Welcome

You've come to the page dedicated to the Badge related puzzle from Defcon 19. The puzzles were created by Ryan "1o57" Clark, creator of the Defcon Mystery Challenge. Here you will find all the information gathered with respect to the badge puzzles from the weekend.

Be warned, there is no censoring of spoilers below!

Puzzles

The puzzles need not be solved in this order, however they are listed below in a logical sequence.
  1. Code wheel sequence
  2. Sign numbers
  3. Lanyard
  4. NOPMYX
  5. Candy Code
  6. Eyes on Page Numbers
  7. Logic Gates
  8. Poisoned Sequence
  9. Sum of the Moons and the Stars

Errata




Code Wheel Sequence


smallwheel.png
On the floor of the Rotunda is a large code wheel, as follows:
1
4
11
16
24
29
33
35
39
45
47
51
56
58
62
64
69
73
78
80
84
89
94
99
104
?
D
E
F
C
O
N
A
W
G
B
U
J
Y
K
R
I
S
V
X
P
L
Q
M
H
T
Z
This is Aronson's sequence, so: Z = 111



Signs

The following numbers are on the bottom of many of the stand-up signs around the convention area:
35
4
24
4
29
4
104
62
33
104
4
56
24
47
62
33
104
4
56
24
47
62
69
4
16
47
62
64
104
56
94
4
73
4
84
69
84
24
24
58
35
64
104
99
64
29
56
25
47
62
69
4
84
11
35
99
4
62
4
104
99
4
4
56
4
84
33
16
58
69
94
4
69
69
33
39
4
104
99
4
62
4
99
24
45
24
4
69
104
99
47
11
99
24
62
62
24
62
Using the code wheel, the message reads:
WEOENETRATEYOURATEYOURSECURITYLEVELSLOOKWITHINYOURSELFWHERETHEEYELACKSMESSAGETHEREHOBOESTHUDOFHORROR

It is believed that the "where the eye lacks message" in telling you to look at your lanyard, as you are unable to see the code while you are wearing it.

"HOBOESTHUDOFHORROR" appears to be an anagram for "BROTHERHOOD OF HORUS"



The Lanyard

At first glance the lanyard appears to have binary code on it, delimited by blue colons. There are 15 groups of 13 digits (counting the logo as a digit), followed by 7 groups of digits without logos (but containing an easter egg).

To fit neatly, a line break has been added at the end of each set of 13 bits.

::111011000smalllogo.png01:
0smalllogo.png11010010100:
0110smalllogo.png10010011:
1111000smalllogo.png00100:
11smalllogo.png1101101000:
smalllogo.png101010010000:
111smalllogo.png000100001:
01101001010smalllogo.png1:
001010010smalllogo.png011:
0010100smalllogo.png10100:
011010smalllogo.png010011:
11100smalllogo.png0000101:
001010010100smalllogo.png:
111010010smalllogo.png100:
01001001smalllogo.png0101::

1010100010001.111010000000o.0010100100115.1111000000107.000000000000.000000000000.000000000000
We learned at "Welcome to Defcon" Panel that the data past the double colon is not required to solve any puzzles.

The only other occurrence of 13 characters between colons appears on page 4 of the Defcon program, the phrase ::HACK UPON XYLEM::
When using the position of the smileys to correspond to positions of the phrase in the book, the discovered phrase is LAUNCHKEYNOPMYX

This gives you the launch code



NOPMYX (Launch Page)

By completing the lanyard you are directed to the NOPMYX launch page, informing you that you need to find a Z Agent, and present to them an Ace of Spades with the password written on it. In the page source you are given the names of all the agents, who are the only ones that have a "Z 36" badge. The password is not given, but the hint phrase is this:

You can *kiss* goodbye mission success if you do not write the password
passed *shortly* before on the face of the card.

*kiss* *shortly* is referring to page 11 of the program guide, where you find a card with a lipstick kiss and some scribbles. The markings are called Gregg Shorthand. When translated back into English, they say "the password is little sister."

With "little sister" written on the Ace of Spades, finding a Z Agent (which can be surprisingly difficult) and completing the Halloween exchange, the Z Agent will inform you that you are looking for candy.



Candy

The candy page says: (additional line breaks removed for clarity)

Send the phrase : The Jammie Dodger has been eaten.
to
28 14 19 28 39 4 31 28 18 11 36
You may be wishing I would speak to you, or illuminate where you may find the key.
It's in that place where I put that thing that time.
Wait for a return from the postman.

The numbers are a one-time pad (OTP), and the key is the large bold character of the first 11 presentations. The OTP method used is the same as the method demonstrated on the Wikipedia article, subtracting the key from the cipher to yield the original text.

