More t2'09 Challenge Hints Will Be Published On Friday

Many people have pointed out that there are way too many things that can be done with time and all of you are right. As the purpose of the Challenge is to be entertaining rather than annoying we will publish more hints on Friday morning 10:00 EEST (GMT +03:00).

Please be active and comment to this post how much information you would like to get on Friday. Currently we are thinking of releasing the pseudo-code for calculating the key.

12 thoughts on “More t2'09 Challenge Hints Will Be Published On Friday”

  1. Hello,

    I’ve hesitated many times before, to post a comment regarding the challenge. The hint was taken into consideration that the time is the key to decoding the packet. I’ve spent a lot of time on trying to get a relation between the time of the whole dump, each packet alone and sometimes the difference between conjunctive packets or inter-related packets. But, this also creates a problem about how the time is being used. Knowing that the whole dump was done in the same minute, we’re talking here about seconds and milliseconds. Anyways, what I would like to know also is a hint regarding the decoding phase, ’cause that is a problem for me so far. Unless the famous XOR method is used, which is what I thought about at first, beside RC4 too. Thanks for the challenge anyways, it’s still nice to push one’s own limit.


  2. I would vote against releasing the full pseudocode… but that’s mainly because I won’t have a chance to try the challenge properly until this weekend 😉

  3. I lost interest after some hours because the pcap had so little data to make cryptoanalysis from. I was guessing you have some key stream generator function; and “guessing” it right is hard.

    Additional / alternative hints:
    1. more pcap data (we get more data to see how our “algorithm guess” works; we see if the cipher text or plain-text “candidates” have common characteristics)
    2. beginning of plain text (we can attack against the key stream generator; now we have to guess same time both: the key stream and what the plain-text should look like)
    3. if it’s cbc or cfb style stream cipher, the block size or “how many bytes back the chaining happens” would be useful. though there some good guesses based on the pcap data (especially if there’s more pcap data)

  4. Hello,

    I’m in favor of giving some insightful hints and not an easy solution for the challenge. so I assume the author will give out better hint(s) on Friday. Good luck for everyone!


  5. I think releasing the length of the key would be enough at this point. It would also be nice to know if the key is dependent on date as well (on second thought, I guess the date in the pcap is something we really cannot rely on). Currently there is just too many time- and/or dateformats to choose between.

  6. Will you publish the hints anyway if someone solves phase 1 before Friday? Hopefully not ;-).

  7. As Stuben said there ‘re several times information (between packets, icmp contents, …)
    I manage to decode the first part of the obfuscated data but I doesn’t find the key variation related to the time.
    Back to work…

    Echo Test 😉

  8. I XORed DATA(Packet 17) with DATA(Packet 8) and thought about some shellcode to generate EMail ID like Conficker/Downadup but further i am not able to use Time value .

  9. How about a re-send of packet 6 with a 13 byte data payload (instead of 9 bytes as it is now) and the server response for that? Or something not so obvious in the same spirit.

    Full disclosure of the pseudocode would feel like overkill. You could try that if nobody reaches phase 2 even with the first hint.

Comments are closed.