Continuing with our wildly-popular “Hac-Man” theme that we introduced last year at DEF CON 30, I)ruid again collaborated with lots of hackers to produce Hac-Man for a second year! Using a vastly upgraded version of our Scramble gaming platform over the previous year, we were able to accomplish a lot more with the game and introduce some new and exciting challenges, some with external API integrations to other technology systems.
To get players started, we again printed and distributed 3000 Hac-Man information cards around the conference and of course posted its image on social media. This was down from 5000 the prior year as this year we were officially registered as a DEF CON Contest and had a location in the Contests area! The information cards for this year looked like this:
If you’re unfamiliar with Hac-Man, we suggest you read last year’s game write-up, as it explains how the game looks, plays, and other mechanics, which we will not duplicate here.
Winners were agian determined by our points leaderboard, and we gave away similar prizes this year to last year. Prizes this year included game consoles, Steam gift cards, and a Flipper Zero:
The game had 104 individual challenges and puzzles this year. As this post is intended to be more of an overview, we don’t want to cover every single challenge here so we’ll just hit some of the highlights.
Tutorial Track
A bit different from last year, we found that last year unfortunately some people were getting stuck on challenges in the “Qualifier Track”, most notably the PGP challenges, and not actually getting into the Lobby Maze where they could get to the rest of the game’s challenges. This year we made this a little easier by removing the Qualifier Track and replacing it with a Tutorial Track. The Tutorial was simply a sequence of challenges that introduced players to how the game works and its mechanics, without anything very difficult to get anyone stuck before reaching the Lobby Maze.
Upon exiting the Tutorial, Players were instructed to come by the Hac-Man table in the Contests area to receive a prize, the Pinky Ghost puzzle piece:
Lobby Maze
After completing the Tutorial Track, Players progressed to our “Lobby Maze”, a maze where there were a number of tunnels leading off the left and right sides of the maze to subject-matter specific Mazes.
In this maze there was also fruit that would spawn near the center, which Players could collect and spend to unlock hint and location information about individual challenges that they might be stuck and need help on. The fruit were also worth some points, and would respawn every 30 minutes after being eaten, so a Player could potentially rack up some extra bonus points from diligently eating fruit shortly after it respawned each time.
Finally, at the top of this maze was a locked door, leading to the Final Track of challenges, which would remain locked until the Player had completed at least one of the other subject-matter specific tracks.
Ciphers Challenges
We always try to include some ciphers and codes in our game each year, and this year was no different. The Ciphers challenges were a Track of 8 challenges getting progressively more difficult ranging from trivial to extremely hard in difficulty.
Starting off with a fairly trivial Caesar Cipher, this track quickly progressed in difficulty, including an Ottendorf Cipher, a font translation, a cipher from dcode.fr, a homophonic cipher using emojis from Zonk, a new chess cipher from I)ruid, an improved version of I)ruid’s Astrology cipher, and an incredibly hard XXX cipher from Zonk.
Well Read
| Hint: | Ottendorf |
| Location: | No Starch Press |
| Challenge: | Prove thy concept, or leave! [707:10:6] [294:11:5] [726:17:7] [99:17:3] [21:9:11] [423:23:5] |
This year we wanted to include an Ottendorf cipher, so we worked with No Starch Press to select a very popular book that they would have available for sale in the Vendor area but would also likely to have a few copies floating around the conference as well.
Using PoC||GTFO Vol. 1, we constructed a cipher that resulted in a nostalgic phrase from The Mentor’s infamous Phrack article “The Conscience of a Hacker”, also known as the “Hacker Manifesto“.
Spooky Ghosts
| Hint: | Phantasms |
| Location: | FontSpace |
| Challenge: |  |
This cipher was a simple image font translation. Go find the font, install it, play with the letters or type the alphabet until you find the letters the ghosts represent and then decode. Simple.
Elementary
| Hint: | Periodically |
| Location: | Atomic Realm |
| Challenge: | Q 92 A 7 T 92 MA 28 A |
This cipher could easily be solved by everyone’s favorite codes and ciphers resource, dcode.fr. Entering the ciphertext in dcode’s Cipher Identifier reveals a very high probability that this is a Periodic Table Cipher using atomic number substitution.
