Crack GCHQ's code and become the next James Bond GCHQ has launched a code-breaker challenge as part of its attempts to unearth fresh talent from unconventional sources. The signals intelligence agency's ‘canyoucrackit’ challenge invites would-be codebreakers to crack a visual code at canyoucrackit.co.uk. The campaign will be supported in social media channels, including …
considering that I worked it out while I was in the process of typing it out in a HEX editor.
Still, I do wonder how they deal with Google etc... How can they tell who actually worked out the code, and who just Googled it. By the end of it they may end up hiring people with good Google skills, rather than what they want...
(Not to mention, you'd want to be careful typing out binary values into your PC, you never know what they might do).
Anonymous due to GCHQ black helicopters nearby...
"Of course, the toughest part of this test, is asking yourself, "Can I live in Cheltenham and earn a fraction of what I could get elsewhere?""
FWICR average pay for this job is <20K - take 6K off for travel costs and spread hourly rate over the 4+ hours travel time and you would be better off doing a couple of "would you like fries" jobs or some contract cleaning. I know of one local cleaner (surrey) who does private houses under contract and earns ~20K for what is a part time job.
James Bond never cracked any codes! He did crack a few skulls, but certainly no code!
So, this article leads me to believe that some 70Kg whzzkid will be running around the streets of Kiev armed with a silenced pistol knocking off bad guys.. then again perhaps on the games console as this new "James Bond" will be desk bound!
Someone on a blog has disassembled it and it looks reasonable code. There is a mov instruction of xDEADBEEF and a couple of compares with x41414141 etc.
See this link
http://volatile-minds.blogspot.com/2011/11/can-you-crack-it-nope-i-tried-though.html
I have not really looked at the instuctions yet, but maybe this xDEADBEEF is an input to a cipher and the answer is the result.
Or there is something encrypted in the image itself on the weppage and this is barking up the wrong tree!
It may be:
A varying number (like a series of happy primes) added to the ASCII value of the text
Digital stenography on the image
Hex code that will run on a particular type of processor (I'm thinking of the old hex printings in many an old computer magazine)
And a few others that are a bit more fiddly to explain.
For anyone that can be bothered it's x86 assembly and there's a hidden piece of data hidden in the png comment which is either base64'd or uuencoded.
The x86 assembly presumably decodes the png comment and prints it out or something like that - never could be bothered learning x86 assembly.
This post has been deleted by its author
Steganography on the image led to a decription key for shell code in the hex bytes. This (compiled in the pastebins in the previous comment) returns the URL:
http://www.canyoucrackit.co.uk/15b436de1f9107f3778aad525e5d0b20.js
Which leads to part 2 of the challenge, which is to write a virtual machine compiler to run the next set of bytes to return the 3rd URL.
The Virtual machine is already written in python here:
http://pastebin.com/kMhhEgqm
Which leads to part 3 of the chalenge.
This site is reminiscent of Judy Susan Baker's CyberSecurityChallenge fiasco.
They are using an unencrypted website with fake domain registration information.
There's nothing to stop anyone engaged in hostile foreign surveillance (eg, like for example Phorm, Huawei, or Bluecoat to name but a few) identifying all those people who visit the site and especially those who successfully crack the code.
Genius; all your spooks are belong to us.
Remind me again, what the hell is it that GCHQ are mean to be experts in...?
want a job with GCHQ?
Ok we'd like to offer you the job.
Great what are the benefits?
Well you'll be an HEO or SEO so pay will be around £25k
ermmmmmm, ok bit shite what about prospects?
well only 1% pay rises for the next 2 yrs and you'll need to jump through hoops to get promotion to SEO or SSO.
Ok how about health care, expense account, share options, car, etc?
HAHAHAHAHAHAHAHAHA
Pension must be good I've heard so much about this gold plated pension.
Well it was pretty good but you'll need to find an extra 50% contribution from April and then more again next year.
Ermmmmm right I think I'll take that job in ASDA instead, I get a staff discount
Either modern encryption schemes like AES are broken (or even breakable) - in which case why don't we own the world? Or they aren't - in which case you can have all the crossword fiends in the world but there's no point.
So if all GCHQ does is listen in on SMS messages and arrest people for texting clash lyrics - I can see why they might have issues luring the best and brightest mathematicians away from the city.
hahaha. Is would be much easier and fast just to do a google search like:
site:canyoucrackit.co.uk
it will return a link to an .js file which contain the solution. http://www.canyoucrackit.co.uk/15b436de1f9107f3778aad525e5d0b20.js
we can always count on the incompetence of MI5/6 managers and IT personnel.
Happy Xmas
And the answer is:
Pr0t3ct!on#cyber_security@12*12.2011+
Which takes you to:
http://www.canyoucrackit.co.uk/soyoudidit.asp
for a crappy £25k job advert.
Yes, you too can get a low paid job with no prospects as long as you have a 2:1 degree, and skills in shellcode, cryptanalysis, DOS decompilation and javascript VMs.
One of the final puzzles is to avoid the supposedly mandatory atdmt click through tracker as this third party tracker had been hacked in the past. Kudos to anyone who posts a list of those who applied broken down by browser, location etc.
If you prefer to avoid the merkins(+hackers) knowing, simply go direct to
https://apply.gchq-careers.co.uk/fe/tpl_gchq01ssl.asp?newms=jj&id=35874
Numeric job ids - have these muppets never heard of OWASP?
If this sort of job "tickles you boat", try applying for CYBER/SCAR/11 its the same dosh as cheltenham but based in scarborough which would allow you to rent a flat instead of having to live in a cardboard box/tent/...
So the solution page is
http://www.canyoucrackit.co.uk/soyoudidit.asp
which leads to an application page that says:
"...whether you've got a relevant technical degree or YOU'VE DEVELOPED YOUR OWN EXPERTISE [my emphasis], you could really make a difference..."
and then expects you to send a CV demonstrating a "graduate with a minimum 2:1 degree". Human Resources strikes again!
I must say I'm impressed. I thought the security services were immoral opportunists who would do and say anything to protect the country and supply suitably sexy dossiers to their masters
But that they would have the moral courage to risk the lives of British troops in foreign wars and allow Britain to come under attack from totalitarian regimes - rather than employ somebody who sneaked a look at their exam marks in school - shows really moral fibre
When you click the 'apply' button for the job it takes you to ADTMT.COM - which I block as advertising/ad-clicking/tracking/nasty piece or work/etc.
I expect that a lot of people in my line of work (Information & IT security) will get the same result - so GCHQ are asking security people to lower their security settings to enable them to apply for a job to show how good at security they are - GENIUS.
Lol.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
