To mark the centenary of Alan Turing the UK Cyber Challenge and PWC’s Senad Zukic devised a cunning cipher. This was a tricky cipher as it was not only old school ciphers and systems but also had a nice twist in the middle.

The cipher for the challenge is the image below, if you want to attempt to puzzle, just down load the image and read no more, everything you need is there.

The first task is to digitise the ciphers on the screen…

The flag text then becomes:
GWJJQ BZIBU HZXVQ MPHCD KUEAn S
iCVDW BVLWA WDQQJ MOGZO MQYLL
KSRGZ BSQPU ZGUWR VJPVF AMUC
DeXQC NFSNG UAWBM RFAMV DQW
ZUYKD ZFCPi TQTYS LALRY URAQ
HwBGR VLVCJ MKKVT DSPIT ZGYT
KADZP RDFTU PAGMY ILXYT PPG
JFDCN MQGRT DGEGQ ZAAME QGRS
XUMDM MNBDX PRGUH KZGMH RLQNK
ZTQTV RLXCB BAYCV RDDVZ QVST
IJKRG GTYRW OOEYX NPDRI FQY
YALJR LOJAA VBSAP CUFIC LU
DTCWB KPPWS JOQCK RABC
DEFGH IJKLM NOPQR S
TUVWX YZABC DEFG
HIJKL MNOPQ R
STUVW XYZ

And the Morse-code is:
- ...- --.. -... ..-. . .-.. -. .-. . .... ..-. .--. ... ..-. - .-. .-- - --.- --. . .-- .-- --- .-.. --.- -. --- .- -... --- -..- --- -.-- .. --. . .-- .-- -.. .... -..- --- --- .-. -.. --- -. -... -- -. .-.. .-- .--. ..- .- . -.-. -.-- .. .--. ...- .-. --.- .. --- .-. --- -... .... -.—

Which in turn converts to:
TVZBFELNREHFPSFTRWTQGEWWOLQNOABOXOYIGEWWDHXOORDONBMNLWPUAECYIPVRQIOROBHY

On closer examination of the JPG there is also binary interlaced with the morse-code lines which is:
01010100010101101001101001000010010001100100010100110001001100010
0010010001010100100011000110010100000101001101100100010101 001
10100100100010101010100010100010100011101000101 011101
101010111010011110100110001010001010011 10 1000001
11010000011100001001001111010 1000 00100111111
01001010010010100011001010 101010101110
1010111000010001 00100001011000
01001111010100100
011110

Although not a complete string it translates to the first part of the Morse code:
TVZBFELNREHFPSFTRWTQGEWWOLQNOABOXOYIGEWWDHX==

This turned out to be exactly the same as the Morse code and a red herring, so was not used anymore in the challenge!

A quick frequency analysis of the other two ciphers shows random frequency on the flag code so I suspected that was Enigma output and the Morse showed characteristics of running key or Playfair ciphers based on the monogram and bigram counts.  Fortunately I opted to pursue the Playfair route which was confirmed in one of the clues released, it still didn’t give me the edge though!

Variance: 7.16816
Standard deviation: 2.67734

Nr.

Histogram

Bigram

Trigram

1.

O

9

12.5%

EW

2

2.78%

EWW

2

2.78%

2.

W

6

8.33%

OR

2

2.78%

GEW

2

2.78%

3.

E

5

6.94%

WW

2

2.78%

RDO

1

1.39%

4.

R

5

6.94%

GE

2

2.78%

REH

1

1.39%

5.

N

4

5.56%

YI

2

2.78%

ROB

1

1.39%

6.

B

4

5.56%

XO

2

2.78%

RQI

1

1.39%

7.

F

3

4.17%

QI

1

1.39%

SFT

1

1.39%

8.

T

3

4.17%

QG

1

1.39%

RWT

1

1.39%

9.

P

3

4.17%

RD

1

1.39%

QNO

1

1.39%

10.

Y

3

4.17%

RE

1

1.39%

QIO

1

1.39%

11.

Q

3

4.17%

QN

1

1.39%

OYI

1

1.39%

12.

H

3

4.17%

PV

1

1.39%

OXO

1

1.39%

13.

L

3

4.17%

ZB

1

1.39%

ORO

1

1.39%

14.

I

3

4.17%

OO

1

1.39%

PSF

1

1.39%

15.

X

2

2.78%

OX

1

1.39%

PUA

1

1.39%

16.

V

2

2.78%

OY

1

1.39%

QGE

1

1.39%

17.

