Back in November Geek Native was involved in surfacing a mysterious site and asked is big money behind Can You Crack It?.
The answer is both yes and no. The mainstream press has now revealed who was actually behind the game; it’s the British spy headquarters GCHQ. The Guardian reveals that Can You Crack It is designed to fast track the recruitment of cyber-spies.
If you want a go yourself then pop over to Can You Crack It. There’s no letter higher than F in the sequence and that should speak volumes to people who know even just a little HTML however you’ll need full-on coding skills to get as far as the solutions that have been shared with the public.
Here’s the image as text:
eb 04 af c2 bf a3 81 ec 00 01 00 00 31 c9 88 0c 0c fe c1 75 f9 31 c0 ba ef be ad de 02 04 0c 00 d0 c1 ca 08 8a 1c 0c 8a 3c 04 88 1c 04 88 3c 0c fe c1 75 e8 e9 5c 00 00 00 89 e3 81 c3 04 00 00 00 5c 58 3d 41 41 41 41 75 43 58 3d 42 42 42 42 75 3b 5a 89 d1 89 e6 89 df 29 cf f3 a4 89 de 89 d1 89 df 29 cf 31 c0 31 db 31 d2 fe c0 02 1c 06 8a 14 06 8a 34 1e 88 34 06 88 14 1e 00 f2 30 f6 8a 1c 16 8a 17 30 da 88 17 47 49 75 de 31 db 89 d8 fe c0 cd 80 90 90 e8 9d ff ff ff 41 41 41 41
What happens when you convert it to ASCII decimal?
235 4 175 194 191 163 129 236 0 1 0 0 49 201 136 12 12 254 193 117 249 49 192 186 239 190 173 222 2 4 12 0 208 193 202 8 138 28 12 138 60 4 136 28 4 136 60 12 254 193 117 232 233 92 0 0 0 137 227 129 195 4 0 0 0 92 88 61 65 65 65 65 117 67 88 61 66 66 66 66 117 59 90 137 209 137 230 137 223 41 207 243 164 137 222 137 209 137 223 41 207 49 192 49 219 49 210 254 192 2 28 6 138 20 6 138 52 30 136 52 6 136 20 30 0 242 48 246 138 28 22 138 23 48 218 136 23 71 73 117 222 49 219 137 216 254 192 205 128 144 144 232 157 255 255 255 65 65 65 65
Update
There’s a larger solution on Pastebin. However, Can You Crack It looks to be a puzzle in many pieces.
Update 2
The URL www.canyoucrackit.co.uk/soyoudidit.asp does something interesting. It’s being spread as the solution. Or it could be a honeytrap – you know if you’re paranoid.
Update 3
This has been a lovely puzzle – with plenty of ‘false solutions’ and dead ends. However, it has been solved. One of the best walkthroughs is by 17-year-old Davee at Lolhax.
Find out what fellow roleplayers are talking about with one quick scan of the chat portal.
This article title is misleading and simply an SEO ploy! I feel ashmed that I have given your website a hit and I have blocked it from all future searches.
“Can you crack it Solved” is the title.
Is the solution in here? NO!All you have is a weak link saying you solved who posted it. Not good enough! Scam artists!
Lots of solution chat on the blog post now, though.
What a terrible clue!
Get the comment from the png file.
I used python.
Compile with a 32 bit compiler and you’ll get then run.
[*] allocating page aligned memory
[*] setting page permissions
[*] copying payload
[*] adding dump_mem payload
[*] executing payload..GET /15b436de1f9107f3778aad525e5d0b20.js HTTP/1.1Download http://crackthecode.co.uk/15b436de1f9107f3778aad525e5d0b20.jsEdit the js file to build a vm and voila
OK here you are the Solution :) http://www.canyoucrackit.co.uk/ is the root domain so play with it http://www.canyoucrackit.co.uk/soyoudidit.asp Ha ha.
i have solved this. the answer is – A564TYHG91333FUF
IO HO TROVATO LA SOLUZIONE MA NON ME LA PRENDE
itz not working……..
putz… que idiotice isso…
resolvido essa merda!
http://www.canyoucrackit.co.uk/soyoudidit.asp
why bother for a 25k job?
Great pension and the ability to strike if they try and take it away from you?
