CTF

A Challenge Coin of a different type

A Challenge Coin of a different type
Australian Signals Directorate 75th Anniversary 50 cent coin

On the 1st of September 2022, the Australian Signals Directorate celebrated its 75 years of service by releasing a 50 cent coin. This coin was limited in production to only 50,000 units and will not be circulated selling out online in around 12 hours. Both ASD cryptographic experts and the Royal Australian Mint collaborated to design a unique coin and enigmatic code.

Serving as both a fun challenge, and job resume of sorts, challenge coins are generally given after completing a tough activity but in this case, the coin is given first and as the challenge. Luckily, I was able to score 2 coins after several hours of trying. Whilst I wait for them to arrive, I decided to dive right in to attempting to break the code.

Generally with layers of code we look for an easy entry point, this can come in multiple forms, sometimes plain text (text that is easy to understand by a human in its form), easy to decipher cipher text (text that has been obfuscated to hide the plain text), or short cipher text that is easily cracked. Spoiler: In this case it was a combination of all three.

Before I jump too far ahead, let's start by analyzing the face of the coin. We have two strings of text in a ring formation around the front, the outer ring follows common English word structures (letters don't repeat more than twice side by side and has 2 dots which could be periods). There are 3 different shadings on the characters but not much of a hint to their meaning at this point. At this early stage we could try a common ciphering technique such as ROT13 where you shift each position of the alphabetic characters by 13 positions. For instance if we take the plain text phrase "Nerd Next Door" and encrypt it with a ROT13 cipher, we get the cipher text of "Areq Arkg Qbbe". There are many variations of these types of ciphers so let's move on for now.

At first glance of the inner ring we can see there are three repeating E's at the 7 o'clock position meaning it does not follow accepted English word structures although, there may be a space in the plaintext. We can ascertain that this string will not use a basic rotational cipher and will likely use a cipher that is either dependent on the position of the character in the string, each character will be affected by the previous character, or the string needs to be interpreted in a format not generally accepted in the English language (not left to right, top to bottom). We also can see that there are 2 colourings to the letters and contains a small icon in the 6 o'clock position. Upon some research, we find that this icon is a visual design language created by Cre8ive spelling out "ASD" and likely not part of the challenge. This too is probably not our entry point.

The last cipher text blob on the front is easily identifiable as hexadecimal. Also known as base16 and hex, it is a counting system with 16 single characters, 0123456789ABCDEF. This is quite a large piece, without knowing if the layout means anything and requiring a large amount the time needed to transcribe and convert, we can put this on the back burner.

With the rest of the face being in plain text, we can move on to the rear. The shortest potential plain text is a "JC" on the late Queen Elizabeth's shoulder. With a little OSINT, we can see that this is the designer's mark. JC's mark starting appearing on 50 cent coins in 2019 and we can likely ignore this as a red herring for now.

Finally, we can see some braille under certain characters on the standard issue text around the outside. This is short (6 characters), easy to decipher (only one method) and for some people may be considered plain text (interpreted without translation, decrypting or decoding). Converting these braille characters to English, they spell out CBFAED which doesn't mean much yet but taking the characters above them in to consideration, we get C=B, B=T, F=H, A=A, E=S, D=A using the braille as the key and the plaintext as the value in these pairings. This doesn't mean much to me but the letters are A-F, sorting them alphabetically we find that the values spell out:

ATBASH

Success, the first flag! Atbash is a cipher that takes the plain text alphabet (A to Z) and reverses it (Z to A) during encoding. Using the plain text string "Nerd Next Door" and encoding it with atbash, we get the cipher text "Mviw Mvcg Wlli".

At this point we speculate that the outer ring text is the best candidate for this hint to be applied to due to this cipher being rotational. Once applied, we get the plain text string of:

WE ARE AUDACIOUS IN CONCEPT AND METICULOUS IN EXECUTION. FIND CLARITY IN 7 WIDTH X 5 DEPTH.

Two flags down, two to go! We find that the first sentence in the string is part of the ASD's core values and not likely to help in the next flag. With no clear way to extract the word "clarity" from any other cipher text on the coin, we can focus on the "7 width x 5 depth" hint.