Fruits Basket
| Hint: | Homophonic |
| Location: | English Alphabet |
| Challenge: | 🍐🍎🌾-🥬🥑🥚 🥝🍡 🥑 🌿🍓🌾🍄🥝🍍🥚🍏🍉 🌾🥭🍏🍑🍏🌾🍄🍋🍑 🥑🥚🍈 🍄🥭🍌 🍐🍑🍍🍄🍏🍇🍍 🥚🍒🍡🍄 🍍🌿 🍄🥭🍊 🍰🍓🍈🍊🍍 🍇🍎🥬🍌 🌿🍑🍎🥚🌾🥭🍓🍡🍊 🍆🌿 🍄🥭🍋 🍡🥑🥬🍌 🥚🥑🥬🍊. 🥭🍊 🌿🥝🍑🍡🍄 🍏🍐🍐🍋🍎🍑🍌🍈 🥝🥚 🍄🥭🍌 🍎🍑🌾🍎🍈🍋 🍇🍎🥬🍊 🍐🍏🌾-🥬🥑🥚, 🍏🥚🍈 🥭🥑🍡 🍡🍒🥚🌾🍊 🥑🍐🍐🍌🥑🍑🍌🍈 🍓🥚 🍉🍒🌾🍋🥚🍡🍌🍈 🍡🍊🥧🍠🍌🍉🍡 🥑🥚🍈 🍡🍐🍓🥚-🍆🌿🌿🍡 🌿🍍🍑 🥬🍦🍉🍄🥝🍐🍉🍊 🍐🍉🥑🍄🌿🍆🍑🥬🍡, 🥑🥚🍈 🍡🍐🥑🧁🥚🍓🥚🍇 🥬🥑🍡🍡 🍏🥬🍆🍦🥚🍄🍡 🍍🌿 🥬🍌🍑🌾🥭🍏🥚🍈🥝🍡🍋 🍓🥚 🥭🍒🍡 🍒🥬🍏🍇🍋, 🍒🥚🌾🍉🍠🍈🍒🥚🍇 🍄🧁🍍 🍄🍌🍉🍊🍰🍓🍡🍓🍍🥚 🍡🍋🍑🍓🍋🍡. 🍐🍎🌾-🥬🍎🥚’🍡 🥬🍆🍡🍄 🌾🍍🥬🥬🍆🥚 🥑🥚🍄🍏🍇🍆🥚🍒🍡🍄🍡 🥑🍑🍋 🍄🥭🍊 🍇🥭🍆🍡🍄 🍇🍏🥚🍇: 🌽🍉🥝🥚🌰🥮, 🍐🍓🥚🌰🥮, 🥝🥚🌰🥮 🍎🥚🍈 🌾🍉🥮🍈🍌 🍄🥭🍎🍄 🥑🍑🍊 🍈🍋🍄🍊🍑🥬🍒🥚🍌🍈 🍄🍆 🍈🍌🌿🍋🍏🍄 🥭🍓🥬 🍄🍆 🍎🌾🌾🍆🥬🍐🍉🍒🍡🥭 🍄🥭🍋🥝🍑 🍇🍍🍎🍉🍡, 🧁🥭🍒🌾🥭 🌾🥭🍏🥚🍇🍋 🍄🥭🍑🍍🍦🍇🥭🍆🍦🍄 🍄🥭🍌 🍡🍊🍑🍓🍋🍡. 🍐🍏🌾-🥬🍏🥚 🥑🍉🍡🍍 🥭🥑🍡 🥑 🍰🍍🍑🥑🌾🥝🍆🍠🍡 🍏🍐🍐🍋🍄🥝🍄🍌, 🌽🍋🥝🥚🍇 🍏🌽🍉🍊 🍄🍍 🌾🍍🥚🍡🍦🥬🍋 🍰🍏🍡🍄 🍎🥬🍆🍠🥚🍄🍡 🍆🌿 🌿🍍🍍🍈 🥝🥚 🍏 🍡🥭🍍🍑🍄 🍄🥝🥬🍋🍡🍐🥑🥚, 🥑🥚🍈 🌾🍏🥚 🍊🥑🍄 🥭🥝🍡 🍌🥚🍌🥬🥝🍊🍡 🌽🥮 🌾🍍🥚🍡🍠🥬🥝🥚🍇 🍉🍏🍑🍇🍋 🍐🍍🧁🍊🍑 🍐🍋🍉🍉🍊🍄🍡. 🍄🥭🍌 🍏🥚🍡🧁🍌🍑 🍄🍆 🍄🥭🥝🍡 🌾🥭🍎🍉🍉🍌🥚🍇🍋 🥝🍡 “🥭🍍🥬🍆🍐🥭🍍🥚🍒🌾 🍊🥬🍍🥥🥝 🥬🍏🍈🥚🍌🍡🍡”. 🍄🥭🍌 🍓🍈🍋🥑 🍆🌿 🍐🥑🌾-🥬🥑🥚 🧁🍎🍡 🍄🥑🌰🍊🥚 🌿🍑🍍🥬 🌽🍍🍄🥭 🍄🥭🍊 🍒🥬🍎🍇🍌 🍍🌿 🍏 🍐🍒🍕🍕🥑 🧁🍓🍄🥭 🍏 🍡🍉🍒🌾🍌 🍑🍊🥬🍆🍰🍊🍈 🍏🥚🍈 🌿🍑🍆🥬 🍑🍆🍦🥚🍈🍓🥚🍇 🍆🍦🍄 🍄🥭🍌 🥥🥑🍐🍎🥚🍌🍡🍌 🍡🥮🥬🌽🍆🍉 “🌰🍠🌾🥭🍓”,🥬🍊🍏🥚🍓🥚🍇 “🥬🍍🍦🍄🥭”. 