The challenge was participated by 40 students, forming 8 teams of 5 students each. However, since the event was held in conjunction with the KPMG Cybersecurity challenge, there are more than 300 students and visitors on site during the event. At the same time, an IET recruitment booth was positioned at the food hall where participants mingle to get free food during the event.
The IET booths were handled by student volunteers from the UCSI university. In order to pull this event off, the YPS gathered 2 OnCampuses, with the UoSM OnCampus from Southampton Malaysia being the technical team, designing and building the IET Challenge, and UCSI OnCampus being the main human resources during the event. Members of the YPS, including the organizing Chair, Ivan Ling, Looi Jun Jie and Lee Ken Yeen were present at the event as judges, while Indiran, the YPS Malaysia Chairman, acted as the main contact person between IET YPS and KPMG to ensure smooth running of the event.
Read on and discover how the winners spend 7 hours hacking away on their computer before reaching the final level.
Level 1: The cryptic message
At the start of the challenge, every team was assigned a static IP address to track their progress. The files required for the challenge are hosted on a local secured server to ensure control over the participant’s access. After the challenge briefing by the game designer, Ivan Ling, the participants were given a web address which points to the following image:
The participants were not given any additional instructions at this point and are free to interpret the problem however they want. Some participants started running brute-force steganography decoder on the image file, while others snooped the network for possible hints. Those who snooped the network were eventually distracted by a dummy website, which was hosted deliberately on the network to be found:
The displayed text was a 5 paragraph “Lorem Ipsum” translated into Malayalam. Sharper participants who translated the text quickly realized what it was and moved on to take a closer look at the picture, while some participants were determined to dig deeper.
If one takes a closer look at the picture given, they will notice that the picture has been jumbled up. Hence, by rearranging the picture, they will see the following hint:
By decoding the Windings code on the picture with a standard windings to ASCII chart, they will be able to see the message:
OPEN STEGO
And
T3LLM3UrS3CR3T
Simple google search will reveal that OPEN STEGO is an open sourced steganography software, and by inputting the image into the Open Stego decoder with T3LLM3UrS3CR3T as the password, the secret hidden in the image file will be revealed. The encoded message reads:
W3ll D0ne R3ach1ng th1$ f@r.
MTkyLjE2OC4xMjAuMTEyL1gvWS9hbGllbi1ib3guaHRtbAoKV2hlcmUgWCA9IDE5OTAgKyA8VEhFIEFOU1dFUiBUTyBMSUZFLCBUSEUgVU5JVkVSU0UsIEFORCBFVkVSWVRISU5HPgpBbmQgWSA9IDxMQVJHRVNUIFBSSU1FIE5VTUJFUiBXSVRIIDQgRElHSVRTPiAtIDw3dGggdG8gMTB0aCBkaWdpdHMgaW4gUEkgZXhjbHVkaW5nICIzLiI+ICsgMzQ2NQoKR09PRCBMVUNLIQ==
g00d_lvcK
Experienced participants recognized that the code was actually encoded in Base64, and hence, by running the encoded message through a Base64 decoder, they obtained the following message:
192.168.120.112/X/Y/alien-box.html
Where X = 1990 + <THE ANSWER TO LIFE, THE UNIVERSE, AND EVERYTHING>
And Y = <LARGEST PRIME NUMBER WITH 4 DIGITS> - <7th to 10th digits in PI excluding "3."> + 3465
GOOD LUCK!
This is the key to the second level of the challenge.
Level 2: The treasure hunt
Once the participants solved the puzzle in the first level, they will be able to navigate to the correct webpage by substituting the correct answers for X and Y in the url. This will bring them to another cryptic page that looks like this:
When the participants look at the page, some of them immediately noticed the password box, which was accessible from the HTML code. The password is actually encoded in plaintext in the HTML file, hence, the participants can retrieve it easily.
The password, is “eighpluseight”, which makes no sense at this point, but if the participants takes a look at the website’s title and heading, they will be able to figure out the encoding used for the key.
If they take a closer look at the title of the website, they should notice that the cryptic numbers are actually decimal forms of ASCII.
Converting 074.085.076.073.085.083.032.067.065.069.083.065.082 to ASCII gives JULIUS CAESAR. Now, if the participants, go a quick google search, they will realized that Julius Caesar used a specific set of cipher in his personal correspondent, known as the Caesar cipher. To decode a Caesar cipher, one would need to know the amount shifted, which was given by the password, “eightpluseight” = 16. The meta tag “Key” was made to look suspicious, so participants will be able to piece two and two together and realized that by applying reverse Caesar cipher on the content of “key” they will be able to get to the next level.
Essentially, the content of key, which is “vyd q hqifruhy! tu kihdqcu yi bkbqtcyd qdt jxu fiim0ht yi afcw<3yuj” can be decoded by moving the characters backwards by 16 places, e.g. V becomes F. The decrypted message is “fin a raspberi! de usrname is luladmin and the pssw0rd is kpmg<3iet”.
Some participants managed to decode without finding the password, simply by looking at the output of the Caesar cipher for all 26 possible shifts using online tools such as cryptii:
Level 3: Opening the box
At this stage, only 3 teams managed to get the password and username of the Raspberry Pi. However, the IP address of the Raspberry Pi is not announced. Since the teams now know that the box is being controlled by a Raspberry Pi, all they need to do is to figure out the IP address, SSH into the Pi with the user name and password, and finally open the Mystery Box!
To find the IP address of the Raspberry Pi, the most straight forward way is to run a IP scan using netdiscover, as shown here:
Once the IP address is known, the participants can then SSH into the Raspberry Pi, and run the preloaded script to open the Mystery box. During the competition, only one team managed to take control of the Pi and open the box, while another two teams managed to get as far as to SSH successfully into the Pi.
After the hacking round, each team were asked to give a 5 minutes presentation about their progress in the challenge. The judges were impressed by the ingenuity and innovative solutions used by the participants.
The IET Challenge was won by team “Business Students” from the Asia Pacific University, who was the only team who managed to open the mystery box.
Figure 1: Ivan Ling (from IET YPS Malaysia 6th from left) taking a group photo with the participants together with Dani Michaux (ASEAN and ASPAC Cyber Security Lead, 7th from left) and Stuart Cole (from KPMG IoT / Cloud / Emerging Tech Risk & Cyber, 8th from left). Also present were IET YPS Committees, Looi Jun Jie and Ken Lee.