Knowing that the inner ring cipher text doesn't follow standard English word or sentence structure, a likely candidate is a box cipher which is commonly read top to bottom, left to right. With the aforementioned hint we can take the 70 character string and split it in to 7 characters wide but we end up with a depth of 10. Trying 5 depth, we end up with a box 14 characters wide. Neither fit both parts of the hint and aren't outputting plain text, we decide to split both candidates in to two separate boxes. After deciphering both boxes in each candidates, we can determine that the correct format (originally 7 wide by 10 depth split after the 5 depth) is as follows:

BGOAMVO
EIATSIR
LNGTTNE
OGRERGX
NTEAIFC

ECAIEOA
LEKFNR5
LWEFCHD
EEAEEE7
NMDRXX5

After deciphering and formatting, we find a core value statement followed by a short hint in the third plain text flag of:

BELONGING TO A GREAT TEAM STRIVING FOR EXCELLENCE WE MAKE DIFFERENCE XOR HEX A5D75

With a fresh hint in hand, we can be very confident that it is time to use the hexadecimal blob on the face. XOR is short for "exclusive or", this is a logical operation that is true if and only if its arguments differ. To apply this to hex, it is converted to binary (base2) which only as two characters, 0 and 1. As an example, if we take 2 base2 characters and compare them, a 0 + 1 or a 1 + 0 will equal a 1 and a 0 + 0 or a 1 + 1 equals 0.

With XOR cipher text, the encryption key length can be estimated. Applying a key length analysis (in whole bytes) to the hex blob, we can determine that the key is likely repeating at at a 5, 10 or 15 byte interval. In the hint we received some hex, "A5D75". Knowing that 8 bits = 2 nibbles = 1 byte, this is only 2.5 bytes in length. First, lets try make this a 5 byte key by repeating it like so "A5D75A5D75". Bingo, we have our fourth flag!

For 75 years the Australian Signals Directorate has brought together people with the skills, adaptability and imagination to operate in the slim area between the difficult and the impossible.

But wait, there's more, a bonus flag (spoiler: or two)! With no more discernible cipher text and the plain text it may be time to try tackle the shading in the rings of the coin face. After some thinking, I started researching typeface ciphers that take variations in colour, bolding, italics, underlining or other variations in the way that characters are presented in strings of text. After some tinkering, we are still very much at stage one. Whilst the four main flags only took a couple of hours, the bonus flags took a lot longer but upon finding a very high resolution image on the royal Australian Mint's website, the shading on the characters became a bit more obvious.

Zooming right in on the characters, most are shiny faced but the variations appear to knurled or dotted and lined or dashes. Aha! Dots and dashes, it's Morse code (also known at base3 since the 3 available characters are space, dot and dash). The character mapping format isn't initially obvious due to the the dotted, dashed and blank character not producing a legible plain text output. With some testing and minor formatting (removing the double space at 12 o'clock) we get the cipher text:

.---- ----. ....- --... -.. ... -... .- .-.. -... . .-. - .--. .- .-. -.-

Converting to plain text we get a flag showing the the year of inception, the first abbreviation it went by (DSB, Defence Signals Bureau), and an early headquarters location. The first bonus flag;

1947DSBALBERTPARK

We are still left with the inner ring but this time, there are only 2 variations, assuming that since the out ring was base3 then this ring may be base2 (also known as binary). As we found earlier, the inner ring has 70 characters. Normally to display text we dissected it in to 8 bit or 1 byte segments. With some formatting we find adding that a leading 0 to each byte like so

01000001 01010011 01000100 01000011 01100010 01110010 00110010 00110000 00110010 00110010

will make this legible. Running it through the Internet's favourite cyber tool (CyberChef), we get a flag showing that ASD is celebrating (Cbr) in the year 2022 (its 75th anniversary):

ASDCbr2022

So that's it, we found all the flags and bonus flags that we can. Whilst the news reports a 14 year old solved it in 2 hours and it may have taken a little more than a weekend for me to do, it was an exciting and different challenge the likes of which I haven't come across before.

No spam, just cyber.