back to article Crack GCHQ's code and become the next James Bond

GCHQ has launched a code-breaker challenge as part of its attempts to unearth fresh talent from unconventional sources. The signals intelligence agency's ‘canyoucrackit’ challenge invites would-be codebreakers to crack a visual code at The campaign will be supported in social media channels, including …


This topic is closed for new posts.
  1. pig

    The quickest way to solve this is a quick google.

    I wonder how far admitting that would get me in the process?

    1. Anonymous Coward
      Anonymous Coward

      Not that you really need to Google...

      considering that I worked it out while I was in the process of typing it out in a HEX editor.

      Still, I do wonder how they deal with Google etc... How can they tell who actually worked out the code, and who just Googled it. By the end of it they may end up hiring people with good Google skills, rather than what they want...

      (Not to mention, you'd want to be careful typing out binary values into your PC, you never know what they might do).

      Anonymous due to GCHQ black helicopters nearby...

    2. hazzamon

      No, the quickest way to solve it is to show it to an autistic child in the form of a puzzle book!

  2. Captain Hogwash

    15x10 grid

    Actually it seems to be 16x10.

    1. TakeTheSkyRoad

      Also if you check the source the "password" field is 16 chars.

      I had a look but after translating to ascii and finding two lines "=AAAA" and "=BBBB" failed to see the next step... unless that was a red herring of course

  3. Anonymous Coward
    Anonymous Coward

    The toughest part...

    Of course, the toughest part of this test, is asking yourself, "Can I live in Cheltenham and earn a fraction of what I could get elsewhere?"

    1. Jacqui

      Re: The toughest part...

      "Of course, the toughest part of this test, is asking yourself, "Can I live in Cheltenham and earn a fraction of what I could get elsewhere?""

      FWICR average pay for this job is <20K - take 6K off for travel costs and spread hourly rate over the 4+ hours travel time and you would be better off doing a couple of "would you like fries" jobs or some contract cleaning. I know of one local cleaner (surrey) who does private houses under contract and earns ~20K for what is a part time job.

  4. JimmyPage Silver badge

    Anyone applying who has hacked illegally

    I would have thought these were *exactly* the people you need to recruit .....

    1. Graham Marsden

      "hacked illegally"

      Remember kids, it's only illegal when *you* do it!

      1. zb

        It is only illegal when you get caught.

  5. Mondo the Magnificent

    Hold on..

    James Bond never cracked any codes! He did crack a few skulls, but certainly no code!

    So, this article leads me to believe that some 70Kg whzzkid will be running around the streets of Kiev armed with a silenced pistol knocking off bad guys.. then again perhaps on the games console as this new "James Bond" will be desk bound!

  6. bertino
    Black Helicopters

    They are x86 op codes.

    Someone on a blog has disassembled it and it looks reasonable code. There is a mov instruction of xDEADBEEF and a couple of compares with x41414141 etc.

    See this link

    I have not really looked at the instuctions yet, but maybe this xDEADBEEF is an input to a cipher and the answer is the result.

    Or there is something encrypted in the image itself on the weppage and this is barking up the wrong tree!

    1. Anonymous Coward
      Anonymous Coward

      oooh, nice, hadn't thought of Steganography

  7. Anonymous Coward
    Anonymous Coward

    last mission

    Speccy kid with Asthma required for fight with a maniac in a train compartment.

    1. Booty003
      Thumb Up

      Nearly chocked own my tongue reading that.....

  8. David Webb

    I think you're reading it the wrong way, it's not read across but down giving a 16 character password at the end, or at least the source code suggests a post of size 16.

  9. adfadf
    Paris Hilton


  10. Pete 2 Silver badge

    In response:

    57 20 66 68 20 67 72 6f 6e 70 66 68 20 72 67 76

    66 27 6e 20 51 20 46 42 72 20 72 6b 68 70 6e 67

    79 6f 2c 72 71 20 72 62 61 66 67 27 7a 20 6e 72

    20 61 67 76 6a 20 79 76 20 79 68 65 0a 61 00 00

    ha ha!

  11. Peter Simpson 1


    "Be sure to drink your Ovaltine"

  12. Anonymous Coward
    Anonymous Coward


    "Anyone applying who has hacked illegally will not be eligible to continue in the recruitment process."

    Pity, because judging from some of the online info about solving it so far, it is only going to be people with a very high degree of skill in hacking who are likely to decode it...

  13. LJRich


    If it's 0-based.

  14. Nick 6


    Do I really have to write my own VM in javascript ?

  15. wiggers

    Just one recruit?

    Presumably only the first person to crack it will be eligible as after that no doubt the solution will be shared far and wide.

    1. ed_g


      I would suspect that if they're the type of person to immediately publicise what they have discovered then they are not the type of person that GCHQ is looking for.

    2. zb

      Probably he will have hacked illegally, be ineligible and have not reason not to publish.

  16. Wize

    Lots of starting points

    It may be:

    A varying number (like a series of happy primes) added to the ASCII value of the text

    Digital stenography on the image

    Hex code that will run on a particular type of processor (I'm thinking of the old hex printings in many an old computer magazine)

    And a few others that are a bit more fiddly to explain.

  17. Anonymous Coward
    Anonymous Coward

    Can't be bothered.

    For anyone that can be bothered it's x86 assembly and there's a hidden piece of data hidden in the png comment which is either base64'd or uuencoded.

    The x86 assembly presumably decodes the png comment and prints it out or something like that - never could be bothered learning x86 assembly.

  18. Anonymous Coward
    Anonymous Coward

    Already solved


    From comments at:

  19. This post has been deleted by its author

  20. Anonymous Coward

    Steganography on the image led to a decription key for shell code in the hex bytes. This (compiled in the pastebins in the previous comment) returns the URL:

    Which leads to part 2 of the challenge, which is to write a virtual machine compiler to run the next set of bytes to return the 3rd URL.

