The Mossad Challenge 2018 – Part 1

For the Israeli independence day, the Mossad published a new challenge.
When I have some free time I try to crack it and enjoy learning new stuff in the process 🙂
Let’s start?

If we’ll go the the Mossad webpage, we’ll see the following picture:

As you can see, there are some characters highlighted from both sides of the picture.
Looks like a code snippet written in Brainfuck.
Extracting the left column and running it in an online Brainfuck interpreter gave the following output: “xor-with-key”

Screenshot of the execution:

Looks like a hint for something we need to do right?
Let’s take the second column and run it in the interpreter:

This time there is no output, so let’s go and check the memory dump:

Look like we got something with a length of 12 bytes. Probably we need to xor it with something but the question is with what?
If we look closely at the original image, you’ll see that the logo in the middle have a repeating text saying: “Israel-is-70” which luckily has 12 characters. worth a try right ?

1
2
3
4
5
6
7
8
9
a = [ 0x7a, 0x46, 0x5c, 0x53, 0x55, 0x59, 0x03, 0x5a, 0x41, 0x03, 0x06, 0x01 ]
b = list("Israel-is-70")
c = []

for i in xrange(0, len(a)):
    c.append(a[i] ^ ord(b[i]))

print c
print "".join(chr(i) for i in c)

Running this program produced the following output:

1
2
[51, 53, 46, 50, 48, 53, 46, 51, 50, 46, 49, 49]
35.205.32.11

Looks like an ip address.
Pinging the address returns a response but my attempt browsing to this address was timed-up.
Probably there is a geo-restriction to allow entering the website only from Israel (On the Mossad website you can find this image ONLY in the Hebrew version of the website) so in order to verify it let’s try to load the website from a different geo-location using https://www.locabrowser.com/
The result is this:

Looks like we solved the first challenge and got the IP address where all the fun begins.
Unfortunately, I cannot access the website normally from here so I’ll try to find a free VPN service in order to fake my IP and location and proceed with the next stage of the challenge.

– Alexander