competitor to return to the Trimarc booth, present all five coins, and utter the full passphrase wins
The list of participating vendors can be found in the image below.
In this challenge I didn't bother decoding the bottoms of the coins until the end when I had all of the pieces of the final passphrase.
The challenge began with acquiring a red coin from the TRIMARC booth that had the word "Pbfzb" along the top, a triquetra symbol in the middle, and the word "dvbsk" along the bottom. The top word decoded with ROT13 to "Cosmo". After using a faulty decoder and spending a significant amount of time on other ciphers before someone suggested coming back to rot, I finally decoded the first passphrase and raced off to determine which vendor had the next phase of the challenge.
The second coin was acquired from the CYBERVISTA booth and had the word "QmlzaG9w" on the top, a triskelion bursting out of a circle symbol in the middle, and the word "sio" along the bottom. The top word threw me for a loop until I remembered that not all base64 strings have an "=" in them. It decoded to "Bishop" and I was off to the next vendor.
The third coin was acquired from the KING & UNION booth and had the word "xivzhv" along the top, some kind of knot symbol in the middle, and the word "eXZ4cg==" along the bottom. At this point I met someone that said there were hints on @pyrotek3's twitter and the Trimarc twitter. Upon navigating to the Trimarc twitter I encountered the hint "what use is @ in bash anyway?" which refers to the atbash cipher. The top word decoded to "crease" and onto the 4th coin I went.
The fourth coin was acquired from the NETSPI booth and had the word "vubtaWzm" along the top, another knot symbol in the middle, and the word "tyxbmo" along the bottom. The hint on the twitter was "we have an affinity for the numbers 7 & 23" which indicated the affine cipher with "a" equal to 7 and "b" equal to 23. The top word deciphered to "whistler" and the finish line drew near.
The fifth and final coin was acquired from the FRACTAL INDUSTRIES booth and had the word "RTTAMGIACSMCIR" along the top, a sword through an omega symbol in the middle, and the word "txiye" along the bottom. The 5th coin's top word was a bonus challenge and therefore not relevant to the challenge coin so I skipped it and started in on the coin bottoms.
The bottoms of the coins had the following words: "dvbsk", "sio", "eXZ4cg==", "tyxbmo", and "txiye". I started with the low hanging fruit. "sio" was too short to really have much room to work with so I cycled through the rots until I got to rot6 which spit out "you". "eXZ4cg==" was obviously base64 and decoded to "yvxr" which I then threw through a modified rot decoder to spit out "like" at rot13. "tyxbmo" was affine encrypted with "a" equal to 25 and "b" equal to 12 which decrypted to "toplay". "txiye" was decrypted using a vigenere cipher with a key of "trimarc" to yield "agame". "dvbsk" was decrypted using an affine cipher with "a" equal to 1 and "b" equal to 7 to yield "would". The final passphrase was "Would you like to play a game?" and I submitted at 10:38AM to claim the challenge coin.
Throughout the challenge I used scripts from https://github.com/asweigart/codebreaker that I had modified for speed, usability, and automation.
Thank you Trimarc Security for putting together such a fun challenge! I hope to participate in another next year!