    The Virtual machine is already written in python here:

    Which leads to part 3 of the chalenge.

  21. Alfred

    Page 1, Chapter 1: Thank you for purchasing this thousand page shellcode guide...

    I'm actually quite impressed at the depth of knowledge required to do this. Bravo, chaps. No pandering to the "prizes for all" crowd here. Sadly :(


    Not Encrypted

    This site is reminiscent of Judy Susan Baker's CyberSecurityChallenge fiasco.

    They are using an unencrypted website with fake domain registration information.

    There's nothing to stop anyone engaged in hostile foreign surveillance (eg, like for example Phorm, Huawei, or Bluecoat to name but a few) identifying all those people who visit the site and especially those who successfully crack the code.

    Genius; all your spooks are belong to us.

    Remind me again, what the hell is it that GCHQ are mean to be experts in...?

  23. Anonymous Coward
    Anonymous Coward

    why would you?

    want a job with GCHQ?

    Ok we'd like to offer you the job.

    Great what are the benefits?

    Well you'll be an HEO or SEO so pay will be around £25k

    ermmmmmm, ok bit shite what about prospects?

    well only 1% pay rises for the next 2 yrs and you'll need to jump through hoops to get promotion to SEO or SSO.

    Ok how about health care, expense account, share options, car, etc?


    Pension must be good I've heard so much about this gold plated pension.

    Well it was pretty good but you'll need to find an extra 50% contribution from April and then more again next year.

    Ermmmmm right I think I'll take that job in ASDA instead, I get a staff discount

  24. Jop

    Worked out the xor'ed shellcode and found the base64 string looking at the PNG in a hex editor, but using the second part in a virtual java thingy got me stumped. Pass me the script kiddy dunce hat please!

  25. Yet Another Anonymous coward Silver badge

    Pointless publicity stunt

    Either modern encryption schemes like AES are broken (or even breakable) - in which case why don't we own the world? Or they aren't - in which case you can have all the crossword fiends in the world but there's no point.

    So if all GCHQ does is listen in on SMS messages and arrest people for texting clash lyrics - I can see why they might have issues luring the best and brightest mathematicians away from the city.

  26. Anonymous Coward
    Anonymous Coward

    A. Annerl

    hahaha. Is would be much easier and fast just to do a google search like:

    it will return a link to an .js file which contain the solution.

    we can always count on the incompetence of MI5/6 managers and IT personnel.

    Happy Xmas

    1. amanfromearth

      Er, no

      I think you'll find the solution needs a bit more work than that..

  27. Will Godfrey Silver badge

    Simples. Use your working on solving this (and other toys) in your CV when you apply for a real job in the private sector.

  28. Anonymous Coward
    Anonymous Coward

    Using google search


    Sometimes google can be your friend.

    It doesn't give you the answer but does tell you where you'll be after you answer the question.

  29. Jop

    While there is some code breaking there, the shellcode part of it suggests they are looking for hackers or someone who can decrypt custom tools/exploits that foreign government funded hackers are using.

  30. Anonymous Coward
    Anonymous Coward

    And the answer is:


    Which takes you to:

    for a crappy £25k job advert.

    Yes, you too can get a low paid job with no prospects as long as you have a 2:1 degree, and skills in shellcode, cryptanalysis, DOS decompilation and javascript VMs.

    1. Jacqui

      GCHQ fail

      One of the final puzzles is to avoid the supposedly mandatory atdmt click through tracker as this third party tracker had been hacked in the past. Kudos to anyone who posts a list of those who applied broken down by browser, location etc.

      If you prefer to avoid the merkins(+hackers) knowing, simply go direct to

      Numeric job ids - have these muppets never heard of OWASP?

      If this sort of job "tickles you boat", try applying for CYBER/SCAR/11 its the same dosh as cheltenham but based in scarborough which would allow you to rent a flat instead of having to live in a cardboard box/tent/...

  31. Displacement Activity

    Well, I couldn't work it out in the couple of hours I gave it before finding the answer posted above. On the plus side, though, I now know how to write shellcode, which should turn out to be a lot more lucrative than working for GCHQ.

  32. Anonymous Bastard

    So the solution page is

    which leads to an application page that says:

    "...whether you've got a relevant technical degree or YOU'VE DEVELOPED YOUR OWN EXPERTISE [my emphasis], you could really make a difference..."

    and then expects you to send a CV demonstrating a "graduate with a minimum 2:1 degree". Human Resources strikes again!

  33. Valerion

    Classic ASP?

    It's a Classic ASP page? In 2011 on a site developed by supposedly the most high-tech place in the country?

    Welcome to GCHQ. The time is currently 2002.

  34. MMcA
    Black Helicopters

    "So I did it...!"

    Took about 90 seconds. Go me.

  35. Yet Another Anonymous coward Silver badge

    Moral courage

    I must say I'm impressed. I thought the security services were immoral opportunists who would do and say anything to protect the country and supply suitably sexy dossiers to their masters

    But that they would have the moral courage to risk the lives of British troops in foreign wars and allow Britain to come under attack from totalitarian regimes - rather than employ somebody who sneaked a look at their exam marks in school - shows really moral fibre

  36. Anonymous Coward
    Anonymous Coward


    When you click the 'apply' button for the job it takes you to ADTMT.COM - which I block as advertising/ad-clicking/tracking/nasty piece or work/etc.

    I expect that a lot of people in my line of work (Information & IT security) will get the same result - so GCHQ are asking security people to lower their security settings to enable them to apply for a job to show how good at security they are - GENIUS.


This topic is closed for new posts.

Other stories you might like