This is an 'easy mode' guide to the NFPC at Defcon 20. Let's begin: starting at packet 253, there is a TCP/LPD session from 10.0.1.4 to 10.0.1.3. A quick scan of the reconstructed session reveals little:
Take a look at Eindbazen's write-up on Network 100.
I wanted to do the same write-up, highlighting an alternate path. (This will be the last CODEGATE 2012 write-up of mine, since both Leetmore and Eindbazen have all the other challenges we solved well documented.)
You start with a file: A0EBE9F0416498632193F769867744A3
And a note:
Someone have leaked very important documents. We couldn't find any proof without one PCAP file. But this file was damaged.
¡Ø The password of disclosure document is very weakness and based on Time, can be found easily.
Cryptographic algorithm is below. Msg = "ThisIsNotARealEncryption!SeemToEncoding"
Key = 0x20120224 (if date format is 2012/02/24 00:01:01)
Cryto = C(M) = Msg * Key = 0xa92fd3a82cb4eb2ad323d795322c34f2d809f78