This is the sixth and final part of the story of the smart card track at NSEC 2013. You can see the first five parts: part 1, part 2, part 3, part 4 and part 5.
At the end of part 5, I had all the components necessary to build the keys, so I followed the xoring instructions and built both keys relatively quickly (I made one or two mistakes at first, but then I got them right). Both were good for 1 point flags so I confirmed they were good.
Then, the procedure said to choose a new pin (0x3030303030303030 was suggested). I noticed it was a multiple of cipher block length, so I used it just to make sure I didn’t introduce potential failures in the mix. We needed to encrypt and mac it in the standard way. I wasn’t sure if the standard way was to MAC the plaintext pin or the encrypted pin so I tried both. It turns out that when I MACed the encrypted pin and submitted the resulting encrypted key concatenated with the MAC to the write secured function, it worked. I received no error. I had successfully changed the pin on the smart card.
Now, I took my smart card, walked to the front desk (at the organizer’s table) and inserted it in the reader for the terminal. It asked for my pin and I punched 00000000. It played a loud Yabadabadou (from the flintstones) in the entire room and displayed a flag on the terminal screen. I got a pen and noted it down. It started with: OEHPR_FPUARVRE…
It was pretty long, so I was careful taking it down. I raced back to my laptop and submitted the flag. It failed… I thought I had made an error, but there was another flag mentioned in the track instructions. It was the new challenge after you had successfully authenticated. Before I went and authenticated a second time, I wanted to make sure I grabbed THAT flag (in case the second authentication messed up that value). So I issued a getChallenge and got a different result than before. Great, I submitted that and… it failed.
I was at the absolute end of the track and the last two flags wouldn’t submit properly. At that point I had taken down the value for GetChallenge (I also took down the value of all records, just in case). I went back to the front desk terminal, entered the right pin again, played the yabadabadoo again (people must have been thinking that I was teasing them, but no, I was just going back to make sure I noted the flag correctly). I checked and my flag was right. While I was there I talked to one of the organizers of the smart card track about the last flag (which I got from the GetChallenge) and told him it failed, so he started checking things out.
I went back to my laptop and looking at the flag, it looked wrong, it wasn’t hex and there were underscores clearly separating words. I told Daniel, we need to decode a substitution cipher to submit the flag. Daniel used his substitution cipher tool on the flag and it became clear that it was ROT13. It said BRUCE_SCHENEIER_… I submitted that and it worked. While we were doing that, the organizer came back and told me he had fixed the last flag so we could submit it again. Which we did and then we had finally completed the smart card track. By that point, there was only 30 minutes left in the competition, so it was late to start anything big. Still I looked around, but I was very tired and had a headache so I didn’t get much done.
That’s it, all the info I could find on the smart card track. Actually, there were two more flags in this track that I didn’t do.
The front of the smart card was printed like a punch card, so I told my teammates to start decoding it while I was doing the crypto operations on the card. They had a very hard time finding the right decoding table, but eventually they did and after lots of trials got the flag right. It was a 20 byte hex string (40 characters). The track instructions mentioned that there were 2 visual flags on the card, so the guys had the idea to look up that value in google. Indeed it was a known SHA1, so we submitted that and got all the points.