This doesn't even mention there was an entire newspaper filled with misdirection (Themela, Enigma machines, Mad Hatter, They Live, chromosomes...) or the Shavian text on the badges (all quotes from Buckaroo Banzai I believe). 1o57 even wore a Buckaroo Banzai shirt...gah.

Edit: Also, "Howdaddyisdoing" is an anagram for "Why did I add goons" which seemed very suggestive.

I believe the newspaper was filled with clues for the DCDarknet challenge. That one was pretty rough, I wasted a few hours on it before 1o57 confirmed it wasn't part of his challenge.

Wow, it just kept going and going. I've done scavenger hunts like this, but easier and short, and I still didn't finish before declaring myself too exhausted to continue.

I wonder what the reason was for not giving the message found on the wooden skull?

e xmdiq v33x uxe eox fsvcn?

On a serious note, great post, it was a great read!

That sounds crazy fun. I am in awe both of your tracking down the solution and the work 1o57 put into setting it up!

1o57 never fails to impress. everyone who attends DEFCON should head down to the 1057 room for at least a little bit each con. there are a ton of people working together to solve the puzzles!

I'm confused by the "WFST HDXE HGY BNK BAWH QJG PSOR WNFATG IDDW OQUHVNKINGCY GQG CTUK." vigenere cipher.

if decoded with "LASTORY", i get "lfaatmzthofnwmqaeocsieswyiwhptoppmydqcohwmxnojkpsvcbbw."

how did they come up with "WELL DONE GET THE BLUE KEY PASS PHRASE FROM OPPENHEIMERS BIG BANG."

http://www.cs.du.edu/~snarayan/crypt/vigenere.html

Try http://rumkin.com/tools/cipher/vigenere-keyed.php and enter LASTORY as both alphabet key and passphrase!

thanks!

using "LASTORYBCDEFGHIJKMNPQUVWXZ" as alphabet yields "xkaajeskmkddnkhavkqkgtbcctnfbcklferettksnkorkfchomhbsm."

Windows XP? Curious to know if there's a hackery reason behind that or just personal preference.

My guess is its most likely a burner laptop for use during the conference.

Burner everything: laptop, phone, clothes. There's not as much black hat activity at DEFCON as most people think, but it's not worth the risk.

There's not a lot of black hat activity, but there's plenty of good- to neutral-natured messing about. The "Wall of Sheep" is a great example; if you send something that looks like a username/password on the public wifi, someone will put it up on a big display (though they'll obscure some of the password field) along with the other 'sheep'. Not "black hat" but definitely not the kind of thing you want on a real account.

As for burner clothes, the only thing I've ever heard is to not wear company-branded clothes - wearing an obvious Google t-shirt is a great way to attract attention you may not want.

Speaking of which, I've long wondered how hard it would be to make the wall of sheep display ASCII art or something by letting it sniff bogus credentials....

A human reviews every submission before it goes on the wall. We might notice; we might not. ;)

The idea is out there now. Might have to be more vigilant :)

that's just crazy. totally wild. well done solving all those challenges! great storytelling in your blog too.

He lost me at "room keys". WTH are those? I didn't get a DEF CON room key.

I think you got a room key if you stayed at the conference hotel(s) and ordered as part of the conference block.

Paris gave them out, at least. The hotel deal was offered on the site, and it was decent. Average $120/night?

Paris, Ballys, Ceasars and I think Flamingo had them, at least.

Yeah, Flamingo had them. Cost $69/night for two beds, so not bad.

I really wanted one, but was one hotel off. Hopefully next time.

I stayed at Bally's. We just got normal Bally's room keys. Maybe we arrived too early (Tuesday)?

The date probably explains it. You could probably just ask for one from the desk on Thursday in the future.

This part of the puzzle implemented one of the badge challenge's secondary goals: getting you to go talk to people.

You had to ask for one, but they were also selling them in packs at the store

Hahaha, I had so much fun reading along. One day I'll solve the bad challenge before you guys, and post something similar. One day. Until then, I'll just work to the point where I can afford to hit a Defcon :D

Thanks for posting this!

it's $250 to get in and if you're on the continent ( US/Mex/Can ) there are plenty of road trippers and communal 6 people rooms it can happen.

I live in Pakistan. Add the ~$1,300 round-trip ticket price on top. But like I said, i'll get there eventually!

$230 for DC23.

How long did this take your to solve? Impressive for sure.

We started Wednesday night and finished Saturday morning (3-4AM ish)

Careful. Now the NSA will be looking to hire you.

D:

Congratulations!

I'm always curious; what drives you to do these challenges? It is the competition? The collaboration? The general enjoyment of solving puzzles?

All of it to some extent, I think the 3rd aspect the most (enjoyment of solving puzzles).

Similar puzzle hunts are very popular in Czech Republic (https://cs.wikipedia.org/wiki/%C5%A0ifrovac%C3%AD_hra) since around 2000; traditionally, there is a path of multiple locations (~15) and several kilometers (~20) that you have to get through, and they happen over night during about 20 hours.

I am going to one in 14 days and I certainly look forward to it! I think there is other factor that drives us - breaking the routine. Similar to hackathons, these happen overnight and are designed to stress you a little as you have to focus, which I think is a nice break from your day-to-day life.

You can pick your 3 letter agency if you win

While exaggerative, I agree. Some organizations value attending and winning competitions like this one.

There is no prize as such, right?

This looks awesome, one day I will need to attend just to participate in these challenges! Side question: Why are there two step_11's?

this is so crazy. congrats

My head hurts! Well done!

Off topic: anyone seen any write-ups of the various CTFs?