Return to Unfiction unforum
 a.r.g.b.b 
FAQ FAQ   Search Search 
 
Welcome!
New users, PLEASE read these forum guidelines. New posters, SEARCH before posting and read these rules before posting your killer new campaign. New players may also wish to peruse the ARG Player Tutorial.

All users must abide by the Terms of Service.
Website Restoration Project
This archiving project is a collaboration between Unfiction and Sean Stacey (SpaceBass), Brian Enigma (BrianEnigma), and Laura E. Hall (lehall) with
the Center for Immersive Arts.
Announcements
This is a static snapshot of the
Unfiction forums, as of
July 23, 2017.
This site is intended as an archive to chronicle the history of Alternate Reality Games.
  

The time now is Mon Nov 11, 2024 8:42 pm
All times are UTC - 4 (DST in action)		 View posts in this forum since last visit
View unanswered posts in this forum
Calendar
 Forum index » Diversions » Perplex City Puzzle Cards » PXC: Silver Puzzle Cards
[PUZZLE] #251 - Silver - The Thirteenth Labour - READ POST#1
Moderators: AnthraX101, bagsbee, BrianEnigma, cassandra, Giskard, lhall, Mikeyj, myf, poozle, RobMagus, xnbomb
View previous topicView next topic
Page 6 of 73 [1087 Posts]   Goto page: Previous 1, 2, 3, 4, 5, 6, 7, 8, ..., 71, 72, 73  Next
Author Message
hairysocks
Boot


Joined: 09 Jan 2006
Posts: 38
Location: Exeter, Devon, England

 		I think the idea of a collaboration on cracking this card is a good one. Its also what is suggested by MC (I can't remember where I read that, but it was on a reply to someone's question regarding this card, or Riemann or Shuffled).

But there seems to be an assumption that the data to decrypt is obvious - the bytes as shown on the card; and the form the decrypted file will be is also obvious - a text message.

These assumptions must be questioned.

I have mentioned in the other #251 discussion that the data may not be in left-right, top-bottom as shown on the card. It may be in any one of 8 possible orders. All variations are in the attached ZIP file so you can try them. The file that matches the order shown on the card is ppc_lrtb - "lrtb" means "left to right, then top to bottom", which is the way we read English. Others, such as Arabic readers, would find "rltb" more intuitive. Anyway, the card itself has no indication which way to read the data, so we should try all possibilities.

The second assumption to question, namely that the decrypted version of the data will be a bit of readable text is also not necessarily valid. It could be an image file - BMP, JPEG, PNG, GIF being the most obvious to check for.

Even if the answer is plain text, it doesn't mean the whole file is plain text - there may be some non-printable characters at the beginning of the decrypted file that would cause a simple check for plain text to fail.

So, anyone writing a cracking program to solve this card should consider these points. I hope I haven't shattered your dreams of breaking this encryption quickly!
data-files.zip
Description 
zip

 Download 
Filename  data-files.zip 
Filesize  2.29KB 
Downloaded  172 Time(s) 
_________________
"You never can tell with Heffalumps"

PostPosted: Sun Mar 26, 2006 12:02 pm
 View user's profile
 Back to top 
Guin
Unfettered


Joined: 11 Jan 2006
Posts: 400
Location: Antartica

 		knocked this up. Just needs to be linkified. If its any use I could knock up a simple web page with an explanation and download details etc. ANy ideas?



Okay so I used the Assault on precinct 13 as a theme Razz
_________________
So long and thanks for all the fish! Trout

PostPosted: Sun Mar 26, 2006 2:46 pm
 View user's profile Visit poster's website AIM Address Yahoo Messenger MSN Messenger
 Back to top 
hexDa3m0n
Boot

Joined: 15 Dec 2005
Posts: 60
Location: Lancaster, England
hairysocks wrote:


The second assumption to question, namely that the decrypted version of the data will be a bit of readable text is also not necessarily valid. It could be an image file - BMP, JPEG, PNG, GIF being the most obvious to check for.


I decrypted (and encrypted, just in case) nearly 60,000 keys (all eight letter words, upper and lowercase)

All of the results that came back were less than 1K big.

Personally, I'm not saying this means that it is plain acsii, but i think it is unlikely to be anything else, with it being so small.....

PostPosted: Sun Mar 26, 2006 5:07 pm
 View user's profile AIM Address MSN Messenger
 ICQ Number 
 Back to top 
ambskunk
Veteran


Joined: 18 Mar 2006
Posts: 77
Location: Brisvegas, Australia

 		No one seems to have directly emailed MC asking any questions about the implementation of the RC5 on this card so I emailed MC asking if the cypher is in accordance with the RSA competition rules (http://www.rsasecurity.com/rsalabs/node.asp?id=2101). At least an answer to this may clear up once and for all questions about character ranges and if the answer starts with the ol' "The unknown message is:". I haven't received a response but will let you know if I do.