🍄🥭🍊 🌾🥭🥑🍑🍎🌾🍄🍋🍑 🧁🥑🍡 🥬🍏🍈🍌 🍄🍆 🌽🍊 🌾🍠🍄🍌 🍎🥚🍈 🌾🍆🍉🍍🍑🌿🍦🍉 🍄🍍 🍏🍐🍐🍋🍎🍉 🍄🍆 � 🥮🍍🍦🥚🍇🍌🍑 🍐🍉🥑🥮🍊🍑🍡, 🍐🍎🍑🍄🍓🌾🍦🍉🍎🍑🍉🥮 🧁🍍🥬🍌🥚. 🍒🥚 🥥🥑🍐🥑🥚, 🥭🍊 🧁🥑🍡 🍍🍑🍒🍇🍒🥚🍏🍉🍉🥮 🍄🍒🍄🍉🍋🍈 “🍐🍠🌾🌰🥬🍏🥚” 🌿🍆🍑 🥭🍓🍡 🥭🍆🌾🌰🍊🥮 🍐🍠🌾🌰-🍉🍒🌰🍋 🍡🥭🍎🍐🍊, 🧁🥭🍓🌾🥭 🧁🍏🍡 🌾🥭🥑🥚🍇🍋🍈 🍒🥚 🥝🥚🍄🍊🍑🥚🍎🍄🍓🍍🥚🥑🍉 🍑🍋🍉🍌🍏🍡🍊🍡 🍄🍍 🍐🍑🍌🍰🍌🥚🍄 🍈🍋🌿🍎🌾🍋🥬🍌🥚🍄 🍍🌿 🍄🥭🍌 🥑🍑🌾🥑🍈🍊 🌾🍏🌽🍓🥚🍋🍄🍡 🌽🥮 🌾🥭🍎🥚🍇🍓🥚🍇 🍄🥭🍋 🍐 🍓🥚🍄🍆 🥑🥚 🌿. |
This cipher from Zonk was a homophonic cipher with hopefully enough ciphertext available for analysis to begin picking out the various emoji/letter combinations to decipher it.
Rank & File
| Hint: | Algebraic |
| Location: | Checkered Plane |
| Challenge: | Ke7 Kd5 Qb7 Ke7 Kg7 Pb4 Rh2 Kg8 Qb7 Kd2 |
A brand new cipher from I)ruid, this chess cipher is *NOT* any of the chess notation ciphers found on dcode.fr… If you were paying attention last year, you might have noticed that I)ruid frequently publishes cipher tools in his ciphers repository on Github.
