Blog What We Do Support Community
Developers
Login Sign up

Concise Christmas Cryptography Challenges 2019

by Junade Ali, Louis Poinsignon.

Last year we published some crypto challenges to keep you momentarily occupied from the festivities. This year, we're doing the same. Whether you're bored or just want to learn a bit more about the technologies that encrypt the internet, feel free to give these short cryptography quizzes a go.

We're withholding answers until the start of the new year, to give you a chance to solve them without spoilers. Before we reveal the answers; if you manage to solve them, we'll be giving the first 5 people to get the answers right some Cloudflare swag. Fill out your answers and details using this form so we know where to send it.

Have fun!

UPDATE: This quiz is now closed. Thank you to everyone who's played. We have received many responses, 15 of which got all the answers right; we will shortly be sending out some swag to those who got the answers right.

NOTE: Hints, now followed with solutions, are below the questions, avoid scrolling too far if you want to avoid any spoilers.

Challenges

Client says Hello

Client says hello, as follows:

00000c07ac01784f437dbfc70800450000f2560140004006db58ac1020c843c
7f80cd1f701bbc8b2af3449b598758018102a72a700000101080a675bce16787
abd8716030100b9010000b503035c1ea569d5f64df3d8630de8bdddd1152e75f
528ae577d2436949ce8deb7108600004400ffc02cc02bc024c023c00ac009c0
08c030c02fc028c027c014c013c012009f009e006b0067003900330016009d
009c003d003c0035002f000a00af00ae008d008c008b010000480000000b
000900000663666c2e7265000a00080006001700180019000b0002010000
0d0012001004010201050106010403020305030603000500050100000000
001200000017000052305655494338795157524c656d6443436c5246574651
675430346754456c4f52564d674e434242546b51674e513d3d

[Raw puzzle without text wrap]

Time-Based One-Time Password

A user has an authenticator device to generate one time passwords for logins to their banking website. The implementation contains a fatal flaw.

At the following times, the following codes are generated (all in GMT/UTC):

  • Friday, 21 December 2018 16:29:28 - 084342
  • Saturday, 22 December 2018 13:11:53 - 411907
  • Tuesday, 25 December 2018 12:15:03 - 617041

What code will be generated at precisely midnight of the 1st of January 2019?

RPKI

At Cloudflare, we just setup RPKI: we signed a few hundred prefixes in order to reduce route leaks. But some of the prefixes hide a secret message. Find the ROAs that look different, decode the word!

Hints

Client says Hello

This challenge has 3 hints, as follows:

TOTP

The Time-Based One-Time Password Algorithm is described in RFC 6238, which was based of RFC4226 (providing an algorithm for HOTP). The TOTP algorithm requires input of two important parameters, the time and a shared secret - could one be missing?

The implementation used to generate the TOTP codes for the challenge uses SHA-1 as a digest algorithm.

RPKI

Note: This challenge will no longer be valid after mid-January 2019.

This challenge has 4 hints, as follows:

  • Hint #0: Four or six? Probably six.
  • Hint #1: If only there was a way of listing only our IPs!
  • Hint #2: What is the only part of the ROA where we can hide information into
  • Hint #3: Subtract the reserve, the char will show itself

Solutions

If you prefer video form, someone has created a YouTube video of the how to solve the problems, else the written solutions are below:

Client says Hello

The string was (mostly) a capture from Wireshark of a Client Hello frame in TLS 1.2 handshake; as such, it reveals the Server Name where the connection is intended to go; in this case cfl.re.

There is a string suffixed to this hex stream which shouldn't be there; it's a base64 encoded string R0VUIC8yQWRLemdCClRFWFQgT04gTElORVMgNCBBTkQgNQ==. Decoding this string reveals:

GET /2AdKzgB
TEXT ON LINES 4 AND 5

Accordingly; https://cfl.re/2AdKzgB redirects to https://www.cloudflare.com/robots.txt; on lines 4 and 5 is the phrase: "Dear robot be nice".

The GET request would obviously ordinarily not be appended to the Client Hello like this; however SNI information would be. You can find more about the work Cloudflare is doing to encrypt such information, so attackers cannot see which site you're visiting, in the following post: Encrypting SNI: Fixing One of the Core Internet Bugs

TOTP

For this part, I'm going to use the pyotp library to demonstrate how the challenge is set-up:

>>> import pyotp
>>> totp = pyotp.TOTP('')
>>> print totp.at(1545409768)
084342
>>> print totp.at(1545484313)
411907
>>> print totp.at(1545740103)
617041

Note that the argument to the TOTP function is set to an empty string, this means that there is no secret in place; and the one time passwords are generated solely from a hash of the time. Accordingly, a TOTP with the timestamp generated at midnight on New Year is 301554.

Whilst this may seem like a somewhat incredulous position for a developer to end up in - searching GitHub, I was even able to find implementations that used the default secret (base32secret3232) for all users wanting to authenticate to a website. This means that any other user's One Time Password is valid for any other account, and the secret could likely be breached fairly easily (as it isn't randomly generated).

RPKI

Cloudflare can only generate ROAs based on their prefixes. The IPv6 prefixes are listed here: https://cloudflare.com/ips-v6.

Using any RPKI validated prefix list (https://rpki.cloudflare.com/rpki.json, or using the GUI of the RIPE’s RPKI Validator), test out our IPv6 prefixes. Some of them will appear coming from Reserved ASNs for Private Use:

  • 2803:f800:cfcf:cfcf:cfcf:cfcf:cfcf:1 - B
  • 2803:f800:cfcf:cfcf:cfcf:cfcf:cfcf:2 - R
  • 2803:f800:cfcf:cfcf:cfcf:cfcf:cfcf:3 - A
  • 2803:f800:cfcf:cfcf:cfcf:cfcf:cfcf:4 - V
  • 2803:f800:cfcf:cfcf:cfcf:cfcf:cfcf:5 - O

Subtract 4200000000, it will give you one byte for each character of the secret word.

Repeat until the word is decoded.

Interested in helping build a better internet and drive security online? Cloudflare is hiring.

comments powered by Disqus