EFF’s DEF CON 30 puzzle – SOLVED


Puzzlemaster Aaron Steimle of the Muppet Liberation Front contributed to this post.

Each year, EFF joins thousands of IT security professionals, DIY enthusiasts, and hobbyists for Hacker Summer Camp, the affectionate term used for the Las Vegas tech conference series, including BSidesLV, Black Hat, DEF CON, and more. EFF has a long history of collaborating with online creators and security researchers at events like these for the benefit of all technology users. We’re proud to honor the spirit of curiosity in this community, which is why every year at DEF CON, we unveil a limited-edition EFF member t-shirt with a built-in puzzle for our supporters (check out the archives!) . This year we had the help of some special friends.

“Stars at night are big and bright on the Vegas Strip”

For the EFF’s 13th member lucky t-shirt at DEF CON 30, we had the opportunity to collaborate with the iconic hacker artist Eddie the Mize Y3t1 and the esteemed multi-year winners of EFF’s t-shirt puzzle challenge: Elegin, CryptoK, Detective 6and jabberw0nky from the Muppet Liberation Front.

Extremely Online member design with a built-in challenge.

The result is our irony Extremely Online T-shirt, an expression of our love for the internet and the people who make it great. In the end, a proponent of digital freedom solved the final puzzle and emerged victorious. Congratulations and bravo to our champion cr4mb0!

But how did they do it?

Take a guided tour of each challenge piece with our fearless puzzle masters from the Muppet Liberation Front. Extreme spoilers ahead! You have been warned…

_____________________

Puzzle 0

The puzzle starts with the red letters on the shirt above a red cube. Trying common encodings won’t work, but a quick Google search of the letters will return various results containing Interplanetary File System (IPFS) Links. The cube is also the IPFS logo. So the text on the shirt resolves to the following IPFS hash/address:

ipfs://bafkreiebzehf2qlxsm5bdk7cnrnmtnojwb53bnwyrgkkt7ypx5u53typcu

Puzzle 0 QR Code

QR codes have a standard format and structure that require the large squares to be placed in three of the four corners. With this in mind, the image can be seen as four separate small squares, with the two in the middle overlapping the large center square. These squares can be reconstructed into a valid QR code using an image editing program.

Answer:

Second riddle 0 QR Code

Resolves to https://eff.org/Defcon30EFFPuzzleExtraordinaire

This site contains two groups of text: the first paragraph contains four lines starting with the same letters, and the second paragraph looks like Base64-encoded information. Note that the four lines of the first paragraph all start with the same letters as the text on the shirt. These are also the IPFS addresses of the remaining puzzles.

Puzzle 1

ipfs://bafkreigex7eadjwdggka7t6h2ln66ck5wuecq7gnryaayqjcirmdyjgwoe

Wordle players will immediately recognize the style of the puzzle. You can use a list of words and some regular expressions/pattern matches to identify the only possible solution to this puzzle. Note that the first five words also act as a clue to the theme of each puzzle answer: space/stars.

Puzzle 1 Wordle style puzzle

Answer: PEACOCK

Puzzle 2

Challenge text

The word on the street is that youth policing is key.

[Flight enabling bird feature.] + [Short resonant tones, often indicating a correct response.] + [First Fermat Prime]

55rhyykkqisq 4ubhYpYfwg 5pYrmmkks6qi prkuy6qlf eakjZjk4a rhXkgwy6iqhrddb

This puzzle consists of some cryptic clues and a line of ciphertext. First, consider the wording of the opening line: “Rumour has it that youth policing is key.” These clues should indicate that the solver will have to look into Microsoft Word fonts.

Then, to decode the indices of the second line:

  1. Bird function allowing flight = WING
  2. Short, ringing tones, often indicating a correct answer = DINGS
  3. Premier Fermat Premier = 3

∴ WINGS 3

Ciphertext decoding

55rhyykkqisq 4ubhYpYfwg 5pYrmmkks6qi prkuy6qlf eakjZjk4a rhXkgwy6iqhrddb

The solver now knows that the ciphertext has something to do with Microsoft Word and the Wingdings 3 font. Typed in the Wingdings 3 font, each character translates to a type of arrow. The characters are classified in the form of arrows as follows:

TOP: XYhpr5
LOW: iqs60
LEFT: Zbdftv
RIGHT: aceguw4
TOP LEFT: jz
TOP-RIGHT: k
BOTTOM LEFT: lx
BOTTOM RIGHT: my

Using these arrows as instructions for a pen, one can draw shapes that look like letters. Each word in the ciphertext must be a single letter, with a new path starting after each space.

Mapped ciphertext

The solution

Read drawn shapes like letters – the solution: MIMOSA

Puzzle 3

Puzzle 3 Snaps Craps Board

Puzzle Solution:

“The name of the game is not Craps” and the image of a person snapping their fingers are references to the game “Snaps”. The puzzle uses the rules of Snaps transferred to a Craps board. Snaps is a game where a clue giver uses statements and snaps to spell out a well-known name.