A

2

2.78%

PU

1

1.39%

PVR

1

1.39%

18.

G

2

2.78%

PS

1

1.39%

TQG

1

1.39%

19.

D

2

2.78%

RO

1

1.39%

TVZ

1

1.39%

20.

Z

1

1.39%

RW

1

1.39%

XOO

1

1.39%

21.

U

1

1.39%

WD

1

1.39%

WWO

1

1.39%

22.

C

1

1.39%

VZ

1

1.39%

WWD

1

1.39%

23.

S

1

1.39%

WO

1

1.39%

XOY

1

1.39%

24.

M

1

1.39%

WP

1

1.39%

YIG

1

1.39%

25.

 

 

 

WT

1

1.39%

ZBF

1

1.39%

26.

 

 

 

VR

1

1.39%

YIP

1

1.39%

27.

 

 

 

UA

1

1.39%

WTQ

1

1.39%

28.

 

 

 

ON

1

1.39%

WPU

1

1.39%

29.

 

 

 

SF

1

1.39%

UAE

1

1.39%

30.

 

 

 

TQ

1

1.39%

ORD

1

1.39%

Signs: 72
Entropy: 4.34635

This is where I spent the majority of my analysis!

I spent a few days writing and fine tuning my own Playfair bruteforcer as most of the online ones only allow single entry, so I sourced a C routine for playfair and adapted it for dictionary lookups.

Being a Turing based cipher I decided to create a Turing based dictionary from the www.turing.org.uk web site using @digininja’s excellent cewl tool.

./cewl.rb -m 6 -d 2 -w turing2.lst -a --meta_file turing2.meta -e --email_file turing2.email http://www.turing.org.uk/turing/

This gave me a Turing wordlist of 8000 or so words to bruteforce with.

Trying different combinations, permutations, groupings and keys came to nothing on this part until the clue tell us that encryption is just as revealing as decryption was released. As I had only written my bruteforcer to “decrypt” I then had to adapt to encrypt plain-text into Playfair.  While I was doing this, the code had been cracked but I persisted anyway and once I’d got the code working it worked first time.

The parameters used are -e for encrypt text (there’s also -d), -w for wordlist and -c for the crib (old school for plaintext!)

# ./pfb –e morseconv.txt –w turing2.lst -c ENIGMA
Starting...
USED 'LORENZS' to find ENIGMA:
MYSCHOOLENIGMAIMARKTHREEROTERSSEVENTHREEFIVEREFLECTORUKWBRINGTWOTHREESIX
Finished
(1 hit(s) out of 8016 attempts)

Broken out this reads:
MY SCHOOL
ENIGMA I MARK THREE
ROTERS SEVEN THREE FIVE
REFLECTOR UKWB
RING TWO THREE SIX

The school is GCCS, the old name for GCHQ.  Enigma 1 Mark III is the Army and Navy machine with 8 rotors, reflector and rings are self explanatory if you know your Enigma’s!

I then put this into my “favourite” Enigma emulation (http://people.physik.hu-berlin.de/~palloks/js/enigma/enigma-u_v20_en.html), set the rotors, reflector and rings accordingly, used the GCC as the start key and pasted in:

GWJJQBZIBUHZXVQMPHCDKUEAnSiCVDWBVLWAWDQQJMOGZOMQYLLKSRGZBSQPUZGUWRVJPVFAMUCDeXQCNFSNGUAWBMRFAMVDQWZUYKDZFCPiTQTYSLALRYURAQHwBGRVLVCJMKKVTDSPITZGYTKADZPRDFTUPAGMYILXYTPPGJFDCNMQGRTDGEGQZAAMEQGRSXUMDMMNBDXPRGUHKZGMHRLQNKZTQTVRLXCBBAYCVRDDVZQVSTIJKRGGTYRWOOEYXNPDRIFQYYALJRLOJAAVBSAPCUFICLUDTCWBKPPWSJOQCKR

At this point I was really hoping to see gobbledegook as I was expecting to use the mechanism the Germans did to encode keys within the cipher but it wasn’t to be, instead I got:
congratulations  on successfully breaking the alan turing cipher we hope that you have learnt vomething new about the man and about cryptography itself for more information about a career in cyber security please visit cybersecurity challenge dot org dot uk the winning code is hut eight ultra please email this to media at cybersecurity challenge dot org dot uk

Simple.

Many thanks to Senad Zukic, PWC and the UK Cyber Challenge for a great puzzle.

(297325)

Tagged with:
 

Leave a Reply

Your email address will not be published. Required fields are marked *