The Brief

Business at Fat Dex’s Diner is down and he’s blaming it on a new joint opening up on the East Side, Iggy’s Eats. He also claims to have evidence that Iggy has stolen one of his secret recipes, but this proof is encrypted and Dex doesn’t have the key.

Can you help Packet Tracy decrypt the recipe and place enough evidence before the Judge to send the thief down the river to Sing Sing?

Get the full low-down here.

The open case…

TabChalk P.I. at your service. As P.I’s go, I’m cheap, like one of Dex’s meals but I work quickly, look smart and have a hat for every day of the week, today I’m in black!

Monday
9:00am

First thing, let’s have a look inside the USB disk image Wendy got us.

Load it up and we get a TrueCrypt drive called recipe.tc. I’m thinking this is probably the recipe but encrypted, I told you I was quick! I can’t do much with though so let’s do some more digging.

9:05am
Let’s go back to the USB disk image, first unpack it. It’s a VHD, virtual hard disk, you can either dump the contents raw or archive them out. I like things nice and tidy like, so, I’ll just archive them out with good ole 7zip:

7z x evidence.vhd

Whoa! There’s more to this image than the recipe file! Seems like Jamie and Iggy have been busy getting this new R&D facility up and running. Let’s have a look at some of these emails….

10:00am

Hmmm, by the looks of this email it looks like they’ve got a new voicemail system.

Return-Path: sharon.tate@digi.voice
Received: from mailgateway by mail.iggys.eats ; Mon, 10 Sep 2012 20:37:10 +0000
Message-ID: <511804F6.2020506@digi.voice>
Date: Mon, 10 Sep 2012 20:37:10 +0000
From: Sharon Tate <sharon.tate@digi.voice>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130106 Thunderbird/17.0.2
MIME-Version: 1.0
To: Jamie Shea 
Subject: New VOIP system
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Hello Jamie,
Here are the details of the new VOIP system for Iggy's Eats. You'll need a suitable VOIP client app for your PC; we use Express Talk, but any SIP-compatible app ought to do.

Your SIP (5060/UDP) account is JamieShea@voip.iggys.eats.wirewatcher.net . Your extension number is 100 - this is what people will dial internally to call you.

You'll need a password to register with the VOIP system. As discussed, we can't really send it in an email (there are hackers everywhere!!!) so I've encrypted it with the LandRanger Initial code:
HU 389 527 SO 024 737 TG 331 321 SE 081 822 NS 376 143 ST 217 655 SP 800 785 ST 742 178 NH 647 867

You'll know you've got it right if you can dial 200 - this is the "hello world" test extension.

Please let me know if you have any problems,
Sharon
Sharon Tate, Account Manager, DigiVoice

We should be able work out something from those LandRanger grid references, let’s see what Ordance Survey comes up with when we type those references in, you only need the first two digits of the number pair, the last digit needs some good ole fashion manual investigation!

 

http://www.ordnancesurvey.co.uk/oswebsite/support/products/tile-selector.html

 

Grid ref Area Easting Northing Post code Place name
HU 389 527 Shetland 438900 1152700 ZE2 9LW Stenswall
SO 024 737 Powys 302400 273700 LD6 5NE Upper Esgair Hill
TG 331 321 Well Street 633100 332100 NR28 9TR Park Farm Well Street
SE 081 822 Richmondshire 408100 482200 DL8 4RT East Scrafton Moor
NS 376 143 B7034, Dalrymple 237600 614300 KA6 6AS Rodinbain
ST 217 655 Bristol Channel 321700 165500 CF64 5XQ Flat Holm
SP 800 785 Kettering, Northants 480000 278500 NN14 1LH Uplands Farm Main Street
ST 742 178 street, Stalbridge 374200 117800 DT10 2PG Stalbridge
NH 647 867 A836, Ardgay 264700 886700 IV24 3DL Easter Fearn A836

The initial letter of those place names looks sus, could be the VOIP Password: SUPERFUSE.

I try the SIP account details and password, BINGO! We’re into the system, hello world talks sweet nothings to me! What to do next though?

