
DEFCON 23 Badge Challenge - zioto
http://potatohatsecurity.tumblr.com/post/126411303994/defcon-23-badge-challenge
======
InAnEmergency
This doesn't even mention there was an entire newspaper filled with
misdirection (Themela, Enigma machines, Mad Hatter, They Live, chromosomes...)
or the Shavian text on the badges (all quotes from Buckaroo Banzai I believe).
1o57 even wore a Buckaroo Banzai shirt...gah.

Edit: Also, "Howdaddyisdoing" is an anagram for "Why did I add goons" which
seemed very suggestive.

~~~
zioto
I believe the newspaper was filled with clues for the DCDarknet challenge.
That one was pretty rough, I wasted a few hours on it before 1o57 confirmed it
wasn't part of his challenge.

------
knodi123
Wow, it just kept going and going. I've done scavenger hunts like this, but
easier and short, and I still didn't finish before declaring myself too
exhausted to continue.

I wonder what the reason was for not giving the message found on the wooden
skull?

~~~
ionwake
e xmdiq v33x uxe eox fsvcn?

On a serious note, great post, it was a great read!

------
ChuckMcM
That sounds crazy fun. I am in awe both of your tracking down the solution and
the work 1o57 put into setting it up!

~~~
zioto
1o57 never fails to impress. everyone who attends DEFCON should head down to
the 1057 room for at least a little bit each con. there are a ton of people
working together to solve the puzzles!

------
k8tte
I'm confused by the "WFST HDXE HGY BNK BAWH QJG PSOR WNFATG IDDW OQUHVNKINGCY
GQG CTUK." vigenere cipher.

if decoded with "LASTORY", i get
"lfaatmzthofnwmqaeocsieswyiwhptoppmydqcohwmxnojkpsvcbbw."

how did they come up with "WELL DONE GET THE BLUE KEY PASS PHRASE FROM
OPPENHEIMERS BIG BANG."

[http://www.cs.du.edu/~snarayan/crypt/vigenere.html](http://www.cs.du.edu/~snarayan/crypt/vigenere.html)

~~~
asgard1024
Try [http://rumkin.com/tools/cipher/vigenere-
keyed.php](http://rumkin.com/tools/cipher/vigenere-keyed.php) and enter
LASTORY as both alphabet key and passphrase!

~~~
k8tte
thanks!

------
joshuapants
Windows XP? Curious to know if there's a hackery reason behind that or just
personal preference.

~~~
sharvil
My guess is its most likely a burner laptop for use during the conference.

~~~
zioto
Burner everything: laptop, phone, clothes. There's not as much black hat
activity at DEFCON as most people think, but it's not worth the risk.

~~~
twright0
There's not a lot of black hat activity, but there's plenty of good- to
neutral-natured messing about. The "Wall of Sheep" is a great example; if you
send something that looks like a username/password on the public wifi, someone
will put it up on a big display (though they'll obscure some of the password
field) along with the other 'sheep'. Not "black hat" but definitely not the
kind of thing you want on a real account.

As for burner clothes, the only thing I've ever heard is to not wear company-
branded clothes - wearing an obvious Google t-shirt is a great way to attract
attention you may not want.

~~~
Natsu
Speaking of which, I've long wondered how hard it would be to make the wall of
sheep display ASCII art or something by letting it sniff bogus credentials....

~~~
boha
A human reviews every submission before it goes on the wall. We might notice;
we might not. ;)

~~~
Natsu
The idea is out there now. Might have to be more vigilant :)

------
davmar
that's just crazy. totally wild. well done solving all those challenges! great
storytelling in your blog too.

------
poizan42
He lost me at "room keys". WTH are those? I didn't get a DEF CON room key.

~~~
ipsin
I think you got a room key if you stayed at the conference hotel(s) and
ordered as part of the conference block.

Paris gave them out, at least. The hotel deal was offered on the site, and it
was decent. Average $120/night?

~~~
keyboardsmoke
Paris, Ballys, Ceasars and I think Flamingo had them, at least.

~~~
alvarop
Yeah, Flamingo had them. Cost $69/night for two beds, so not bad.

------
amingilani
Hahaha, I had so much fun reading along. One day I'll solve the bad challenge
before you guys, and post something similar. One day. Until then, I'll just
work to the point where I can afford to hit a Defcon :D

Thanks for posting this!

~~~
BrainInAJar
it's $250 to get in and if you're on the continent ( US/Mex/Can ) there are
plenty of road trippers and communal 6 people rooms it can happen.

~~~
amingilani
I live in Pakistan. Add the ~$1,300 round-trip ticket price on top. But like I
said, i'll get there eventually!

------
ProAm
How long did this take your to solve? Impressive for sure.

~~~
zioto
We started Wednesday night and finished Saturday morning (3-4AM ish)

~~~
xs
Careful. Now the NSA will be looking to hire you.

~~~
zioto
D:

------
stephendicato
Congratulations!

I'm always curious; what drives you to do these challenges? It is the
competition? The collaboration? The general enjoyment of solving puzzles?

~~~
greggarious
You can pick your 3 letter agency if you win

~~~
stephendicato
While exaggerative, I agree. Some organizations value attending and winning
competitions like this one.

------
spydum
This looks awesome, one day I will need to attend just to participate in these
challenges! Side question: Why are there two step_11's?

------
izqui
this is so crazy. congrats

------
tanglesome
My head hurts! Well done!

------
astockwell
Off topic: anyone seen any write-ups of the various CTFs?