Cipher
28
14
19
28
39
4
31
28
18
11
36
Key
W
B
D
I
S
B
P
C
D
F
P
Subtract
23
2
4
9
19
2
16
3
4
6
16
Result
5
12
15
19
20
2
15
25
14
5
20
Solution
E
L
O
S
T
B
O
Y
N
E
T

The source HTML yields additional white space, which helps to clarify this means e@lostboy.net. When sent on Saturday this received a reply back that basically said "Good work, go party, you'll get an e-mail in the morning."



Eyes on Page Numbers

On certain page numbers there are the Japanese/Chinese characters for 1-4 and a Eye of Horus symbol with a part highlighted in red. Some Horus symbols additionally have dots above them. The solution is a four word phrase and each word is indicated by the Japanese/Chinese character. The symbols can thus be organized like:
1 - 12W 18W 28W 32B
2 - 6W 30W 32B 40B
3 - 30W.. 32B.... 36W...46W.
4 - 14W 16W 30W 38W 40W

Each part of the Eye of Horus represents a fractional power of two. Specifically, the left white of the eye represents 1/2 and the eyebrow represents 1/8. These fractions are applied to the page numbers to obtain:
1 - 6 9 14 4
2 - 3 15 4 5
3 - 15.. 4.... 16... 23.
4 - 7 8 15 19 20

These numbers are then converted to letters using the standard 1 = A, 2 = B, C = 3, ... Z = 26 substitution:
1 - F I N D
2 - C O D E
3 - O.. D.... R... W.
4 - G H O S T

The dots then unscramble the third word by putting the characters in order of the number of dots:
1 - F I N D
2 - C O D E
3 - W O R D
4 - G H O S T



Logic Gates

There is a logic diagram that is repeated four times on a Defcony James Bond graphic at one of the intersections.
This diagram translates to the formula: (X^3) + (Y^3) + (Z^3)
Three of these diagrams have chinese characters representing integers (370, 371, 407) for inputs. For each of these, the output of the formula is the value of the input digits concatenated.
For the forth diagram, the input is the chinese ghost character ("ÚČ╝") repeated three times.
Being that there is only one more three-digit combination for which this formula works: ghost = 153



Poisoned Sequence

Two pieces of information lead you to work with the badges. The first is the text found on the 153 page:

We believe you have been compromised.
The relics you hold are believed to be a key, a sequence that unlock truth that has been hidden.
However the sequence has been poisoned.
You must find the flaw!
The ZAGENTS are a clue. FIND THEM.

The second is the e-mail that was received Sunday morning at 11:32am:

We have verified that agents have compromised our communications channel.
You need to identify the compromised H, and replace with the Z.
We have verified that there is only one H value that has been compromised.
You may use the SUN/MOON to verify, you do remember how to calculate those, correct?
When you identify the compromised H, analyze and report. The message stream will identify for you a name.
Report to the identity here:
_@%LosT 0x2E Organization
Within your message confirm the compromised H, as well as the sum of the moons and stars.

Note: 13 Underscores appear in the message above before the @ sign, but Wiki markup prevents them from being shown.

All of the badge numbers form a sequence of eban numbers, with the exception of H3. Therefore, H3 is the compromised badge. The verification of SUN/MOON we believe is physically placing the H3 "Sun" over the Z36 "Moon" badge, where the only thing that aligns is the number 3.

With an identity of "eban," %LosT translating to 1o57, 0x2E as ASCII for the dot character, and the TLD for organizations is ORG, the email address to send the message is "eban@1o57.org"



Sum of the Moons and the Stars

After identifying the compromised badge and the identity, the only thing left to calculate is the "sum of the moons and the stars." A lot of time was spent on this and was not calculated without additional hints from Lost's twitter feed.

Egyptian mythology talks about the eyes of Horus with one representative of the Sun and one of the Moon. All badges at the convention had a Sun on them when reading the numbers left to right, while the Z Agents had a Moon when reading their numbers. For this particular puzzle, only the H badges (and replacement Z badge) are considered.

The notable hint from Lost was that "Every H has a Sun and a Moon."

The notches in the badges are calculated from taking the badge number mod-12, and placing it like the hours of a clock hand. So, H6, H30, H42 are at 6 (bottom), H50 is at 2, H40 at 4, H32 and H44 at 8, and H34 and H46 at 10. H3 did not have a notch, hence another clue that it is the poisoned number. The Z36 did not have a notch either, though 36 mod 12 is zero, implying that there either would be no notch or it would be at the very top.

Considering all the H badges as Suns (Stars), the sum of all the notch positions is 60.