£25,000 a year isn’t bad. The average is £40,000 for a family with two people working…
Also, if you read what you get, they offer great holidays (starting at 22, raising to 30), plus 10 days public holidays, flexible work days…
The answer is “puck you, you pucking pucker”
All you have to do is to go to the GCHQ website and look under careers and find the job they are looking for>https://apply.gchq-careers.co.uk/fe/tpl_gchq01ssl.asp?s=raCzFKhUsJVaXxJsp&jobid=35874,8699230272&key=22023511&c=148734657778&pagestamp=sejazoxnwxcvblrlym
that is what they are waiting for” lets see how many idiots sit there all week when you can just post resume on website” “stupid americans” lol
You havent even got close: http://www.canyoucrackit.co.uk/null.htw?CiWebHitsFile=/index.asp%20&CiRestriction=none&CiHiliteType=Full
Once you begin to explore that code theres a whole ton of stuff in there
Answer= Pr0t3ct!on#cyber_security@12*12.2011+
Pr0t3ct!on#cyber_security@12*12.2011+
omg how did u figure the code out
I think I find out the algorithm… but I have no time at all to code it… if somebody wants to… prove it:
“CHALLENGE” continues means http://en.wikipedia.org/wiki/Challenge-response_authentication
the countdown starting time is the key real ticket time.
the real code is behind the png… so in the black area -thats why png not jpg- (codebreaker.jpg and code-bg.jpg from code-bg.jpg the size of the png should be cropped from the middle)
hex text are two blocks…one is stands for challenge and other is for response.
It should be this or something similar….
the answer is: Pr0t3ct!on#cyber_security@12*12.2011+
If you just type the hex code in, you get a DOS program. Run that and it prints a URL to a lump of JavaScript. Copying the output of the java program is a C program. You use the original matrix of values as inputs to the C program, and that runs a program, and tells you it’s done it, then the program hangs. If you look at the stack trace for the program (it appears to the computer that it’s crashed, and therefore you can look at what it left) and amongst that is says something positive and then… Read more »
Nice you you post a step-by step?
nice, but it is just a honeypot I think… (the challenge continue…. which means it haven’t solved yet)…. it could have more solutions (why is two black area in background which are black.. but not all pixel black enough…. it could be 1px as well for the same design…. too large jpgs…)
the png file in the website also contains a code for another way you can crack it.
http://www.google.hu/search?gcx=c&sourceid=chrome&ie=UTF-8&q=eb+04+af+c2+bf+a3+81+ec :)
Pr0t3ct!on# partial solution
http://lolhax.org
Solution and work through by 18 year old.
i did it and i am 17
That’s a great solution. I’ve added a third update to the original post to link to that.
Solved. Look it up on Google via site command, see http://www.taketheseideas.com/can-you-crack-it-yes-you-can
Okay, I found the answer.
It’s this. – Pr0t3ct!on#cyber_security@12*12.2011+
THANK YOU, YOU STUPID IDIOT IT NOT TO BE TOLD BUT NO YOU GAVE IT AWAY I HOPE U GET KILLED.
how come on the 1st of December when you posted this, it was stated that what is left is only 6 hours? i’ve just checked this thing today and it says that i have 7 days, 11 hours, 52 minutes, and 40 seconds???
Crack For China
http://www.canyoucrackit.co.uk/soyouthinkyoudidit.asp
I gave this a go but failed. I think my progress as a spy will be limited to mixing my martinis shaken, not stirred. http://dasteepsspeaks.blogspot.com/2011/12/can-you-crack-it.html
Here is the answer: get a life!!
David Kelly – puts you off ever applying for a job at GCHQ
come on people… the answer to the puzzle is Pr0t3ct!on#cyber_security@12*12.2011+
GREEEEEAT job!
SOOOOOO hard to find…
Get it: Pr0t3ct!on#cyber_security@12*12.2011+
It was a good puzzle, but I earn nearly 10X £25,000 as an MD…
i applied and look where i went
I done it too and I’m 12.
I lie, I’m 19 and done a Copy and Paste Job, I’ll take the job anyway thanks.
Slightly different method for part 1 to some of the posts
seen: http://www.youtube.com/watch?v=e1uIpBI9u6g
Answer is Pr0t3ct!on#cyber_security@12*12.2011+
WTF, can they maybe try something a little harder :)
mohjwjonedddp can you get a phone number out of this for me