Examining the differences between the given board and a standard Craps board indicates which components are supposed to give clues. In a game of Snaps, the vowels are indicated by the number of snaps, translated here by the number of pips indicated on the colored die. Consonants are indicated by the first letter of a statement given by the clue giver. On this table, “COME”, “NOT PASS BAR”, “PASS LINE” and “HOW TO PLAY” have been added or modified, indicating that these statements give the necessary consonants C, N, P and H by taking the first letter of each statement, like in the Snaps game. The dice have been colored giving the numbers 1 to 4 which in Snaps indicate the vowels A, E, I and O. To order these items, the rainbow circles to the left of the dice have been colored with the colors corresponding, giving the answer PHENICIA.

Final answer: PHENICIA

Puzzle 4

Puzzle 4 dash

Puzzle Solution:

Unlike previous puzzles, this image does not take up the entire page, indicating that there might be more information available by inspecting the html. This shows that the embedded image has the file name “OrangeJuicePaperFakeBook.jpg”. Deconstructing this, “OrangeJuicePaper” indicates the word “pulp” and “FakeBook” indicates the word fiction, letting the solver know that the theme of the puzzle will revolve around the movie Pulp Fiction.

The image itself hides information steganographically, and the information can be extracted using the steghide tool. Use of steghide on OrangeJuicePaperFakeBook.jpg without password will write the file QuartDeLivreAvecDuFromage.txt, containing a long series of binary strings of length 8.

‘Quarter de livre avec du fromage’ is ‘Quarter de livre avec du fromage’ in French. “Do you know what they call a quarter pound with cheese in Paris? is a quote from Vincent Vega in Pulp Fiction.

The binary numbers in the file are the ASCII representation of letters and spaces, and can be converted using one of the many tools available when searching for “binary ASCII converter”. Converting the contents of the file gives readable but nonsensical results:

overconstructed efficiencyapartments coeffect jeffs counterefforts phosphatidylethanolamines eye effed I nonefficient aftereffects theocracy teachereffectiveness inefficaciousnesses a ineffervescibility psychoneuroimmunologically superefficiency coefficientofacceleration o toxic jeffersonian teffs differentialcoefficient milkshake propulsiveefficiency effulges bad lockpick effed upper nonrevolutionaries revolutionarinesses teffs temperaturecoefficient maleffect effable foe butterflyeffect eerie tranquillizing magnetoopticaleffect jeffs plantthermalefficiency nulls rappers I effectiveresistance

These words are not used directly, but the length of each word is relevant. Converting each word to its number of characters, then converting that number of characters to its letter of the alphabet gives: othernyceallitsarzoyaelewithcheersevigcoentevegas

“They call it a royale with cheese” is another Vincent Vega quote, also the answer to the previous quote (“Do you know what they call a quarter pound with cheese in Paris?”).

Looking at other nyceallitsarzoyaelewithcheersevigcoentevegas, it has “they call her a royale with cheese”, followed by “vigcent vega”. The extra characters mixed into the spelling “ones zeros”, which indicates that each of the nonsense words should be converted to a one or a zero themselves. But how? Looking at the original image, this shows that the EFF score is 1 and the DEF CON score is 0. So represent each word containing the letters “EFF” with a 1, and all other words with a 0. This gives a new binary. string, which itself can be converted back to ASCII, yielding the ciphertext ymgdzq.

Going back to the quote derived from counting the number of characters in each word, note that Vincent was intentionally misspelled as Vigcent. This is a hint to use a vigenere cipher to decrypt this new ciphertext with the vega key.

Applying Vigenère to the text ‘ymgdzq’ with the key ‘vega’ gives the solution: DIADEM

Bonus Easter egg: The first character of each non-eff word in the wordlist translates to: opeitapotmblunrfetnri, which anagrams to muppet liberation forehead.

META

The last block of text is Base64 encoded. Decoding reveals that the data begins with “Salted__”, an encryption artifact using OpenSSL.

Concatenate the answers to the previous four riddles in alphabetical order to create the passphrase that will be used to decrypt the text. With the block of text placed in a file called final.enc, the openssl command to decrypt the text is as follows:

$ openssl aes-256-cbc -d -in final.enc -out final.txt
enter aes-256-cbc decryption password: DiademMimosaPeacockPhoenicia

Deciphering it reveals the solution to the puzzle:

“On behalf of the EFF and the Muppet Liberation Front,

Congratulations on solving the puzzle challenge!

Email the phrase “Stars at night are tall and bright on the Vegas Strip” to [email protected]

_____________________

EFF is deeply grateful to the members of the Muppet Liberation Front for creating this puzzle and to Eddie the Y3t1 for designing the artwork. After all, how can we fight for a better digital future without some beauties and puzzles along the way? The digital rights movement depends on cooperation and mutual support in our communities, and EFF is grateful to everyone on the team!

Person wearing EFF's Extremely Online shirt near green leaves

Happy hacking!

Previous Reviews | Saudi Arabia human rights abuses show MBS tricked Biden
Next Qidi closed RMB 100 million yuan angel financing, with Joy Capital as lead investor and Matrix Partners China and Meridian Capital as co-investors