Quote:
I'm working at the moment on a heaviliy customised .NET port of the RCCRYPT 1.6 Client with PXC extensions and appropriate service and connectivity wrapping. The Web Services to access the DB will then follow - they are in fact the easy bit.


The rccrypt author, Rick, wrote that V1.4 was quicker than 1.6, may be worth using this instead? (http://forums.unfiction.com/forums/viewtopic.php?p=205539&highlight=#205539)

I've also run well over a 1000 million keys through version of rccrypt by c1023 (
http://forums.unfiction.com/forums/viewtopic.php?p=205099&highlight=#205099) and not one of them has output a result. I would have thought that at least some keys would have returned something in low ascii range even if it was garbage. Am I missing something here?

PostPosted: Sun Mar 26, 2006 8:14 pm
 View user's profile
 Back to top 
chimera245
Decorated

Joined: 09 Mar 2006
Posts: 209

 		Progress Report
OK - got some good progress over the weekend on the rccrypt port - which I am hopefully going to have finished Tuesday night (I won't get to work on this Monday night).

Suprisingly enough porting to C# was a lot easier than I expected - I hope I haven't missed something. I'll do some encrypting/decrypting tests to make sure, and I'll farm the client out to a few of you to check.

As for hairysocks comments - we are going to have to make some assumptions about the order of the data (and for that matter the type of output) for this to be workable. I think as others have said the output is really likely to be too small to be anything but ASCII - so I think we have a fairly strong call.

As for the input, while I agree that other cultures/languages may read differently, AFAIK there is only one standard way to read Hex, which is top down/left right. If we can come up with a good reason for it to be in a different reading order - then we can change it - but at the moment I don't think we have one.

Thanks all for the offers of the PC's - we're going to need em Smile

PostPosted: Sun Mar 26, 2006 8:19 pm
 View user's profile Visit poster's website
 Back to top 
hairysocks
Boot


Joined: 09 Jan 2006
Posts: 38
Location: Exeter, Devon, England

 		My reason for suggesting the decryption could give an image file is because even with a very small image file it could be possible for it to refer to a longer message - think about the Barcode Recipe card and the Perplex City postcard, and the data grid barcodes on them. I assume most people have managed to decrypt them? Anyway, without giving too much away they both point to web sites.

I've written a Java app that take the decrypted file from rccrypt and checks for strings of text and tries to open the file as an image. In some cases the data is structured as a monochrome BMP and the image produced is certainly large enough for more than one data grid barcodes. I have some examples at work, I'll post some when I get there.

chimera245 said
Quote:
As for the input, while I agree that other cultures/languages may read differently, AFAIK there is only one standard way to read Hex, which is top down/left right. If we can come up with a good reason for it to be in a different reading order - then we can change it - but at the moment I don't think we have one.


But there are a lot of the cards which have foreign languages on them, or as part of the puzzle, so why should we assume this card has to conform to English rules of writing and reading?
_________________
"You never can tell with Heffalumps"

PostPosted: Mon Mar 27, 2006 4:08 am
 View user's profile
 Back to top 
hairysocks
Boot


Joined: 09 Jan 2006
Posts: 38
Location: Exeter, Devon, England

 		Here is an example of a decrypted file being in a BMP file format. In this case the rccrypt tool was used with the -p option, the "password" was 8eLkarEH (which is herakles, backwards with 8 in place of s and letters H, E and L upper case) and the data on the card being used in the "English" way of reading it - i.e. left to right, top to bottom.

The image in the file has been enlarged to 400% of its original size so you can see the individual pixels. I know the image here doesn't look like a solution (!) but it shows the potential - you could have a barcode, or even a piece of text displayed in this many pixels.
decrypt-p-8eLkarEH-lrtb-enlarged.PNG
 Description   
 Filesize   1.6KB
 Viewed   1420 Time(s)

decrypt-p-8eLkarEH-lrtb-enlarged.PNG
_________________
"You never can tell with Heffalumps"

PostPosted: Mon Mar 27, 2006 9:29 am
 View user's profile
 Back to top 
hexDa3m0n
Boot

Joined: 15 Dec 2005
Posts: 60
Location: Lancaster, England

 		OK.
So it may be a picture then.....am attaching a list of the words that I have tried, if anyone has an urge to help check through these, I am thinking about using yousendit, or talking my friends into hosting them for me.....
8LetterWords.txt
Description 
txt

 Download 
Filename  8LetterWords.txt 
Filesize  209.05KB 
Downloaded  1867 Time(s) 

PostPosted: Mon Mar 27, 2006 12:36 pm
 View user's profile AIM Address MSN Messenger
 ICQ Number 
 Back to top 
BrianEnigmaModerator
Entrenched


Joined: 05 Oct 2003
Posts: 1199
Location: Pacific Northwest
hairysocks wrote:
But there seems to be an assumption that the data to decrypt is obvious - the bytes as shown on the card; and the form the decrypted file will be is also obvious - a text message.

