Terry Zink: Security Talk

Discussing Internet security in (mostly) plain English

Can you break the code?

Can you break the code?

  • Comments 1

I read this on Yahoo! News

The newly formed U.S. Cyber Command is supposed to centralize and focus the military's ability to wage war over the Internet, but so far it's basically famous for brainteasers. The command's fancy logo contains a super-secret code in its inner gold ring: 9ec4c12949a4f31474f299058ce2b22a. Though some people noticed the code late last month, Wired's Threat Level Danger Room blog picked it up Wednesday morning and announced a contest, with a free T-shirt (or a ticket to the International Spy Museum)  going to the first reader to crack the code.

image

Trouble is, no one knows for sure yet precisely what the 32-character code means. Or at least no one at Cyber Command appears to know. Lt. Cmdr. Steve Curry, a spokesman, says "it's definitely the mission statement" of Cyber Command. "What part of the mission statement: That's what I'm waiting to find out on from the people who designed it."

Indeed, the heraldry notes accompanying the logo — i.e., explanations of what the symbols mean — say it contains a "computer code that ties the command back to the early days of computer networking; USCYBERCOM's mission statement is encrypted within this code." Curry suspects that the designers used a cryptographic algorithm called an MD5 hash to transform the mission statement into the string of characters, but he doesn't know whether they took choice bits or the whole statement, which reads:

USCYBERCOM plans, coordinates, integrates, synchronizes, and conducts activities to: direct the operations and defense of specified Department of Defense information networks and; prepare to, and when directed, conduct full-spectrum military cyberspace operations in order to enable actions in all domains, ensure US/Allied freedom of action in cyberspace and deny the same to our adversaries.

The MD5 hash is a one-way hash; it is relatively easy (computationally inexpensive) to go from clear text to cipher text, but computationally expensive to go from cipher text to clear text.  This is similar to the function f(x) = x2.  It is easy to compute 42 but not so easy to compute the square root of 39.  Since an MD5 hash typically translates text to a relatively fixed number of characters, it is a candidate for the cipher; unfortunately, someone would have to do trial and error of specific strings before they finally hit upon the correct sequence.

Cyber command is clearly putting a little bit of their own playful stamp on their logo with this, but obviously it cannot be that complicated to decipher because while the government does many foolish things, they aren’t so foolish so as to put a secret code in their logo.  It’s more of a geek thing like many of the inside jokes that Futurama has.

If I look at the letter/number sequence, it corresponds to the 16 characters of hexadecimal, [0-9a-f].  I took a guess, just to be different, and that it maps to the extended ASCII table where each number corresponds a particular key stroke on the keyboard.  If each hex digit is 4-bits, and each extended ASCII value is 8-bits, then every two hex characters need to go together.  This gives us:

9e c4 c1 29 49 a4 f3 14 74 f2 99 05 8c e2 b2 2a

This translates to the following binary decimal values:

158 196 193 41 73 164 243 20 116 242 153 5 140 226 178 42

And getting rid of the spaces and replacing them using Excel’s ASCII conversion feature (manual) gives us the following:

žÄÁ)I¤óótò™ Œâ²*

And this, of course, makes no sense.  I tried to re-arrange the letters a bit by shifting the characters around.  Instead of the original string, I took the letter ‘a’ off the end and put in on the beginning,giving me the following:

Hex: a9 ec 4c 12 94 9a 4f 31 47 4f 29 90 58 ce 2b 22
Decimal: 169 236 76 18 148 154 79 49 71 79 41 144 88 206 43 34
ASCII: © ì L   ” š O 1 G O )  X Î + "

This is still useless, so I took the character at the beginning and tacked it onto the end instead.  This gave me the following:

Hex: ec 4c 12 94 9a 4f 31 47 4f 29 90 58 ce 2b 22 a9
Decimal: 236 76 18 148 154 79 49 71 79 41 144 88 206 43 34 169
ASCII: ì L  ” š O 1 G O )  X Î + " ©

Useless again.  I was beginning to think that I was going to have to code up some software to try every possible combination and look for something intelligent (this would be 16! combinations; trivial to code but difficult to find something intelligible).  However, that’s when I noticed something – when I moved the last letter to the front, or the front letter to the back, the code was identical but shifted over one space.  This was an intriguing development.  I then rotated it again and I came back to the first unintelligible string.  Rotating it again comes back to the second unintelligible string but off by one (both times). 

At this point, I decided to say “Forget it” and do a search for the solution. The result?  Here it is:

The MD5 value is a hash of Cybercom's 58-word mission statement, Correll noted on his blog: "USCYBERCOM plans, coordinates, integrates, synchronizes and conducts activities to: direct the operations and defense of specified Department of Defense information networks and; prepare to, and when directed, conduct full spectrum military cyberspace operations in order to enable actions in all domains, ensure US/Allied freedom of action in cyberspace and deny the same to our adversaries."

So there you go.

Leave a Comment
  • Please add 4 and 7 and type the answer here:
  • Post
Page 1 of 1 (1 items)