On November 5th, 2019 I had a great experience attending a new conference in the Bay Area called Disclosure. Even though this was its first year, Disclosure gathered an amazing speaker line up including Katie Moussouris, Dan Kaminsky, Jennifer Granick, Juan Andres Guerrero-Saade and many others.
The conference reserved a beautiful venue at Westin St. Francis hotel with a single large ballroom for the talks. The hallways leading to the event were lit up in a futuristic purple light with a number of posters with various ciphers for the scavenger hunt competition:
In this writeup I will share my notes on solving the scavenger hunt. If you are interested in solving these challenges yourself, then please stop reading now.
The first piece of data that I decided to solve were the repeating barcodes spread around most of the posters. The particular format is called Databar Expanded and contains ASCII characters. Fixing up the colors and removing the background graphics, I was able to decode two messages:
It was not clear how these would be useful for the rest of the scavenger hunt, so I stopped there.
Several of the posters featured QR codes of two kinds. One of them simply pointed to a Wikipedia article on Guy Fawkes. The second QR code pointed to https://rememberremember.me/ with a strange message.
After a bit of research, the cipher turned out to be Bacon’s cipher from 1605 which encodes letters of the alphabet into a series of letters A and B. It can be decoded using an online decoder from Cryptii:
The plaintext pointed to yet another website https://gunpowdertreason.com which contained a large block of numbers:
After experimenting with various algorithms and following the tip provided during the closing ceremony, the above turned out to be Nihilist cipher which can be decoded with the password “remember”:
The decoded text is yet another artifact from the Guy Fawkes Night of November 5th, 1605 although the cipher itself would be used much later in the 1880s Tsarist Russia.
The last piece of scavenger hunt were large blobs of hexadecimal blobs which were actually ASCII codes corresponding to the following unique cipher texts:
spoub dfiqp epvno desrt bqgqh ktdad linesrt bqgqh ktdad line
xmeup seugr xjyrp atcvw ytrth jouvy spjbz ochdf yspbg tiejg nlkkb rndrv hqcxv yxqrp pxpld nugvh zlkdv xzqwh npc
alnpc zuypp ilyii qwdvh jmymi utleh sfvzm d
xmbuv zmipj rqxpp
iprzv nuupp mjkdv gehve bcvux sljvi eicqs cgzpp ormie dhdhn tlfht srlgf wlofu ujwzi rhyhr eyfiz shet
hjtpv ptnhc izbpp jourx pxnbh rdnig
I’ve tried a few approaches to crack these, but no luck. Leaving it here in case you want to tackle them.