gchq_1945820bGCHQ released a recruitment challenge on www.canyoucrackit.co.uk in November 2011.  The challenge involved a series of reverse engineering puzzles.

I cracked the challenge in a few days and published the videos of how to solve it online. The puzzle was broken into three stages which took around six to eight hours to solve. The videos received widespread media attention and are included here as step-by-step guides to completing them (spoiler alert obviously).

To enlarge videos, click play and then press the Youtube button at bottom of video.

Stage 1

What are the hexadecimal characters on the website?

Files to download:

p1-complete.asm (this one prints the decrypted data to the screen – no need to use debugger)

PNG Inspector – my code to check PNG image for comments and steganographic content

Stage 2

Can you code a virtual machine?

Files to download:

PHP VM Implementation

Explanation of VM code

Conversion of VM code to C

There isn’t anything further hidden in Stage 2 – GCHQ have confirmed to me. Despite the appearance in the second decrypter (the erroneous jmp); allegedly this is a left over relic because they simplified the puzzle for fear it was too difficult.

Stage 3

Can you reverse engineer a program?

GCHQ kindly wrote to me to say the fscanf bug was deliberate – so that you could override the crypt check; seems I took a short cut!

Files to download:

C representation of executable