The German secret service (Bundesnachrichtendienst, BND) is looking for cryptography experts. To be precise, they are looking for new employees in the department "Software Reverse Engineering". As part of the job application, the applicants have to solve a three-step cryptography challenge with increasing difficulty per step.
The applicants have to download a zip file with one folder for each level and an answer sheet to verify that you made it. The job application page with the downloadable zip can be found here.
Level 1
In the first level, a malicious software called evil.exe has encrypted a holiday photo (Urlaubsphoto.png.crypt) and asks the user a ransom. Applicants must analyze the malware and find a way to decrypt the photo. In answer sheet only two questions must be answered correctly:
- What returns the server when the password has been accepted?
- What location was the holiday?
Level 2
In this scenario, the user was also being attacked by ransomware that encrypted a photo. However, this time there is only the encryption component. The applicant must find a way to make the photo visible again. And then answer the question:
- Which building has the vacationer photographed?
Level 3
In Level 3 the applicant receives a DLL file for analysis which is a dangerous malware. In this level, the applicant has to find out what the malicious software does and which user information the attacker is interested in. This mystery must be found , among other things , making the malicious software accurately and to which user information the attacker is exactly interested . The questions are:
- With which password is the output file encrypted?
- With which algorithm is the output file encrypted?
- Advanced: What is obscured with the hash function?
Since I've seen so many smart people here on Steemit, I thought that this would be the perfect place to work together and find out how hard the conditions really are for the German Secret Service. I don't plan on applying myself but maybe someone of you is interested. Maybe we even get recognition from outside for our great community if we manage to finish it
I just stumbled upon your article, interesting!
runterladen und anschauen kann man sich das ja mal :)