When looking at the H badges backwards, as "Moons," the clock positions are flipped. While the 6 is in the same spot, H50 is now 10, H40 is now 8, H32 and H44 are now 4, and H34 and H46 are now 2. Adding the Moons together like such produces 48.

The sum of the Moons (48) and the Stars (60) is 108. This proved to be the correct answer and was provided to Lost first by the group in the Chillout lounge around 4:30pm.



Easter Eggs

  • "108" (the sum of moon and stars) is a recurring number on the TV Show LOST.
  • The last digits of the sequence on the Lanyard spell "1o57."
  • The zeros and ones on the lanyard are PDP-8 instructions.
  • "It's in that place where I put that thing that time" from the candy page is a quote from the movie Hackers.



Red Herrings

  • All day Saturday and Sunday, Goons were found placing misleading Wooden Nickels on the code wheel and logic gate puzzles. Many of them said "F U" on them or had other Egyptian symbols drawn in sharpie.
  • Windows 2003 book with words blacked out and #304 written laying on Rotunda (likely placed by Goons)
  • The Goon badges are in the shape of stars, a misdirection for calculating the sum at the end.



List of Badges

Aside from the "Z" badge, the eban sequence also follows alphabetical order.

C = Contest, 2
G = Goon, 4
H = Human, 3, 6, 30, 32, 34, 40, 42, 44, 46, 50
P = Press, 52
S = Speaker, 54
V = Vendor, 60
U = UBER/Black, no number
Z = Sleeper Agent, 36



@1o57's tweets relevant to contest


Saturday:
  • 14:04 - I hope that everyone is having fun with the badges.
  • 14:05- HINT: Digital logic- consider the mathematical functions implied by the types of gates represented, not simply as taking boolean values
  • 14:06- HINT: If you can read the "kiss"- ask an older person or fans of the Mighty Boosh- I'm old greggg!
  • 14:07 - HINT: there are LOTS of people creating FAKE clues. Like most of the red shirt goons :) If it's not elegant, it's not me ;)
  • 14:07 - HINT: there are Z badges floating around the conference.....
  • 14:07 - More updates and hints in a few hours.
  • 18:31 - Hint : if you have passed a card to z and are stuck- you are now dealing with a OTP. And you have the key
  • 18:34 - Hint: The eyes on the bottom of the pages are used against the page numbers for decoding...
  • 18:51 - More hints at 7
  • 19:34 - The otp info you are looking for is in the program
  • 20:32 - If I SPEAK about the TRACKS that BIG foot left, I might break the LETTEr of the law.

Sunday:
To be filled in later...



Unsolved Mysteries

  • What does "WE OENETRATE" mean from the signs?
    • That is very likely encoding mistake for 'PENETRATE', whether by the Brothers or LoST, I cannot tell (fx)
    • Does 1o57 make mistakes? Sure, the badge, but that was a fabrication problem.
  • The Voyager "Golden Disc" image was unused.
  • Enigma gears on the DVD Content and the shirt for sale, possibly different and needed next year?
  • One person claimed to have gotten to /candy from the gears on the pyramid. No one has been able to explain or duplicate this yet.
  • That image of skull and keys, with "LOSt" (or "LOS+"?), "A723", and "b33t5" was also unused, as far as I can tell. Even the image with the sheep on the candy page seemed useless, it is the twitter hint that lead to the solution (fx) (Image with the keys was unsolved from last year)
  • Someone had mentioned a (Dead Drop was supposed to happen) Need to confirm with 1o57.
    • Lost confirmed that no one had gotten 'candy' by the dead drop time on Friday so it didn't happen.
  • There is a misplaced d on one of the pages in the program as well as other mispelled words.
  • The sum of all the elements in the badge add up to > 100% confirmed with 1o57 that it was misdirection.



Links

http://rapidpacket.com/~xtat/defconbadge/ - pictures from day 1
http://rapidpacket.com/~xtat/defconbadge/notes/ - notes from day 1
http://rapidpacket.com/~xtat/defconbadge/day2/ - pictures from day 2
http://www.defcon.org/1057/badge - link on cd - zip file of badge files "dvdcontent" http://www.defcon.org/1057/NOPMYX/
http://www.defcon.org/1057/153/ - result of logic gate floor puzzle - describes poisoned info
http://www.defcon.org/1057/1057/ http://www.defcon.org/1057/NOPMYX/ -


http://rapidpacket.com/~xtat/defconbadge/%231057.log The IRC log

http://gwydir.demon.co.uk/jo/numbers/egypt/fractions.htm
http://twitter.com/#!/1o57
Defcon 19 program (pdf)