London BSides 2016 Logo challenge

So, London BSides Logo challenge...

The Brief:

" Logos should be unique, original, should not infringe copyrighted, and demonstrate the creativity and talent of our community.

*I submitted something last year it was ... Okay but a better design was chosen, This year I thought i'll do my best to not let that happen again." *

I didn't get selected -_- haha,

anyway i think it's worth showing you guys how i interpreted the brief and take you on a little journey

My 2016 Design:


Pretty cool right? looks a bit tech but also has a nice ... whatever I like it.

Some of you may think, cool design bro, and get on with your life ... and other's will know... that's a sneaky QR Code in that graphic !

Step One

Scan the QR Code, this will give you a URL address.


Accessing the 'onion address'
(Hint: it's on the DarkNet UnderNet DeepWeb Tor Network )

Step Two

Take a copy of the index.html page, it has everything you need within the page.

Step Three

Inspect the source code, take notes of things that might be useful.

Step Four

Save that cat.
save the image as coolcat.gif there are a number of ways to do this so i'll let you find your own way, visual or command line.

Step Five

open the cat up.
depending on how you have explored the coolcat.gif file you may have noticed signatures of a zip file within it's self, cool let's extract the zip: unzip coolcat.gif

Step Six

once you have unzipped the coolcat.gif you will notice an extracted file called toreachthisyoupassthepasswordby.enc you have an encrypted file.

Using your cool hacker derp brain you can enumerate possible passwords and assistance from the index.html have a look in the code and you will identify the crypto in use and also the password is in that page too, hopefully there was enough hints.

openssl enc -aes-256-cbc -d -in toreachthisyoupassthepasswordby.enc > didiwin.txt (enter password)

When done correctly the contents of the piped output didiwin.txt will say the following:

YOU ARE A WINNER: Why did the computer go to the Doctor?
because it had a security problem that megahertz ... MEGAHERTZ ...

You're welcome.

= = =

WINCODE: 42448-1

well done.

Topics we touch on in this challenge:

  • Alternative URL vectors
  • .onion networks
  • Checking out the source
  • Base64 Encoding and decoding
  • Steganography
  • Cryptography, Encryption & Decryption
  • Space Cats & Bad Jokes