TDX 25 Secure the 'Force Bonus Developer Challenge Solution
Are you curious about how to solve the Bonus Developer Challenge from the TDX 25 Secure the 'Force competition? If so, please read below to see a walkthrough of the solution.
Thank you for playing and please feel free to email us at lpelkey@salesforce.com if you have feedback or questions.
The challenge text is: Once you have solved all of the other Developer challenges, put the Developer flags together to discover some hidden knowledge.
Concatenating all of the developer flags in order gives a hex string: 38BDD570DE05A2A3380CAEE70EEC076DB622A795E9D73ED10B20F930C8F3C9D5. This looks like it could be some kind of encrypted value. The hex string is 64 characters long, so it represents at most 512 bytes of data.
AES key/block sizes are 128 bits, 192 bits and 256 bits. Since the size of the payload is evenly divisible by 128 and 256, we likely either have 4 blocks of 128 bit encyrpted data or 2 blocks of 256 bit encrypted data.
We can probably assume that this is AES encrypted data. Now we need to either guess, brute force or otherwise figure out what the encryption key value is.
The hint for the challenge reads: Does the key sound like Salesforce Secure the 'Force?
That hint lets us know that there is an encryption key and gives us a clue as to what that key value could be. We need either 128 bits or 256 bits of key material. The "sound like Salesforce Secure the 'Force" reminds us of the Soundex algorithm. Soundex output is a letter followed by three digits, which can also be thought of as 32 bits of data (using ASCII encoding).
Four Soundex "words" give us 128 bits of material. A quick search reveals a number of online Soundex converters. We use one and obtain the following:
| Salesforce | S421 |
| Secure | S260 |
| the | T000 |
| Force | F260 |
We will start by using S421S260T000F620 as our key.
A bit more searching and we find an online AES decryption utility that accepts a hex string as the ciphertext, ASCII text as the key and will decrypt and convert the payload.
After trying some of the different decryption options, we determine that the encrypted data was likely encrypted with AES 128 in CBC mode. CBC mode requires an initialization vector (IV) to be provided as well. Since it is doubtful that the implementor of the data encryption followed the best practice of using unique, crytographically random values for the IV, we go ahead and use the encryption key value for both the key and IV.
When we configure the decryption this way we get what looks like a valid Base64 encoded value
Now that we have a Base64 encoded string, we want to decode that back to a text value. Pressing the Decode to Plain Text button shows us a value that is likely the flag for this challenge.
Entering in the flag value solves the challenge and gives us the points for this challenge.
Thank you again for playing Secure the 'Force and we hope to challenge you again at a future event!