Please ask questions ONLY in this topic.

[tuseroni]

>.>
not sure imma get this one...

[XORMeBaby]

>.>
not sure imma get this one...

Thanks for letting us know. We will change it immediately to make it easier for you...

What exactly were your intentions in posting that?

[LGdrummer]

whoo, just finished this mission by decrypting it MANUALLY. took forever, but got it

[supercalifrag]

Ok,

So I managed to figure out how the string and pass number operate in order to produce the output numbers. I have that covered. But that in no way indicates the ACTUAL relationship between the pass number (that is, the total produced by any given number of character) and the ACTUAL encrypted text.

It would be very easy for me to go online and get the password figure but I ain't doin it.

How in God's name am I therefore to guess at a character combination in the millions?!?!

My guess is that the overwhelming majority who passed this mission did so by cheating - going online and just following a set of clear instructions based on fore knowledge of the pass.

My question is therefore aimed at those who did NOT cheat.

So just because I know how the pass and encryption interact (the algorithm) how does that even remotely allow me to decypher the encrypted text without the pass? Without a specific value the combinations which represent actual decyphered characters are just meaningless cominations...clearly that's the point.

So without any way to crack the pass (there is no hash to work from etc) what the frig do I do next?!?!

[fashizzlepop]

What are the most popular letters in English writing?

[akunochi]

Something to note if you are not a solid programmer.

Think about a program you have pre-installed on your Box and probably every other box on the planet that can use mathematical formulas/functions. Then if you understand the way the encryption algorithm works and have a solid understanding of the ASCII table you should be able to figure out how construct the tables to view all possibilities via formulas to find not only the passkey value, but also have the message decoded for you.

If someone has already beaten this mission and would like to know more about the method I'm talking about feel free to Pm me.

aku

-- Fri Oct 22, 2010 4:28 pm --

Ok,

So I managed to figure out how the string and pass number operate in order to produce the output numbers. I have that covered. But that in no way indicates the ACTUAL relationship between the pass number (that is, the total produced by any given number of character) and the ACTUAL encrypted text.

It would be very easy for me to go online and get the password figure but I ain't doin it.

How in God's name am I therefore to guess at a character combination in the millions?!?!

My guess is that the overwhelming majority who passed this mission did so by cheating - going online and just following a set of clear instructions based on fore knowledge of the pass.

My question is therefore aimed at those who did NOT cheat.

So just because I know how the pass and encryption interact (the algorithm) how does that even remotely allow me to decypher the encrypted text without the pass? Without a specific value the combinations which represent actual decyphered characters are just meaningless cominations...clearly that's the point.

So without any way to crack the pass (there is no hash to work from etc) what the frig do I do next?!?!

Ok so you understand that every * numbers for a ASCII value minus the passkey.

So which of these possible combinations present would have the lowest value? Now how would you go about viewing EVERY possibility out there for the values left? This hopefully puts you back on the right track along with the other info here.

[Nevertoold]

Just finished this one. Took along time. Did learn alot about excel , and macros in word.

[fulf]

I've finally done it. Now a sudden urge of me creating the actual encrypter and decrypter has been born. The only thing I would like to know about is how to automatically figure out the password? (I decrypted the text without password and through binary search [done by me, not the PC] I got the password....you can say it was trial and error / brute force)

I just need an ideea. Also for the encrypter...I saw that it randomly generates numbers...is there a better way to do it besides
x=random,y=random,z=ascii-(x+y) ?

Thanks,
Fulf.

[fashizzlepop]

I've finally done it. Now a sudden urge of me creating the actual encrypter and decrypter has been born. The only thing I would like to know about is how to automatically figure out the password? (I decrypted the text without password and through binary search [done by me, not the PC] I got the password....you can say it was trial and error / brute force)

Write a program to do it how you did it by hand...?

I just need an ideea. Also for the encrypter...I saw that it randomly generates numbers...is there a better way to do it besides
x=random,y=random,z=ascii-(x+y) ?

Thanks,
Fulf.

Try it yourself. Trial and error.

[Nathalos]

Spoiler-free hint sequence. (Mods: if this is too spoilery, feel free to delete, but please let me know which part is spoilery so I can post a corrected version. I'm posting it here so people have some help working through the challenge on their own rather than downloading a solution like a script kiddie - because it's just too easy and tempting to take that shortcut on this particular challenge.)

