Mission #25

Discussion in 'Missions Center' started by crux, Mar 4, 2016.

  1. Snarkk

    Snarkk Active Agent

    I really need help for this case, that's the hardest I've tried. I'm stuck, not so far from the answer I think but right now I'm becoming a little bit crazy.

    I know it's a rolling XOR-based cypher.

    I first transcript the HEX to binary, then with ASCII tables I transcript my binary to what I assume to be the key.

    For example, the first part of the data is HEX 73 : in binary I have 01110011. So I took the bin before this one and got 01110010 => I choose this one as a key and get 00000001. Which is pure non-sense for me.

    I've tried different orders (n+1 or n-1 for the key), still with absurd results.

    I've tried different transcriptions, BIN, HEX, Unicode... but I never had a nice plaintext box.

    I've used several websites like asciitohex; r12a.github.io/uniview/ ; darkfader.net/toolbox/convert/ but I still don't get it...

    Can I have a huge nudge here or by PM please ? Also I have to notice that english is not my native language.
  2. berzerk0

    berzerk0 Active Agent

    @Snarkk, if you're having trouble still, shoot me a PM and I can help you out.
  3. Snarkk

    Snarkk Active Agent

    Thanks for your quick answer. I'm already on your own nudges. I'll keep that way a bit more, but if I'm still stuck I'll be glad to talk about this with you.

    EDIT : And it's doooooooooooooooone ! Woah ! The hardest case in my short carreer with the Black Watchmen.

    Many, many thanks to all the agents who shared their nudges about this case. I have few things to add for future desperate agents.

    * outsidebox.png

    * if you're still stuck on what kind of encryption is in front of you, remember that you're starting from a Malware.

    * read carefully previous nudges, the ones from @berzerk0 are very complete

    * take a moment to watch several times @codex-13's schema. It breaks the case for me, but i first had to internalize it.

    *Some letters missing ? Or some agents missing letters ?


    That's all, you REALLY have everything sent by the agency and here to complete the mission, trust me. Good luck to future agents, I need a short pause before mission 26. :)
    Last edited: Aug 7, 2017
  4. Rohzek

    Rohzek Active Agent

    This one (25.2) really confused me and my girlfriend as well. We were stuck on it for longer than I'd like to admit, but we eventually got it.

    The post by codex-13 is it 100%, but I figured I'd help a little more than that, as well, if anyone wants it.

    Rather than calculating it by hand, I wrote a short bit of code in Java to do it for me. I'm not going to give you the answer, but if you want to use the code to visualize the calculations, or want to run it yourself, here it is:
    public class XOR
        * Outputs one bitstring at a time
        public static String xorDecrypt(String input, String key) 
            String output = "";
            for(int i = 0; i < input.length(); i++) 
                char eval = input.charAt(i), keyval = key.charAt(i);
                if(eval == keyval)
                    output += "0";
                    output += "1";
            return output;
    public class Main
        static String[] binary = 
            //Input your bit strings here
        static ArrayList<String> output = new ArrayList<String>();
        public static void main(String[] args)
            for(int i = (binary.length - 1); i > 0; i--)
                output.add(XOR.xorDecrypt(binary[i], binary[i-1]));
            for(String out : output)
                System.out.print(out + " ");
    It takes byte strings in, and puts them back out, so you'll need to convert the hex to binary, and then the binary it outputs, back to ascii
    codex-13 and raul_ct like this.
  5. raul_ct

    raul_ct Moderator

    Dude, you went to the next level
  6. Halokrauser

    Halokrauser Active Agent

    Okay, I'm stuck on 25.2 myself.

    I found the IP address, but the first word I'm confused about. I decrpyted the whole thing, but if et means @, the letters don't fill in. I'm short a couple letters of the answer.
  7. berzerk0

    berzerk0 Active Agent

    @Halokrauser - you are very close, the same thing happened to me a few times.

    You are missing the first letter. This is due to a quirk of the encryption method.
    Make sure you read it carefully from the SANS guide about this version of the malware (it is the first version)

    Esoteric Hint about this encryption method:
    Ouroboros cannot bite his own head.
  8. Halokrauser

    Halokrauser Active Agent

    Oh, of course.
    Finally done. Took me almost an hour.
  9. Loki Martin Farbaute

    Loki Martin Farbaute Active Agent

    I'm completely lost here even with all the hints, I know that the report is in heexadecimal, converting them makes no sense whatsoever:


    So I have no idea what to do, a PM or any other help would be appreciated
  10. misstriggermortiss

    misstriggermortiss New Agent

    I cannot figure out what to do now. I am throwing in the towel.
  11. Rohzek

    Rohzek Active Agent

    What has you stuck?
  12. berzerk0

    berzerk0 Active Agent

    @misstriggermortiss at what stage are you stuck?
    If the other hints in this post haven't helped, start a convo with me
  13. HapexIndustries

    HapexIndustries New Agent

    Like some others I am totally stumped by decoding the message. If anyone can help please PM me.

    EDIT: Got it with the help of fathamburger on discord, its simpler than it appears, I swear.
    Last edited: May 15, 2018
  14. Rohzek

    Rohzek Active Agent

    Hey guys, so last December I posted a hint for 25.2 and now today, I have a bit more of an iteration on the same hint.

    So I asked the mods if they thought it was appropriate, given how effective of a hint it is...
    It seems most of the mods agree it's okay.


    I've took the java code that I wrote in December and polished it up a lot, made it a runnable jar file, and added a GUI. This can both encode and decode using the Rolling XOR technique, and displays the output in both the encrypted and unencrypted/decrypted binary and hex so that you can look at them side by side, and hopefully better understand how the algorithm works, along with codex-13's picture.

    The GUI:

    Here's the link to the project page, if you want to see the code, too. And the runnable jar can be found under the releases. It was written with Java 8 in mind, and it seems Java 10 won't work correctly. (a friend of mine couldn't get it to work on Java 10)
    codex-13 likes this.
  15. codex-13

    codex-13 Senior Agent

    Your project is SUPER COOL. I think it's awesome. Just a note though, your image links are broken!
  16. Rohzek

    Rohzek Active Agent

    Thanks :)
    I see that. I have no idea why imgur decided to drop it. I'll get it changed as soon as I can. (It's currently blocking my change for being "spam-like")
  17. FlatDevice

    FlatDevice New Agent

    Update: Nevermind, got it. No one responded but I managed to get the answer.


    So I've been slowly making my way through this game for a while; I'm no great puzzle mastermind and this one ("Encrypted Traffic", plaintext message from traffic logs) is beyond me. It makes my eyes cross and my brain stop; I'm at the point where I just want the answer to get past it -- and I won't feel bad about it either because I've got no ego about this kind of thing and I'm absolutely ticked off, lol. Would someone kindly PM me with the answer? I've really had it.
    Last edited: Jun 14, 2019
  18. An4chr0n

    An4chr0n New Agent

    Petry likes this.
  19. Petry

    Petry Active Agent

    Big thanks ! I was having troubles trying to find that freaking paper. It doesn't help that apparently they recently release a new one in 2021. After reading that, it all made sense :D
  20. Termi

    Termi Active Agent

    I am still stuck at 25.2.

    I know the enryption, i converted the hex to bin, i read the paper. It seems i am too dumb for this. xD
    I tried out the first byte as the First key and go on from there, but i just get funny results.
    Maybe someone can help me here or via pm?
    Thanks in advance!

Share This Page