Disclosure 2019 Scavenger Hunt

Peter Kacherginsky
Nov 19 · 4 min read

On November 5th, 2019 I had a great experience attending a new conference in the Bay Area called Disclosure. Even though this was its first year, Disclosure gathered an amazing speaker line up including Katie Moussouris, Dan Kaminsky, Jennifer Granick, Juan Andres Guerrero-Saade and many others.

Disclosure 2019 hallways

The conference reserved a beautiful venue at Westin St. Francis hotel with a single large ballroom for the talks. The hallways leading to the event were lit up in a futuristic purple light with a number of posters with various ciphers for the scavenger hunt competition:

Disclosure 2019 Scavenger Hunt

In this writeup I will share my notes on solving the scavenger hunt. If you are interested in solving these challenges yourself, then please stop reading now.

Barcodes

The first piece of data that I decided to solve were the repeating barcodes spread around most of the posters. The particular format is called Databar Expanded and contains ASCII characters. Fixing up the colors and removing the background graphics, I was able to decode two messages:

It was not clear how these would be useful for the rest of the scavenger hunt, so I stopped there.

QR Codes

Several of the posters featured QR codes of two kinds. One of them simply pointed to a Wikipedia article on Guy Fawkes. The second QR code pointed to https://rememberremember.me/ with a strange message.

Disclosure 2019: https://rememberremember.me/

After a bit of research, the cipher turned out to be Bacon’s cipher from 1605 which encodes letters of the alphabet into a series of letters A and B. It can be decoded using an online decoder from Cryptii:

Disclosure 2019: Bacon’s Cipher

The plaintext pointed to yet another website https://gunpowdertreason.com which contained a large block of numbers:

Disclosure 2019: https://gunpowdertreason.com

After experimenting with various algorithms and following the tip provided during the closing ceremony, the above turned out to be Nihilist cipher which can be decoded with the password “remember”:

Disclosure 2019: Nihilist Cipher

The decoded text is yet another artifact from the Guy Fawkes Night of November 5th, 1605 although the cipher itself would be used much later in the 1880s Tsarist Russia.

Hex Codes

The last piece of scavenger hunt were large blobs of hexadecimal blobs which were actually ASCII codes corresponding to the following unique cipher texts:

spoub dfiqp epvno desrt bqgqh ktdad linesrt bqgqh ktdad line

xmeup seugr xjyrp atcvw ytrth jouvy spjbz ochdf yspbg tiejg nlkkb rndrv hqcxv yxqrp pxpld nugvh zlkdv xzqwh npc

alnpc zuypp ilyii qwdvh jmymi utleh sfvzm d

xmbuv zmipj rqxpp

iprzv nuupp mjkdv gehve bcvux sljvi eicqs cgzpp ormie dhdhn tlfht srlgf wlofu ujwzi rhyhr eyfiz shet

hjtpv ptnhc izbpp jourx pxnbh rdnig

I’ve tried a few approaches to crack these, but no luck. Leaving it here in case you want to tackle them.

References

Peter Kacherginsky

Written by

Cryptocurrency, Malware Analysis, Incident Response, Pentesting, BlockThreat.net

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade