February 18th, 2020 at 7:13 PM
So over the Valentines Day weekend, my GF visited and we messed around for the three days from Saturday from Sunday. Saturday was spent in my tiny outskirts-of-town area (Canadian outskirts means 30min to 1hr drive outside of the immediate city), Sunday was spent in the big city (still small by American/European standards,) and the third day was spent at a board game cafe killing time until she had to catch her bus and go home.
Some backstory:
Before she came over, we were planning out how to organize all our 'dates,' like which general areas we would spend time in, try to put everything in similar areas together, and just in general find stuff to do. My town has almost nothing fun to offer and the 'big city' has a total of two clubs. Not that I club at all, but just to give you an idea of how boring this place is for anyone 18-25. After a while, she suggested an escape room and then I remembered an article I read a while back.
Turns out, there's an escape room in the city that's sponsored by our Communications Security Establishment (CSE.) The CSE is responsible for code-breaking, mostly, and is essentially the cryptography department of CSIS (Canadian CIA). If you beat this escape room, apparently you can possibly get an interview with the CSE because they're looking for people that can solve all sorts of logic puzzles.
So we booked that one.
And we beat it.
We were matched with another group of four (me + GF + 4 = 6 people) and because we did the room later at night, we got lucky and the group was also a little more mature than a 15yo's birthday party, so they also knew what they were doing and we synergized really well.
The room wasn't set for an hour, either, like they typically are. This one was set to 45min, and we still beat it with 5min to spare. Got our photo taken and put online so I have the proof that I completed it.
But no interview, like the rumours say.
Instead, if you beat it, you are given the option to solve another challenge within 30min (you can solve it alone or with the group) and if you can solve that challenge, then you're guaranteed an interview with the CSE. Allegedly only one person has been confirmed to get an interview through this method, so it's a pretty tough puzzle.
And since I didn't sign an NDA (the waiver for the escape room is just confirming that they're not responsible for injury if you decide to be an idiot) so I think it's safe for me to post the puzzle here. As follows:
Now, of course we failed, and the host did not tell us what the answer was, but he was kind enough to at least let us know if we were on the right track.
So what I do know for sure is that there is a substitution cipher, and I believe it is fully rotationally dynamic.
Let me explain a few things and get to some things I've tried.
The Badge of Honour refers to the CSE logo, and particularly the crest, not the text beside it.
First Reading likely refers to the fact that only one iteration of the algorithm would be necessary to find the message, just to let people know not to waste their time doing all kinds of iterations.
Gnome Keys is what stumps me the most. When originally doing the puzzle, our group made the assumption that Gnome Keys was just an arbitrary phrase that meant nothing, but the more I think about it, the more I believe that it was another hint.
Only one person has officially solved this puzzle. They got their interview, but cannot confirm whether they got hired or not (top secret and whatnot.) You're only given 30min to solve this puzzle.
I've spent almost 20hrs probably, since the time I got back from the room, sleep, hung out with GF, went back home after she left to go back to her town, then worked on it until 2AM again, and this morning I took another crack at it.
I've been brute-forcing like crazy, doing every kind of Vigenere substitution, or arithmetic, using word lengths, playing with offsets, and my notebook is actually getting kinda full of this shit. Like I said, I've been at it for hours, and likely almost a day, and I haven't gotten far. If the puzzle was solved by one person in 30 minutes, that means that if they did what I did, they must have simply just gotten insanely lucky. And I doubt the Canadian CIA wants to base their applicants off the luck of the draw.
So, I think that Gnome Keys very likely refers to a specific type of cipher to use, not just a simple ROT1-25, or Vigenere, or Caesar shift, or anything like that.
I've tried endlessly googling for 'gnome cipher' or 'gk cipher' or 'gnome cryptography' and haven't found any specific ciphers to use, but came up across one result about the faithful and forgetful gnome model, but that's more related to hashing rather than a cipher, so I doubt that's relevant.
Now, onto the actual cryptography part:
The Clue/Message:
The Crest/Badge:
Other notes:
To make life easier, I've also made a couple lookup tables.
1 is the most likely, but I made an interesting result with 2.
They are both organized as the following:
Alphabet : Number : K[Number] : Alphabet[(Number(Alphabet) + Number(K[Number])) mod 26]
To explain that last column, take the first letter for instance in the message: M[1] = U
U is the 21st letter of the alphabet. Find the letter at the 21st position in set K, K[21] = T.
T is the 20th letter of the alphabet. Add 21 + 20 = 41.
41 mod 26 (41 % 26) = 15
The 15th letter in the alphabet is O
So the last column in position 21 is O
Lookup Table (1):
So let's try a few.
K[M[1-10]]:
Lookup[1] to Lookup[4]:
Note: No permutation of ROT1-25 made this a legible word.
Once I saw OMWI, I though maybe I would have found something, or maybe I made an error and it was actually OMNI (prefix for 'all') but no luck.
After trying all sorts of permutations similar to this one, and playing with the mod26 to mod25 or changing offsets, I tried two things.
First, the host mentioned something else about how it might be dynamically rotational. Instead of looking up each offset in the table starting from 0, I should perhaps start from the last offset. Observe.
I tried a few variants on this idea, and still nothing worth noting. So, I modified my assumptions a little bit:
Thus, I generate the following:
Lookup Table (2):
Now, you can see that our first letter in set M is U, this isn't 21 anymore, it's 20. So everything gets offset by one, and as a result column 4 also changes by bumping everything up by an offset of 1 (O in lookup1 column 4 becomes P in lookup2 column 4, X becomes Y, A becomes B, K becomes L, etc.)
And using this table, I then perform the following:
K[M[1-10]]:
Well, it at least looks like a word, but not Latin. Maybe Hindi or something? Maybe I'm just being reminded of TunakTunak.
But flip it around, and what do you get?
Timusmanus
Or as two words, Timus Manus, which is in fact Latin
Meaning: Concentrated Hands
Unfortunately, although this worked and gave me some Latin, it gave me two words in those ten letters instead of one word, and Google Translate returns nothing for 'timusmanus' as one word, so I guess it's another defeat.
So yeah. It's still bothering me because I've solved tons of crypto challenges online before, and done all the RE and stuff, but this one problem with a basic cipher that you can solve with pen and paper is really screwing with me and making me feel stupid, so I'm pretty pissed off and I'm gonna keep swinging at it until it breaks.
Give me suggestions on where I should look, or maybe what other kinds of algos I should try.
I've done pretty much every possible algo that has to do with the lookup tables/mod26/mod25 in one iteration, and I've established that First Reading means one iteration, so I'm not going to go overboard.
If it's one iteration, that likely also means it's a symmetric cryptographic system so I shouldn't need to use multiple rounds.
Anything that would take longer than 30min to do by hand should not be considered, since that's the time limit they gave us in-person and we were not allowed to use computers, only a single sheet of paper and a pen.
Some backstory:
Before she came over, we were planning out how to organize all our 'dates,' like which general areas we would spend time in, try to put everything in similar areas together, and just in general find stuff to do. My town has almost nothing fun to offer and the 'big city' has a total of two clubs. Not that I club at all, but just to give you an idea of how boring this place is for anyone 18-25. After a while, she suggested an escape room and then I remembered an article I read a while back.
Code:
If you're unfamiliar with the concept of an escape room, here's a quick rundown.
You pay 20$ or whatever to get locked in a room for about an hour, and in that one hour, you and your friends/party have to solve a series of puzzles to get a key that will unlock the exit.
In some cases, if you have a small group, you may be matched with another small group to all join in together (usually a limit of 6 people) depending on how busy the night is, if you have reservations, etc.
If you escape, you can get your photo put up online, and in some cases you can win a small prize or at the very least a discount on booking a different escape room at the venue.
Turns out, there's an escape room in the city that's sponsored by our Communications Security Establishment (CSE.) The CSE is responsible for code-breaking, mostly, and is essentially the cryptography department of CSIS (Canadian CIA). If you beat this escape room, apparently you can possibly get an interview with the CSE because they're looking for people that can solve all sorts of logic puzzles.
So we booked that one.
And we beat it.
We were matched with another group of four (me + GF + 4 = 6 people) and because we did the room later at night, we got lucky and the group was also a little more mature than a 15yo's birthday party, so they also knew what they were doing and we synergized really well.
The room wasn't set for an hour, either, like they typically are. This one was set to 45min, and we still beat it with 5min to spare. Got our photo taken and put online so I have the proof that I completed it.
But no interview, like the rumours say.
Instead, if you beat it, you are given the option to solve another challenge within 30min (you can solve it alone or with the group) and if you can solve that challenge, then you're guaranteed an interview with the CSE. Allegedly only one person has been confirmed to get an interview through this method, so it's a pretty tough puzzle.
And since I didn't sign an NDA (the waiver for the escape room is just confirming that they're not responsible for injury if you decide to be an idiot) so I think it's safe for me to post the puzzle here. As follows:
Quote:
USE THE BADGE OF HONOUR UNTIL GNOME KEYS FIRST READING
Your task is to find a ten letter Latin word hidden in this message.
Use it as a password to your host after the experience.
Now, of course we failed, and the host did not tell us what the answer was, but he was kind enough to at least let us know if we were on the right track.
So what I do know for sure is that there is a substitution cipher, and I believe it is fully rotationally dynamic.
Let me explain a few things and get to some things I've tried.
The Badge of Honour refers to the CSE logo, and particularly the crest, not the text beside it.
First Reading likely refers to the fact that only one iteration of the algorithm would be necessary to find the message, just to let people know not to waste their time doing all kinds of iterations.
Gnome Keys is what stumps me the most. When originally doing the puzzle, our group made the assumption that Gnome Keys was just an arbitrary phrase that meant nothing, but the more I think about it, the more I believe that it was another hint.
Only one person has officially solved this puzzle. They got their interview, but cannot confirm whether they got hired or not (top secret and whatnot.) You're only given 30min to solve this puzzle.
I've spent almost 20hrs probably, since the time I got back from the room, sleep, hung out with GF, went back home after she left to go back to her town, then worked on it until 2AM again, and this morning I took another crack at it.
I've been brute-forcing like crazy, doing every kind of Vigenere substitution, or arithmetic, using word lengths, playing with offsets, and my notebook is actually getting kinda full of this shit. Like I said, I've been at it for hours, and likely almost a day, and I haven't gotten far. If the puzzle was solved by one person in 30 minutes, that means that if they did what I did, they must have simply just gotten insanely lucky. And I doubt the Canadian CIA wants to base their applicants off the luck of the draw.
So, I think that Gnome Keys very likely refers to a specific type of cipher to use, not just a simple ROT1-25, or Vigenere, or Caesar shift, or anything like that.
I've tried endlessly googling for 'gnome cipher' or 'gk cipher' or 'gnome cryptography' and haven't found any specific ciphers to use, but came up across one result about the faithful and forgetful gnome model, but that's more related to hashing rather than a cipher, so I doubt that's relevant.
Now, onto the actual cryptography part:
The Clue/Message:
Code:
USE THE BADGE OF HONOUR UNTIL GNOME KEYS FIRST READING
Word Lengths: 3 3 5 2 6 5 5 4 5 7
Summed up: 45 (Also 1+2+3+4+5+6+7+8+9)
We shall denote the set of word lengths as L (L[1] = 3, L[10]=7)
First letters: UTBOHUGKFR
Total: 10 letters
Likely the hidden message encrypted (looking for a ten-letter latin word)
We shall denote the set of first-letters as the set M (M[1] = U, M[10] = R)
The Crest/Badge:
Code:
NUNTIUM COMPARAT ET CUSTODIT
No spaces: NUNTIUMCOMPARATETCUSTODIT
Meaning: To Compare & Preserve the Message
Number of Letters: 25
We shall denote this set (no spaces) as K (K[1] = N, K[25] = T)
Other notes:
Code:
The instructions segment is irrelevant to the puzzle, according to the host. No need to waste time there.
Although Comparat is the top of the crest and where you would think to start, this is the assumption we made at the official puzzle, and turns out it was wrong, confirmed by host.
Because of the last note, I highly doubt that NUNTIUM...CUSTODIT must be reversed or used in reverse.
To make life easier, I've also made a couple lookup tables.
1 is the most likely, but I made an interesting result with 2.
They are both organized as the following:
Alphabet : Number : K[Number] : Alphabet[(Number(Alphabet) + Number(K[Number])) mod 26]
To explain that last column, take the first letter for instance in the message: M[1] = U
U is the 21st letter of the alphabet. Find the letter at the 21st position in set K, K[21] = T.
T is the 20th letter of the alphabet. Add 21 + 20 = 41.
41 mod 26 (41 % 26) = 15
The 15th letter in the alphabet is O
So the last column in position 21 is O
Lookup Table (1):
Code:
A 01 N O
B 02 U W
C 03 N Q
D 04 T X
E 05 I N
F 06 U A
G 07 M T
H 08 C K
I 09 O X
J 10 M W
K 11 P A
L 12 A M
M 13 R E
N 14 A O
O 15 T I
P 16 E U
Q 17 T K
R 18 C U
S 19 U N
T 20 S M
U 21 T O
V 22 O K
W 23 D A
X 24 I G
Y 25 T S
Z 26 - -
So let's try a few.
K[M[1-10]]:
Code:
U T B O H U G K F R
T S U T C T M P U C
Lookup[1] to Lookup[4]:
Code:
U T B O H U G K F R
O M W I K O T A A U
Once I saw OMWI, I though maybe I would have found something, or maybe I made an error and it was actually OMNI (prefix for 'all') but no luck.
After trying all sorts of permutations similar to this one, and playing with the mod26 to mod25 or changing offsets, I tried two things.
First, the host mentioned something else about how it might be dynamically rotational. Instead of looking up each offset in the table starting from 0, I should perhaps start from the last offset. Observe.
Code:
First letter in set M is U. Offset 21.
Offset 21 in set K is T, letter 20.
21+20=41 mod 26 = 15, O
(Lookup column 4, O)
Second letter is T, Offset 20.
Start from last offset, 21, and add 20 (mod 25 [25 is length of set K]) = 41 % 25, 16
At offset 16, column 4 = U
[...]
Result:
O U U T I W K W K -
I tried a few variants on this idea, and still nothing worth noting. So, I modified my assumptions a little bit:
Code:
The set K has a length of 25 while the alphabet is length 26.
I operate under the assumption that A = 1, Z = 26 meaning that Z does not have a corresponding value. There is no Z in set M, so this assumption should be fine.
There is also no A in set M, therefore I can also align set K with the alphabet using the conversion of A=0 to Z = 25 (offset 1 down) without collision
Thus, I generate the following:
Lookup Table (2):
Code:
A 00 - -
B 01 N P
C 02 U X
D 03 N R
E 04 T Y
F 05 I O
G 06 U B
H 07 M U
I 08 C L
J 09 O Y
K 10 M X
L 11 P B
M 12 A N
N 13 R F
O 14 A P
P 15 T J
Q 16 E V
R 17 T L
S 18 C V
T 19 U O
U 20 S N
V 21 T P
W 22 O L
X 23 D B
Y 24 I H
Z 25 T T
Now, you can see that our first letter in set M is U, this isn't 21 anymore, it's 20. So everything gets offset by one, and as a result column 4 also changes by bumping everything up by an offset of 1 (O in lookup1 column 4 becomes P in lookup2 column 4, X becomes Y, A becomes B, K becomes L, etc.)
And using this table, I then perform the following:
K[M[1-10]]:
Code:
U T B O H U G K F R
S U N A M S U M I T
Well, it at least looks like a word, but not Latin. Maybe Hindi or something? Maybe I'm just being reminded of TunakTunak.
But flip it around, and what do you get?
Timusmanus
Or as two words, Timus Manus, which is in fact Latin
Meaning: Concentrated Hands
Unfortunately, although this worked and gave me some Latin, it gave me two words in those ten letters instead of one word, and Google Translate returns nothing for 'timusmanus' as one word, so I guess it's another defeat.
So yeah. It's still bothering me because I've solved tons of crypto challenges online before, and done all the RE and stuff, but this one problem with a basic cipher that you can solve with pen and paper is really screwing with me and making me feel stupid, so I'm pretty pissed off and I'm gonna keep swinging at it until it breaks.
Give me suggestions on where I should look, or maybe what other kinds of algos I should try.
I've done pretty much every possible algo that has to do with the lookup tables/mod26/mod25 in one iteration, and I've established that First Reading means one iteration, so I'm not going to go overboard.
If it's one iteration, that likely also means it's a symmetric cryptographic system so I shouldn't need to use multiple rounds.
Anything that would take longer than 30min to do by hand should not be considered, since that's the time limit they gave us in-person and we were not allowed to use computers, only a single sheet of paper and a pen.