1. There's a free program currently released by Oracle Corp. (bastards) that can help you with this mission. Either that, or you can use the expensive program sold by their competitor (even bigger bastards, though YMMV). Hint: in the Windows and (I think) Mac versions, both programs have green icons. Hell, I think some other people posted the name of the expensive program already. I used the free one, and it worked like a charm.
2. Google XEcryption. Learn how it works.
3. Copy the encrypted file into your favourite text editor, and turn it into a CSV (google CSVs). The method for doing this should be stupidly obvious.
4. Your CSV now has the wrong number of columns. From what you know about XEcryption, how many columns should it have so that each row corresponds to one letter? Rearrange the line breaks so it has the right number of columns. (Search and Replace can make your life a bit easier here, but this is still the most mind-numbingly boring part of the procedure unless you are using emacs or some similarly high-octane editor.)
5. Now you can load your CSV into the Oracle Program (or equivalent) and get a nice table of numbers. The next step is to turn each row of numbers into 1 number. Knowing what we know about XEcryption and the Oracle Program, how do we do this? (Hint: you don't have to be a hacker to know about that function - even accountants know about it.)
6. We now have a nice column of numbers, each corresponding to a single letter or other character (remember that e-mails usually include spaces and line breaks). The usual way to crack an encrypted message like this is to figure out what the most common character is. Which number appears the most times in your series? Remember that number. (You can use the Oracle Program to help you find it and record it.)
7. Our next task is to figure out which character that number corresponds to. According to XEcryption, each number in our column is equal to the sum of two numbers: one is the password-sum, and the other is a number corresponding to a single character in the e-mail. If we can figure out which character our magic number corresponds to, we can retrieve the password-sum without knowing the password, and decode the whole message!
8. But before that, we need to figure out which character our magic number represents. Forget about the password-sum for a moment: what is the code that is used in XEcryption to convert numbers into characters and vice versa? (Hint: it's an American code.) Learn about that code, if you don't already know, and Google up a table which shows it. Some of these tables have 2 pages; you want page 1, since page 2 has gibberish characters and no letters, numbers or other stuff which usually appears in an e-mail. Notice that the numbers which correspond to letters, spaces, etc. are within a certain range.
9. Next question to ask yourself: what are the most common characters in the e-mail likely to be? Find them in the table you Googled up, and then find their corresponding code numbers in the same table. (I used three different common characters for my attempt. Note that characters are not necessarily alphanumeric!)
10. Now we can try to guess the password-sum. But here's an additional step that will help you to guess it: find the largest and smallest numbers in your list of encrypted numbers (in the Oracle Program).
11. At this point we have: the largest and smallest numbers in our list of encrypted numbers, the most common number in our list of encrypted numbers, and the numbers corresponding to the 3 most common characters which would likely appear in the message. Now let's try to guess the password-sum. Bearing in mind the way that XEcryption works, there are 3 possible candidates for our password-sum (possibly more or less, if you decided to use more or less than 3 common characters). Figure out what they are.
12. For each of these candidate numbers, try and figure out what characters the largest and smallest numbers would correspond to if that candidate really was the password-sum. Are the characters even in that table you Googled up? After this step, I was left with only one candidate - in other words I knew the password-sum. The other ones simply didn't make sense.
(If none of your candidate numbers make sense, the most likely explanation is that you failed to guess what the most common character in the e-mail was. Try again - it's not that hard to guess.)
13. Now you can use the Oracle Program to figure out the actual numbers. The procedure is not too different from what you did in step 5. The next thing is to turn this column of numbers into letters. We could do this manually, but that would take ages, so:
14. The Oracle Program has a function that can help us here. Think about this for a moment: there is another number format which is also listed on the table you Googled up. Use the Oracle Program to convert the numbers to that format, because it's pretty easy to find a converter that will convert the numbers from that format into characters - the text of the (previously) encrypted e-mail.
15. Google up a converter that will do the grunt work for you - after all, you don't want to manually decode 600+ numbers by staring at a table. Copy the numbers from the Oracle Program and paste them into the converter.
16. Voila, you have the e-mail... but wait, something's not right. There are a couple of garbage characters in there, because the converter isn't perfect (or your computer's OS isn't perfect). What could those characters be? Well, taking into account the position of those characters in the e-mail, they must correspond to a very specific sort of character. Remember that most of the keys you use when typing on your keyboard - not just the letters, numbers and punctuation - each correspond to a character, and replace those garbage characters with the ones which should go there.
17. Use the HTS message system to send the now-corrected e-mail to our friend ToxiCo_Watch, and that's all she wrote.

Hope those of you who are having trouble find this helpful.