When doing large-scale computational operations, you generally have to make a few assumptions. In AI work, these are known as "heuristics." They cut down on the possible search space by several orders of magnitude. First, you make some obvious assumptions and then if the assumptions turn out to be wrong, then you circle back and try the less obvious stuff.

Calculating the RC5-64 decrypt of an 8-byte keyspace will take a long time. I don't know the exact number, but I recall people posting here that it will be a year, so let's use that for the following example. If we suddenly have 8 different orderings of the ciphertext, that multiplies our year by, of course, 8. So suddenly, our one-year project will take 8 years to complete. Generally, for something like this, you would want to test the obvious path (left-to-right, top-to-bottom) and then if that does not yield results, try the other 7. That way, we have a very high percentage chance of finding the solve in a year instead of an evenly distributed percentage over 8 years.

As for the content of the message, yes--technically it can be anything. But keeping within reason, we have to assume that it's plaintext. ALL PREVIOUS RC5 challenges decoded to plaintext and this is most certainly taking on the feel of the previous RC5 challenges (see also: the five bovine icons at the bottom of the card.) Second, text is just about the only usable data that can fit within the space of the decrypted text. Sure, technically, you could have a little bitmap (maybe 10x10 or 50x50, depending on how many colors) or a snippet of sound or an executable, but based on both usefulness and historic evidence, this is very very unlikely. The added benefit of assuming it is plaintext is that the algorithm for determining whether the result is a good decrypt is much more simple. Sure, you could write code to look for the magic header of all known files (or shell out to the Unix "file" command and incur the CPU overhead of bringup and teardown of a subprocess for each key you try), but a test for each character being below 0x7F ("printable" plus some control characters in case there's a linefeed or carriage return in the mix) can be done much more efficiently.

Anyway, that's my $0.02. You can ignore it all you want, but I've been working with both cryptography (mainly financial) and code optimization (mainly firmware and handhelds) for over a decade and have dealt with these kinds of things before.
_________________
Y0 Resources / VP Wiki / PXC Catalog / Metacortex

PostPosted: Mon Mar 27, 2006 2:15 pm
 View user's profile Visit poster's website
 Back to top 
hairysocks
Boot


Joined: 09 Jan 2006
Posts: 38
Location: Exeter, Devon, England
BriEnigma wrote:
Anyway, that's my $0.02. You can ignore it all you want, but I've been working with both cryptography (mainly financial) and code optimization (mainly firmware and handhelds) for over a decade and have dealt with these kinds of things before.


So I guess if anyone wants to slip something past you all they have to do is put some text on a web site, encode the URL as a data grid barcode stored in a monchrome BMP file, encrypted with rccrypt and voila - you'll never, ever decrypt it because your 10 years experience will force you to assume the encoded data is really plain text.

Anyway, I have been a professional software developer and systems' analyst for 21 years, so nya-nya-nya! Shocked
_________________
"You never can tell with Heffalumps"

PostPosted: Mon Mar 27, 2006 4:19 pm
 View user's profile
 Back to top 
Juxta
Unfettered

Joined: 28 Aug 2005
Posts: 675

 		Well. I've never worked with cryptography. Ever. However, I can spot ass-hattery at 200 paces. Unnecessary. Rolling Eyes

As for Bri's point, if you'd care to read it, it makes rather a lot of sense...we're discussing the decryption of a PxC puzzle card here. Whilst Mind Candy/the CRT have created it to be a stern test (and seemingly one which they are looking for us to apply significant man/CPU hours to) they aren't attempting to create something which can *never* be deciphered. As was suggested, we can either take the approach of covering every available angle and possibility which will take a LONG time, or we make some educated and calculated decisions to narrow the search down. Now, back to the experts...play nice eh kids?

J
_________________
zzzshusoharuxpfrp

PostPosted: Mon Mar 27, 2006 5:36 pm
 View user's profile MSN Messenger
 Back to top 
Amorya
Guest
oliverkeers13 wrote:
I'm more than happy to help, but as I use a mac, I'm not sure I'd be able to. Here's hoping I can!


