Sunday 4 December 2011

How to solve the GCHQ challenge



NEWS AGENCIES: Click here for press release text.

Below are three videos demonstrating how to solve the GCHQ challenge by Dr Gareth Owen at the School of Engineering, University of Greenwich, England.

Stage 1 is arguably the most difficult, followed by stage 3 and finally stage 2 as the easiest.

Stage 1



To enlarge videos, click play and then press the Youtube button at bottom of video.






Files to download:
p1-complete.asm (this one prints the decrypted data to the screen - no need to use debugger)
PNG Inspector - my code to check PNG image for comments and stenographic content

Stage 2




Files to download:
PHP VM Implementation (by me)
Explanation of VM code (by me)
Conversion of VM code to C (by me)

There isn't anything further hidden in Stage 2 - GCHQ have confirmed to me. Despite the appearance in the second decrypter (the erroneous jmp); allegedly this is a left over relic because they simplified the puzzle for fear it was too difficult.

Stage 3



GCHQ kindly wrote to me to say the fscanf bug was deliberate - so that you could override the crypt check; seems I took a short cut!

Files to download:
C representation of executable


Press release text

Please feel free to use or modify the following text in your story.

The British spy agency GCHQ recently published a puzzle on www.canyoucrackit.co.uk, just a few days later Dr Gareth Owen, an academic at the University of Greenwich in England has posted a full video explanation of the puzzle. The puzzle has three stages and is not at all simple — likely to challenge even the best computer science graduates.

The first stage is to convert the code on the screen to computer code, which turns out to be a decryption algorithm. The data to be decrypted is hidden in the image on the web site (the image of the numbers).

The second stage asks you to build a virtual computer to run a series of codes - which when run produce the link to the third stage.

The third stage gives you a program to run which requires a licence key - the problem is finding the licence key which requires decoding the program and seeing how it works. Then you have to find three hidden numbers from the first two stages and plug them in to get the web address for the final answer.

There has been some speculation that there is a fourth stage hidden in stage 2, although GCHQ have contacted Gareth and guaranteed there isn't.

Click here for solution videos