Sophos #DECODEME 2012

Published on Monday, May 14th 2012 at 20:46
Last updated on Monday, February 13th 2017 at 22:47

Sophos have created a puzzle to coincide with this year’s AusCERT security conference. Solve the puzzle shown here, to win a prize of a full-auto NERF gun. The puzzle is printed on a T-shirt, an image of which is shown at the Naked Security blog on the link above. ~~The puzzle has not been published fully yet, but we can start a bit early based on the image…~~ Each of the symbols (ignore the “GET SMART” ASCII art pipes/slashes/underscores, and the text underneath) can be found on the number keys on a US Keyboard, by pressing shift. The symbols * and ( do not appear - and hence if we convert each symbol into its corresponding number, the numbers 8 and 9 do not appear, suggesting the code is using an octal-based encoding. if we group the digits in threes, and convert each of the 3-digit groups to the corresponding ASCII character, we get something interesting. I’ve created This Pageto help people decode this first stage. Input the symbols, and see what it decodes to. The symbols are:

     !@#!^$!$!!$&!$%)$))$#)^@)$)!@%!@@
     !!$)&@)$)!%)!^$!^$!^))&@)%&)%&!^&
     !^&!_ __ ___ _^&)
     %^!/ |  |   / __|^#
     !%| |  | |     | | | |&!^)!
     %)| | | |  |    | |  \ !%&
     !^| || | |__   | |  | |#)
     %^!_|__|  || |__/$#!
     %&!%%)%&!$!!%^!&@)%&!^%!^#!%#!$%!
     &!            _ ___!$
     @|  \/  |   /\   |   \   |!
     %| \  / |  /  \  | || | | |&!$!
     !| |\/| | / /\ \ |    /  | |^@!$
     $| |  | |/ __ | | \ \  | |)%^!
     %||  |//    __|  _\ |_|)!^$
     !%%!%$)$)!^&!%!!^$!%))$)!%%!$!!$&
     !%!!$#)$)!%^!%&)%^)$))^!)^))^))&)

D   E   C   O   D   E   M   E
2012 geek fashion from sophos</pre>

~~But this clearly is incomplete if you input it into my decode page. In fact, Sophos’ Paul Ducklin has removed some of the symbols prior to the start of the competition.~~ The full text of the first part of the puzzle is now available. I’m guessing that it should translate to this link, but it is not live yet, or just plain wrong! In the image, inside the symbols, is the phrase “GET SMART” - is this a reference to a HTTP GET request? combined with the phrase “with mag”, at the end of the decryption, this could potentially give this link. But, at least at the moment, this also 404’s. Anyone else got any ideas?

15/05/12 08:48 UPDATE: Looks like I was correct about the URL! I have also updated the symbols in the box above to contain the full list. For part two, this is just a variation on The Birthday Paradox. Instead of looking for birthday collisions we are looking for card ones, so simply use the technique you would use for the birthday paradox but with 52 cards instead of 365 days, like so: (52! - 14!) / 52^13 Scotty

15/05/12 09:28 UPDATE: I’ve submitted my final solution - looks like I’ve come second or third… https://twitter.com/#!/duckblog/status/202314487888478209

15/05/12 09:33 UPDATE: I came third, by less than 60s :o) https://twitter.com/#!/duckblog/status/202315878438666240 I should have skipped breakfast, I got the full text 20 minutes after it was released!