
DEF CON 24 Badge Challenge - borski
http://co9.io/post/148716614744/defcon-24-badge-challenge
======
ShaneWilton
Huge respect to co9 for playing a great game this year. They really went all
out, and deserved the win. I'm extremely proud of the progress my team made
throughout DEFCON, and we were still always a solid 10 - 15 hours behind them.

This year, co9 actually took the social engineering game to a new level, and
registered vanity domains, like
[http://assimilate.today](http://assimilate.today). They hid puzzles on them
that tied into 1o57's game, then they'd leak the domains to other teams
playing, and trick them into spending hours solving puzzles that had no
solution.

In the case of assimilate.today, I spent hours decoding it to different phone
numbers, pointing everywhere from Bermuda to Thailand, and probably woke up a
few dozen innocent people with phone calls.

If you like puzzles, riddles, or cryptography, I highly recommend the DEF CON
badge challenge. It isn't for everyone, but it's one of the closest things
I've found to a real life rendition of an old point and click adventure game.

~~~
ziot
I'm glad you had a fun experience. I hope your team comes back next year for
Mystery Challenge!

------
AndrewKemendo
Reading these just totally boggles my mind.

Example:

 _This page contained various hand signals instructing a painting of a dog.
Someone on our team quickly recognized these as Curwen Hand Signs and it is
referencing Close Encounters of the Third Kind._

In what possible world is someone encoding a message in an obscure (even if
taught in 5th grade) musical notation hand signal format and then a team just
happens to have someone that knows that? Rare breed indeed.

~~~
nullc
That sort of thing sounds pretty ordinary for an MIT Mystery Hunt puzzle.

It's remarkable all the sorts of crazy things a large collection of puzzle
loving people know collectively.

------
13of40
I'm not reading the article or comments, to stay pure, but I just wanted you
all to know I'm like halfway done making my skull badge into a web server.

~~~
barbs
hahaha! That's awesome! I'd love to read a blog post about it when you're done
if you're willing to write one up :)

------
aestetix
This writeup is insane (and congrats!).

How long does it take Lo57 to make these challenges?

~~~
junkmail
Thanks. Come play next year!

Watch the DEFCON 20 documentary. 1o57 says his challenge is to make is hard
enough for a 3 day event, but still be inclusive for n00bs.

[https://www.youtube.com/watch?v=rVwaIe6CiHw](https://www.youtube.com/watch?v=rVwaIe6CiHw)

------
seanp2k2
Was there anything on the electronic badge? I like that the challenge didn't
require bringing a ton of not-at-all-TSA-friendly EE equipment, but is there a
good link to what was up with the badge beyond it being an Intel Quark?

~~~
junkmail
It was a bit odd that the badge did not have any significant connection to the
challenge this year. In past years, there was enciphered text that was
viewable either with the correct button presses, or by dumping the ROMs, which
was used as parts of a needed OTP. It was also a new-to-DC x86 processor.

It did output strings of text on a serial pin (GPOI01 ? if memory serves). I
was (wrongly) guessing that the badge would have been like a chip-and-pin
credit card, requiring certain inputs to get proper outputs. Again I was
overthinking!

------
CalRobert
The DC badge is generally pretty cool, though I seem to be on a cycle where I
go for the non-electronic years.

Last year was my first time actually being in the DC program and not just an
attendee. I got a rudimentary version of Hacker Jeopardy running directly on
an old parallax-based badge (DC20 and 22 I think) and demo'ed it to lots of
people with a couple buddies of mine. It was a good time!! Unfortunately I
think a lot of people were under the impression the badge was connected to a
computer; we should have made it more clear the badge was running the whole
show.

------
RandomBK
Reading about this reminded me of Cicada 3301 from a few years ago. Did anyone
ever find out the purpose/meaning of those puzzles?

Edit: It looks like there were new puzzles in 2015 and 2016! So this thing is
still ongoing...

~~~
ShaneWilton
I can't speak for Cicada, but I have friends who got their start in the
intelligence community from similar sets of puzzles. They'd solve a bunch of
random crypto / reversing problems they found online, and end up receiving
invitations to interview for IC jobs.

It wouldn't surprise me if Cicada were something similar, but I have nothing
to base that assumption on but anecdote.

------
_asummers
Reading the recaps for these is always so fun. I hope this continues to get
more ridiculous every year. Congrats to co9. Very well done, and a nice recap
to boot.

