UK Cyber Security Challenge

The UK Government recently launched a Cyber Security Challenge to help get interested and talented people into the industry. Their first challenge was quite easy and the results have now been released. The first step was a string of characters which was clearly base64 encoded. Decoding that gave a binary output and the header indicated it was a jpg. The jpg was an XKCD cartoon strip. Apparently many people thought this was the solution and submitted their answer. However, the border of the image contained a binary message which lead to another URL. At this URL was a string of hex characters and decoding this was the final challenge.

Unfortunately I heard about this several days after it went live and it was already solved (although the answers hadn't been published yet.) I managed to decode the final message with only one line of Ruby which I thought was quite neat and wanted to share:

print'cipher.txt').scan(/../).map { |pair| pair.reverse.hex.div(2).chr }.join

I had noticed the distribution of hex characters was far from random (indicating it wasn't encrypted with an algorithm like AES or DES.) I started to solve it as a basic substitution cipher and after a couple of obvious characters and referring to an ASCII chart I noticed the pattern and came up with the code above.

It opens a file containing the cipher text, reading 2 characters at a time it flips the 2 characters, treating the 2 characters as a single hex byte it divides by 2 and then prints out the ASCII representation of each byte, revealing the secret message. All in one line of easy-to-understand code! On reflection it should have been just a circular bitshift of the data by 3 bits but I didn't find an easy way to do that in one line of Ruby anyway.