 

11:45am

Perhaps I should try this, a voicemail system:

Return-Path: sharon.tate@digi.voice
Received: from mailgateway by mail.iggys.eats ; Tue, 11 Sep 2012 21:22:26 +0000
Message-ID: <51180F93.5040105@digi.voice>
Date: Tue, 11 Sep 2012 21:22:27 +0000
From: Sharon Tate <sharon.tate@digi.voice>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130106 Thunderbird/17.0.2
MIME-Version: 1.0
To: Jamie Shea <jamie.shea@iggys.eats>
Subject: Re: New VOIP system
References: <511804F6.2020506@digi.voice> <51180E4D.3010501@iggys.eats>
In-Reply-To: <51180E4D.3010501@iggys.eats>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Hi Jamie,
Yes, it's all set up. Dial 98 for the VoiceMail system; you'll need your 
six-digit PIN to get access to your messages.
Against my better judgment I've set you up with your usual favourite 
PIN. The hackers must really love you!!
Sharon
Sharon Tate, Account Manager, DigiVoice

The new fangled PBX they’ve got in Iggy’s comes with a voicemail, unfortunately it’s protected. Our man Jamie is lazy though, a common PIN, tut tut, that could be his undoing! Is it something simple like, 111111, 123456, nah, he’s lazy not stupid! Where am I going to find a PIN?

12:00am
Looks like they’ve had a few problems with the contractors at this place, a video found in the archive has footage from the camera in the lobby, conveniently showing people entering their PIN codes. I count five different codes, perhaps one of these characters is our man Jamie.

  • 4269#3
  • 177369
  • 268453
  • 6999325
  • 235489

The last one must be Jamie (he needs a shave!) as it gets me into his voicemail, he really needs to change his PIN habit! So this gets me a password obeymywords, for the building management system, how do I know? It said so in this mail:

Return-Path: perry@cyber.net.building
Received: from mailgateway by mail.iggys.eats ; Wed, 10 Dec 2012 21:27:00 +0000
Message-ID: <511810A5.3020600@cyber.net.building>
Date: Wed, 10 Dec 2012 21:27:01 +0000
From: Perry Doofenshmirtz <perry@cyber.net.building>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130106 Thunderbird/17.0.2
MIME-Version: 1.0
To: Jamie Shea <jamie.shea@iggys.eats>
Subject: Re: Update please
References: <51180655.6010908@iggys.eats> <51180D2A.4020802@cyber.net.building>

<51180E00.5080805@iggys.eats>
In-Reply-To: <51180E00.5080805@iggys.eats>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Jamie,
You can access the BCS via http://buildingmanagement.iggys.eats.wirewatcher.net

It'll prompt you for a login; the username is iggyistheboss, and I've left you a voicemail with the password.

You can view the cameras (with the exception of the lobby cam that we've disconnected for obvious reasons), and check/alter the states of the various power and lighting circuits.

Sorry for the delay – we're certain you'll be satisfied with the end result!!

Perry
Perry Doofenshmirtz, Chief Technical Evangelising Officer, CyberNetBuilding

01:05pm

A further search of the deleted emails comes up with some plans of the new facility,

Ground Floor

ground

First Floorfirst

Second Floor second

 

I’m betting my black hat that the safe is in the office on the second floor and that camera in room is the one I want to be watching! I get it up on the screen and drop the power, D.I.S.C.O, looks like Iggy has a grudge against our man Dex, the safe contains a gun, a wedge of cash and a not saying FATDEXYOULOSE. Is that our TrueCrypt password?

01:30pm

You bet it is, although Iggy isn’t after Dex’s cheese on toast, she’s cooking up a tasty “Fillet of brill on a bed of samphire served with crab bon-bons, octopus crisps and a shrimp beurre blanc” – Nice! And for all you budding Masterchefs: here’s the recipe!

So to wrap up, it looks like our man Dex is the one who’s heading for Sing Sing, on espionage charges!

Now, I’m off to Fat Sam’s Speakeasy on the East side for you Bourbon!

Case Closed!

(5483)

Tagged with:
 

Leave a Reply

Your email address will not be published. Required fields are marked *