2011 Cryptography/Steganography Cracking Contest

SOLDIERX proudly presents the official 2011 Cryptography/Steganography Contest. This contest will run from August 30, 2011 until December 31, 2011. At the moment anybody who can complete all of the challenges of this contest will get free VIP and a shirt. The first person to complete the challenge gets $100. If only one person is able to complete the contest, we will be awarding a large prize (to be disclosed in the future).

Unlike contests in the past, this contest puts you in a very real situation of trying to decipher data. It also has a back story to go with it. Without further delay, I give you the story:

Part 1 - The Heist

Shortly after cisc0ninja and RaT had become friends, they started to have all night marathons of hacking and reversing. During one of these nights, RaT happened to drift off to sleep while cisc0ninja was still sober. "Wow, I bet RaT has all sorts of 0day," thought cisc0ninja. Despite being RaT's friend, cisc0ninja decided he was going to heist his data. That night, cisc0ninja took RaT's external hard drive and dumped everything to his laptop. Unfortunately for him, most of the data seemed meaningless. Despite not understanding the format things were in, he decided to keep it and figure it out another day.

Part 2 - 0day Can Happen to Anyone

10 years passed and cisc0ninja had still not cracked the files. Despite this fact, he continued to copy them onto every new laptop that he bought. He figured that some day he would eventually figure them out. "There just had to be something really great in them," he thought. In preparation for Defcon 19, cisc0ninja started hardening his laptop with grsecurity and PaX. "Damn Xorg won't work with PaX," cisc0ninja thought to himself, "Guess I'll just disable PaX protections on it." The same thing happened with Flash and Firefox, so he disabled PaX on those as well. Little did cisc0ninja know, there were people at Defcon with flash 0day. He set his laptop up for OCTF and had Jerbo watch it so he could go on the hunt for some greasy geek poon. During cisc0ninja's failed conquest, Jerbo happened to hit a local webserver that was serving up some flash 0day goodness. The exploit quickly backdoored cisc0ninja's machine and did a connect back to an eager hacker. He started dumping all of cisc0ninja's files, including RaT's. In the words of Raven, 0day Can Happen to Anyone.

Part 3 - The Secret Message

Little did cisc0ninja know, one of the main members of SX had infiltrated his laptop years ago and inspected the stolen files. His mission was to make sure that nothing of importance had been stolen. After verifying this, he put a secret message in one of RaT's files. This message was of course hashed, but was a short and simple phrase to let RaT know that nothing of value had been stolen.

Part 4 - Your Mission

During the password cracking competition at Defcon, MKv4 was sniffing the network traffic and happened to nab a stream of cisc0ninja's files being transferred. He has now disseminated these files for the community to decipher and get to the bottom of (NOTE: recovered.rar does not contain a pcap file, it contains the transferred data that MKv4 reconstructed from the network dump). Your mission is simple - go through the maze of cryptography and steganography to recover the original files and determine the secret message. For an added bonus, use the message and the history of SX to figure out who infiltrated cisc0ninja's laptop.

MISSION DIRECTIVES:
Mission 1: Decipher the stream of data (identify cisc0ninja's stash)
Mission 2: Break into cisc0ninja's stash
Mission 3: Break into RaT's stash
Mission 4: Find the hidden message and crack it
Mission 5: Discover who left the message based on its contents

HINTS:
Mission 1: The stream of data should yield two files. cisc0ninja's stash is not an mp3 file. The md5 hashes (to check your work) should be 62b7f5c4ffb1e3924af9348b1f6f3016 and f805668e2e0e7e536b35a00d6626975b - Added on 10-02-2011.

You can get the files at the bottom of this page or by clicking here. NOTE: If you don't have an account on the site (needed to access files from soldierx.com), then you can get them at http://www.megafileupload.com/26628/recovered.rar. If you complete any of the mission directives, please contact RaT and let him know. Your name and date will be posted on this page. Whoever completes the most missions wins the contest.

Mission 1 Completions:

Handle: Date:
IceBerg 10-02-2011
-LEX- 10-02-2011
EverestX 10-03-2011
jip 12-05-2011
ysje 12-14-2011

Mission 2 Completions:

Handle: Date:
jip 12-11-2011

Mission 3 Completions:

Handle: Date:
jip 12-12-2011

Mission 4 Completions:

Handle: Date:
jip 12-15-2011

Mission 5 Completions:

Handle: Date:
jip 12-16-2011