I'm a Mac coder. Not great, but I've done a bit of porting stuff before. If whoever makes the client will release their source code, I might be able to get it running on Macs.

Amorya

PostPosted: Mon Mar 27, 2006 6:37 pm
 Back to top 
BrianEnigmaModerator
Entrenched


Joined: 05 Oct 2003
Posts: 1199
Location: Pacific Northwest
hairysocks wrote:
BriEnigma wrote:
Anyway, that's my $0.02. You can ignore it all you want, but I've been working with both cryptography (mainly financial) and code optimization (mainly firmware and handhelds) for over a decade and have dealt with these kinds of things before.


So I guess if anyone wants to slip something past you all they have to do is put some text on a web site, encode the URL as a data grid barcode stored in a monchrome BMP file, encrypted with rccrypt and voila - you'll never, ever decrypt it because your 10 years experience will force you to assume the encoded data is really plain text.

Yep, pretty much. At least, not in the first hypothetical year of the example I presented. In just the same way that printing the data on the card in reverse order would "slip past me." It's a statistics game and you have to play the good odds first and the craptastical odds later if the first ones don't pan out.

hairysocks wrote:
Anyway, I have been a professional software developer and systems' analyst for 21 years, so nya-nya-nya! Shocked

Well, if you want to start trying to make fun of others by pulling rank, I only said that I have been doing things like financial cryptography and microcode for 10 years. It was "only" 19 years ago when I started up my first software company (making $10K/year, which sounds like nothing now, but seems like a ton of money when you're a teen.) So let's cut back on implying that people are stupid or inexperienced, okay? Everyone on this board has an equal voice and it's really up to the application developer to determine what should and shouldn't be checked. In your distributed application, you can use whatever solve heuristics you want.
_________________
Y0 Resources / VP Wiki / PXC Catalog / Metacortex

PostPosted: Mon Mar 27, 2006 8:01 pm
 View user's profile Visit poster's website
 Back to top 
Jakeo
Decorated

Joined: 30 Aug 2005
Posts: 159
Location: Edinburgh

 		Re: Progress Report
chimera245 wrote:

Suprisingly enough porting to C# was a lot easier than I expected - I hope I haven't missed something. I'll do some encrypting/decrypting tests to make sure, and I'll farm the client out to a few of you to check.


Did you port the algorithm, or point to Brian's Windows DLL. I would have thoght that the search would be much more efficient running as unsafe code than as managed by C#. Also, is it .NET 2.0 or 1.1?

chimera245 wrote:
Thanks all for the offers of the PC's - we're going to need em Smile


Can I offer my services to audit the code for you? I'm a C# programmer and I might be able to spot a few efficiency increases. (I've had to optimise search algorithms in managed languages before)

The MAC users out there, Mono (http://www.go-mono.com/) *might* allow you to participate. I'm not sure, and I don't think its very efficient, but every cycle is useful Smile

PostPosted: Tue Mar 28, 2006 6:07 am
 View user's profile
 Back to top 
c1023
Boot

Joined: 21 Oct 2005
Posts: 58
Location: Hampshire, UK
ambskunk wrote:
I've also run well over a 1000 million keys through version of rccrypt by c1023 (
http://forums.unfiction.com/forums/viewtopic.php?p=205099&highlight=#205099) and not one of them has output a result. I would have thought that at least some keys would have returned something in low ascii range even if it was garbage. Am I missing something here?


Supposing the decrypted text is 150 characters long, and for simplicity, saying that characters 0x00 to 0x7F are printable, and 0x80 to 0xFF are unprintable.

The probability that data decrypted with an incorrect key gives just readability text is about 1 in 2^150. Aproximately 1 in 10^45.

Given a 64 bit key, so 2^64 keys the probability of there being another decrypted string consisting of only printable characters is about 2^64/2^150
or 1 in 77371252455336267181195264

This is based on the assumption that decrypting with the wrong key gives completely random results, but it is still very unlikely that an incorrect key would would give a false positive when testing for all printable characters.

PostPosted: Tue Mar 28, 2006 8:37 am
 View user's profile
 Back to top 
Display posts from previous:   Sort by:   
Page 6 of 73 [1087 Posts]   Goto page: Previous 1, 2, 3, 4, 5, 6, 7, 8, ..., 71, 72, 73  Next
View previous topicView next topic
 Forum index » Diversions » Perplex City Puzzle Cards » PXC: Silver Puzzle Cards
Jump to:  


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
You cannot post calendar events in this forum



Powered by phpBB © 2001, 2005 phpBB Group