Trustwave and Cybereason Merge to Form Global MDR Powerhouse for Unparalleled Cybersecurity Value. Learn More
Get access to immediate incident response assistance.
Get access to immediate incident response assistance.
Trustwave and Cybereason Merge to Form Global MDR Powerhouse for Unparalleled Cybersecurity Value. Learn More
We have a winner! @TimoHirvonen
Congratulations Timo! His gift will be a Trustwave Spiderlabs goodie package which includes a Trustwave cinch pack, the latest Spiderlabs tshirt, several stickers, a Throwing Star LAN Tap, and an exclusive Spiderlabs challenge coin.
There were many that came very close, and a few who quit JUST before they would have gotten the answer. I cringed every time I saw it happen. Timo was gracious enough to write up how he solved the cipher, it's pasted verbatim below:
On Monday I noticed the blog post with SpiderLabs Crypto Contest hints. I googled Triforce and found this image: http://en.wikipedia.org/wiki/File:Triforce.svg. I calculated the length of the ciphertext, and it turned out to be divisible by three (273=3*91). Moreover, 91 equals to 1 + 2 + … + 13 so it is possible to format the ciphertext into three triangles that have one character on the first row, two on the second, etc.
I split the ciphertext into three chunks and formatted each chunk into a triangle. The hints told tol ook for uniqueness after the transposition, and one of the tweets (https://twitter.com/atucom/status/289974039794040834) said "look for the side that is unlike the others". None of the sides were unique so I clearly did something wrong. However, I did realize that the length of the long side (2*13) conveniently equals the size of the English alphabet.
Then I noticed this tweet (https://twitter.com/atucom/status/290289441153626113): "left to right, top to bottom". I kept the top triangle but changed the bottom two: I put the 92nd letter to top of the bottom left triangle, 93rd to the top of the bottom right triangle, then94th&95th to left, 96th&97thto right, and so forth. This transposition had the uniqueness I was looking for: the left side of the large triangle was a permutation of the English alphabet (RICLDKGUQAWZXBEFPYHJMONSTV).
It was easy to guess that the permutation of the alphabet is most likely the key for the substitution cipher. So I replaced R with A, I with B, etc. The resulting plaintext was clearly English, I just replaced all occurrences of letter X with spaces to make it more readable.
Over the span of the contest I released several hints. They are below:
Using these hints, most people can derive the following:
This was the ciphertext I gave in the first blog post:
RISCCELBGYDRJHSKEBSHEGZOQBGSUJUDSKQYQHJSJYQKEAYCDSC
QFUDWYSDODYSCYDZRJDLSHDBLSRXJMCEXSJUDSCEBLEDNEFYLS
ZEPZNMJCYTYFJESEBSJNHQJJDYSRBLSTJEMZZSNQBSJUDSMFYQV
DHSSSSJUDSYODHJSQHSGRYIRGDSZWNARICQTIURZCHUAIZRHOS
MRAIZOQRIACZRWHABLZASTVSCVSZCQMVSICZVSCIAZVSQVMICVS
ZCVMSICAZVSMCIZRSRZZ
Using the ciphertext, you write it out into the shape of a Triforce:
So now that we have transposed it properly, one of the sides is special somehow. Well, if you look at the sides of the Triforce, there is one side that is different than the rest. Can you see it?
How is it different than all of the other sides? It's the only side with one instance of every letter. No duplicates at all on that side. Why does that matter? Well, if you count how many letters there are, you would count 26 letters. Guess what else has 26 letters? The English Alphabet.
If you paid attention to the explanation of substitution ciphers, you would see that they typically have a 1:1 ratio of letters. Knowing this, you can see how this unique 26 letter string has a high probability of being a key. So then lets lay it out:
ABCDEFGHIJKLMNOPQRSTUVWXYZ
RICLDKGUQAWZXBEFPYHJMONSTV
If you take that key, you can start translating everything else that's not the key (the data), which results in:
XCONGRATSXONXSOLVINGXTHEXFIRSTXTRIFORCEXCIPHERXEVERXCREATED
XSENDXATUCOMXTHEXCODEWORDXLOLWUTCRYPTOXONXTWITTERXANDX
YOULLXWINXTHEXPRIZESXXXXTHEXRESTXISXGARBAGEXLKJABCIYBHALCSH
JBLASVUAJBLVIABJCLAKSJNDLJXZXCZXLCIUZXBCLZXCBJLZXIUBCZXLCZUXBC
JLZXUCBLAXAL
Lets make this easier to read:
XCONGRATSXONXSOLVINGXTHEXFIRSTXTRIFORCEXCIPHERXEVERXCREATED
XSENDXATUCOMXTHEXCODEWORDXLOLWUTCRYPTOXONXTWITTERXANDX
YOULLXWINXTHEXPRIZESXXXXTHEXRESTXISXGARBAGEXLKJABCIYBHALC
SHJBLASVUAJBLVIABJCLAKSJNDLJXZXCZXLCIUZXBCLZXCBJLZXIUBCZXLCZUXBC
JLZXUCBLAXAL
There you have it. To win, you needed to send me the phrase "LOLWUTCRYPTO" on twitter.
Now lets go into my favorite part, the cryptanalysis…
The Triforce Cipher Cryptanalysis
This isn't the worst cipher in the world, but it really isn't that great. There are several limitations that we shall go into.
Data Limit:
Being that the cipher must conform to the shape of a Triforce, this imposes a restriction on the size of data it can contain. The Triforce is a equilateral triangle, which means all sides must be the same length, and if one of the sides is the key, than the total data size is limited by how long your key is. This relationship between how long your key length is to how much data you can store can be calculated using the following equation:
Where S is the data size and n is the key length.
Or this excel formula to make it easier:
B1=3*(((A1/2)*((A1/2)+1))/2)-A1
This means that if you have a 26 letter key, you can contain247 characters of data, which comes out to a total ciphertext length of 273characters.
Key Length |
Data Length |
Total Length |
4 |
5 |
9 |
6 |
12 |
18 |
8 |
22 |
30 |
10 |
35 |
45 |
12 |
51 |
63 |
14 |
70 |
84 |
16 |
92 |
108 |
18 |
117 |
135 |
20 |
145 |
165 |
22 |
176 |
198 |
24 |
210 |
234 |
26 |
247 |
273 |
28 |
287 |
315 |
30 |
330 |
360 |
So if you decided to write the ciphertext using the hexadecimal character set instead of the English alphabet, you could store 92characters of data.
Using the table above, you can easily figure out how long the key is based on the total length (you can also just count how many different characters there are, but this is easier)
The Wall Of Secrecy Is Very Short
Another issue with this cipher is the fact that the key to decrypt the ciphertext is easily compromised once it's understood that this is a Triforce Cipher. This essentially places it on the same level of strength asa Caesar cipher. If you know what encryption algorithm you are dealing with, it's game over.
Further Challenges:
The next Spiderlabs Crypto Contest will be a modified book code I'm working on.
Trustwave is a globally recognized cybersecurity leader that reduces cyber risk and fortifies organizations against disruptive and damaging cyber threats. Our comprehensive offensive and defensive cybersecurity portfolio detects what others cannot, responds with greater speed and effectiveness, optimizes client investment, and improves security resilience. Learn more about us.
Copyright © 2024 Trustwave Holdings, Inc. All rights reserved.