Solving F5’s puzzle on Black Hat USA 2018

This year I participated in Black Hat USA 2018. While walking between the booths I noticed the F5 booth and they shared a cool puzzle. The puzzle was already over and I want to share it with you.

The riddle:

Image for post
Image for post

The riddle was built from two parts:

If you want to try it by yourself you can look on each part and try to solve it:

Solving the crossword puzzle

This is the crossword puzzle

Image for post
Image for post

After filling it we will get:

Image for post
Image for post

In the blue squares we received:

Which a simple search in google will lead us to the following website:

I understood that we need to use this website to decrypt the message but according to the website we still need to find:

In the red squares we received three words:

It can only be the passphrase. I wasn’t sure regarding the order but there are not many combinations to play with.

The T-Shirt

The front of the shirt

Image for post
Image for post
Front of the t-shirt

On the front of the t-shirt there is a picture of three robots holding flags and the back of the t-shirt contains moons of (almost) each planet in the solar system.

First, I tried to understand what is the meaning of the front of the t-shirt. There are three circles and two flags are being hold by the robots in each of the circles in a different way.

I remembered that I saw the use of such flags in aircrafts or ships. Anyway I searched for this kind of flags and found the term flag semaphore.

Image for post
Image for post

Flag semaphore (from the Greek σῆμα, sema, meaning sign and φέρω, phero, meaning to bear; altogether the sign-bearer) is the telegraphy system conveying information at a distance by means of visual signals with hand-held flags, rods, disks, paddles, or occasionally bare or gloved hands

I found that each directions of the flags can represent a different word

Image for post
Image for post

Using the above flag semaphore alphabet I decoded the message which was the name of the company: F5

Image for post
Image for post

The front of the t-shirt gave us a hint that we will need to use flag semaphore.

The back of the shirt

Image for post
Image for post
Back of the t-shirt

Looking again on the back of the shirt, above each name of a moon there is a symbol like a clock

Image for post
Image for post
Luna — Earth’s moon

Following the hint on the front of the shirt I understood that this is actually a direction of the flags.

I wrote that letter for each related flags and the name of the planets

Image for post
Image for post

We have here all the alphabet which is exactly the alphabet key we need for the Keyed Vigenere Cipher. But how can we know what is the order ?

Finding the order of the alphabet key

I looked again on the scenario:

Image for post
Image for post

The last sentence is the one who need to pay attention to it:

If each of the moons transmits one element of the key alphabet simultaneously, and those signals are amplified and rebroadcast by their respective planets, in what order would they be received on Earth ?

What letters will be received first to Earth ? the letters from the closest respective planet. The planets appear on the t-shirt are already ordered by their distance to Earth

Image for post
Image for post

But we have planets with number of moons and they both send the alphabet key simultaneously. When the moons sends their keys, it first should be received by their respective planets and “rebroadcast” to Earth. So when we have number of moons, the key that will be sent first to Earth is the key related to moon which is closest to its respective star.

The first alphabet key that will be send is: G. Because it is the key of Luna which is the only moon of Earth.

Image for post
Image for post
Earth’s moon (taken from Wikimedia)

The next closest planet to Earth and has alphabet keys is Mars. Two moons appear next to Mars: Phobos (“D”) and Deimos (“P”). I used this map to see the distance of moons from their respective planet. In this case Phobos is closer (10,000 km) to Mars than Deimos (+20,000 km). The key if Phobos will reach first to Mars and then rebroadcast to Earth and it will get first. The keys will reach to Earth in this order: D P

Image for post
Image for post
Mars’s moons

With the same logic we will continue on the rest of the planets.

Jupiter alphabet keys: Q W L Z

Image for post
Image for post
Jupiter’s moons

Saturn alphabet keys: I H M S O N

Image for post
Image for post
Saturn’s moons

Uranus alphabet keys: A K F Y X

Image for post
Image for post
Uranus’s moons

Neptune alphabet keys: T V J

Image for post
Image for post
Neptune’s moons

Pluto alphabet keys: R B C E U

Image for post
Image for post
Pluto’s moons

Summary:

Image for post
Image for post
Planets, their moons and related letters orderded by distance

Alphabet key: GDPQWLZIHMSONAKFYXTVJRBCEU

Decrypting the message

We have all the required fields to use the Keyed Vigenere Cipher.

Encrypted message: WVBYTJPYHGPBHBIRYAIBFPQUYBZILI

Alphabet key: GDPQWLZIHMSONAKFYXTVJRBCEU

Passphrase: truthsreturnzero

Image for post
Image for post

Result: NECESSITY DISPENSETH WITH DECORUM

Which is a quote by Thomas Carlyle.

Double or nothing

Image for post
Image for post

The first idea was to calculate the distance between planets but it is being changed dynamically because the planets are moving all the time.

I decided to check what happen in each sending round. The first round is when a planet receives the alphabet keys from its own moons, 0 jumps. The second round is when a planet receives the alphabet keys from planets near him without planets between them, 1 jump. The third round is when the distance is 2 jumps and the so on.

For example, let’s look on Earth.

First round: 1 key (“G”)from Luna

Second round: 2 keys (“D”, “P”)from Mars

Third round: 4 keys (“Q”, “W”, “L”, “Z”) from Jupiter

Image for post
Image for post

On Mars it will be:

First round: 2 keys (“D”, “P”)

Second round: 5 keys (“G”, “Q”, “W”, “L”, “Z”)

After doing it on all the planets we can see that the first planet to receive all the decryption keys is Saturn.

Image for post
Image for post

Security researcher interested in reversing, solving CTFs, malware analysis, penetration testing and DevOps security (docker and Kubernetes)

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store