Here is the solution to Puzzle #7: Ann’s Dark Tangent (DEFCON 2010). There are many ways to arrive at the solution. Here is our method; there are other tools you can use to reach the same answer.
You received a CD containing, among other things, a packet capture: evidence-defcon2010.pcap
Check the MD5 sum:
$ md5sum evidence-defcon2010.pcap 7c416421a626600f86e3702df0cac8ef evidence-defcon2010.pcap
If you examine the packet capture, you will see that it contains WEP-encrypted wireless traffic.
Crack the WEP key. You can do this using aircrack-ng in less than one second:
$ aircrack-ng evidence-defcon2010.pcap Opening evidence-defcon2010.pcap Read 426642 packets. # BSSID ESSID Encryption 1 00:1C:10:B3:CC:F0 w00t WEP (98923 IVs) Choosing first network as target. Opening evidence-defcon2010.pcap
Once you have the WEP key, use it to decrypt the traffic:
$ airdecap-ng -w 4A:7D:B5:08:CD evidence-defcon2010.pcap Total number of packets read 426642 Total number of WEP data packets 187650 Total number of WPA data packets 0 Number of plaintext data packets 0 Number of decrypted WEP packets 187650 Number of corrupted WEP packets 0 Number of decrypted WPA packets 0
If you run strings on the packet capture (or view it in Wireshark), you will see IMAP and SMTP traffic, including an email with an attachment. This attachment is the key to the entire puzzle.
Dark Tangent, I know you've been watching me. You should be able to figure out the = location of our rendezvous point from my traffic. Contact me first with = the name of the city where we will meet, and you win :-) I'll send you = more details after that.=20 Ann ps. See the attachment for a clue.
Carve out the email attachment. You can do this manually, or use the smtpdump tool by Franck Guénichot from Contest #2.
The email attachment is a GIF image, shown below:
There were five lines in the image, which read (from top to bottom):
App Store - App Name Podcast Title YouTube Video Title Google Earth City Name AIM Buddy Name
If you go through the packet capture, you will find that Ann used her iPad to:
- Download the iPad app called “Solitaireâ€
- Download and watch an Onion podcast called “Onion Radio News for Kidsâ€
- View a YouTube video called “Cry for Help – Rick Astleyâ€
- Search on Google Earth for “Hacker Valley, West Virginiaâ€
- IM her buddy, “inter0pt1câ€
Line all the answers up, as shown in the GIF image, and read down the first column:
- Solitaire
- Onion Radio News for Kids
- Cry for Help
- Hacker Valley
- inter0pt1c
The answer is “SOCHI”, a resort town in Russia where the winter Olympics will be held.
Thanks to everyone who played!
Leave a Reply