Codebreakers find evidence for hidden puzzle in GCHQ challenge
'Tell me I'm on the right track, GCHQ, so I can get some sleep'
Codebreakers are split over whether there might be a hidden challenge in the GCHQ-set code-breaking puzzle set last week.
The signals intelligence agency set a puzzle at canyoucrackit.co.uk in its attempt to drum up potential interest in a career at the spy centre from outside its traditional graduate programme. The three-part puzzle was broken independently by several people, but Dr Gareth Owen, a computer scientist and senior lecturer at the University of Greenwich in England, was the first to post a detailed explanation of the crack.
The challenge involved making uncovering a code-word starting with a 16x10 grid of paired hexadecimal numbers. The first stage involves recognising that the numbers are executable code (a decryption algorithm) as well as unpicking some steganography involving the image of the numbers. The second stage involves building a virtual computer to execute code that, when correctly done, outputs the link to the third stage.
The third stage involves finding the licence key to run a linked program. Finding the licence key involves decoding the program and seeing how it works. Three hidden numbers from the first two stages of the process are needed to get the final answer that reveals the keyword.
Other amateur codebreakers who also tried their hand at the codebreaking challenge included John Graham-Cumming, the man behind the project to build Charles Babbage's Analytical Engine. Graham-Cumming also launched the successful petition for an apology from the British government for its persecution of Alan Turing.
Intriguingly, Graham-Cumming reckoned there might be a hidden part four to the GCHQ Code Challenge because of the amount of non-random data in part two. In addition, GCHQ modified its canyoucrackit.co.uk website to say "The challenge continues"... further suggesting there might be some hidden puzzle.
We put these observation to Owen who got in touch with his contacts at GCHQ, who told him that that data that Graham-Cumming has put under the microscope is just a "random filler" adding that they had wanted to set up a puzzle at this point of the challenge but they "ran out of time to do anything interesting".
That explanation satisfied Owen, at least to the point where he decided not to commit to another all night in code cracking, but not Graham-Cumming, who continues to have his doubts. "I don't believe that's the whole story," Graham-Cumming writes. "There's a distinct pattern worth investigating."
Graham-Cumming explains his theory about a hidden challenge in some detail in a blog post here. He concludes, good-naturedly, "If anyone from GCHQ is reading... can you email me a simple 'carry on' or 'stop wasting your time'. Need to sleep..."
Doubts about the "random junk" explanation in the canyoucrackit.co.uk puzzle arise not just because the spy agency is naturally a master at misdirection but because a previous puzzle from GCHQ a few years back had a hidden solution as well as a main solution.
"The data is far from random at at least one level as I've recovered the key and crypto mechanism as demonstrated," Graham-Cumming added on Tuesday morning. "It has been confirmed that I am correct on that." ®
I see no steganography here, only meta-data.
(IE there is a comment in the image file.)
Steganography would involve altering the pixels of the image itself to encode some text within it while leaving the image looking unaltered to the naked eye.
Simply really, take one in eight pixels and replot as binary and convert to ascii, then a rot 13 and viola, the location of a dead drop to leave your job application.
Too bad it was full when I dropped mine off.
doing the ultra complex is nto always needed, its all about variation and ensuring you follow no set pattern. If the information is not of critical importance then simple encoding to ensure its not of use once figured out is simply enough.
Gah! Don't tell me the answer!
I thought it was assembler code and I was building an environment to disassemble it. I was getting there. Might continue now I know the methodology. As an adjuct my grandad worked as a techie at Bletchley Park. He didn't tell anyone until he was in his 70's. Even his wife didn't know!