Astrology Cipher
| Hint: | Kappa Geminorum |
| Location: | Among the Stars |
| Challenge: | ♉︎♐︎♎︎♐︎♍︎♓︎♓︎♒︎♓︎♊︎♐︎♎︎♍︎♎︎♍︎♌︎♓︎♐︎♌︎♍︎♏︎♓︎♑︎♒︎♓︎♊︎♌︎♑︎♌︎♊︎♏︎♓︎♓︎♎︎♌︎♉︎♎︎♓︎♏︎♒︎♓︎♈︎♎︎♈︎♓︎♈︎♏︎♓︎♍︎♎︎♒︎♋︎♈︎♓︎♋︎♌︎♉︎♈︎♊︎♓︎♋︎♊︎♑︎♌︎♓︎♌︎♎︎♊︎♉︎♓︎♐︎♎︎♋︎♑︎♈︎♍︎♋︎♉︎♍︎♏︎♉︎♎︎♊︎♋︎♒︎♐︎♒︎♌︎♓︎♎︎♌︎♉︎♉︎♌︎♐︎♋︎♓︎♓︎♈︎♋︎♉︎♏︎♏︎♓︎♍︎♌︎♌︎♌︎♑︎♌︎♏︎♓︎♏︎♎︎♎︎♏︎♐︎♉︎♓︎♑︎♉︎♈︎♒︎♍︎♉︎♐︎♍︎♈︎♍︎♉︎♈︎♍︎♓︎♏︎♍︎♑︎♓︎♐︎♈︎♌︎♒︎♋︎♑︎♊︎♏︎♎︎♊︎♋︎♉︎♒︎♑︎♎︎♉︎♊︎♌︎♉︎♑︎♑︎♏︎♌︎♑︎♊︎♒︎♌︎♍︎♉︎♐︎♓︎♋︎♍︎♎︎♋︎♉︎♋︎♉︎♋︎♓︎♒︎♒︎♉︎♍︎♉︎♉︎♊︎♋︎♐︎♈︎♍︎♈︎♐︎♎︎♑︎♉︎♌︎♈︎♑︎♉︎♌︎♋︎♍︎♑︎♑︎♎︎♏︎♑︎♓︎♉︎♍︎♓︎♊︎♈︎♏︎♌︎♐︎♈︎♈︎♉︎♎︎♐︎♉︎♑︎♊︎♐︎♑︎♓︎♑︎♊︎♋︎♉︎♋︎♍︎♋︎♏︎♐︎♈︎♒︎♓︎♐︎♉︎♓︎♋︎♈︎♈︎♋︎♊︎♋︎♋︎♍︎♓︎♒︎♐︎♍︎♉︎♎︎♏︎♈︎♓︎♑︎♒︎♉︎♏︎♏︎♓︎♑︎♑︎♒︎♐︎♊︎♍︎♑︎♒︎♊︎♋︎♌︎♌︎♓︎♓︎♊︎♋︎♌︎♋︎♈︎♊︎♓︎♉︎♋︎♓︎♌︎♋︎♒︎♐︎♌︎♓︎♍︎♒︎♌︎♋︎♈︎♒︎♉︎♐︎♐︎♎︎♎︎♓︎♐︎♊︎♉︎♐︎♊︎♐︎♏︎ |
Unfortunately, this cipher was bugged in last year’s game, so we fixed it and re-used it this year. Another of I)ruid’s, you can find the cipher tool in his repository on Github.
DEF CON D
| Hint: | normally we look down on cheating but if you know the code we will allow it |
| Location: | inside your DNA |
| Challenge: | ZMY N SQZI QQREBL SSJXB VSNHGTKDO TH CYTBXO, NJXAO TH WYLUHH, Y ED YBW WQG-HDB BBG L NNUA BHEY ABW LDAE. ABW VYLUHH PNUA ZUJV WL JBG HSA QH MBW ZRYBO CZYAYAH XL QQ LFDH. ABW NUQELZCM WV VBSY EGMNHZCM DY HBWWQGHDBFGB |
This final cipher from Zonk was incredibly difficult, involving a Condi cipher. Hopefully the name of the challenge clued Players in to what type of cipher it was.
A Condi cipher uses the position of the preceding plaintext letter in a keyed alphabet to generate the next ciphertext letter. A keyed alphabet is created from a keyword, with repeated letters being omitted, followed by the unused letters of the alphabet in alphabetical order.
Scavenger Hunt Challenges
Having an actual location for the game in the Contests area this year where Players could bring Scavenger Hunt items really helped with the Scavenger Hunt challenges. In prior years, Players have always had to hunt I)ruid down to turn in items… Continuing with his green theme from prior years, the full list of items was:
| Item | Description | Points |
| Green 50-cent Piece | A single United States 50-cent piece coin painted, stained, or otherwise colored green. | 10 |
| Green Sharpie | A green color Sharpie brand marker. | 20 |
| Lime | A whole and uncut lime fruit. | 20 |
| Green Book | A book who’s entire cover, including spine, is the color green. | 20 |
| Green Playing Cards | A green colored deck of playing cards. | 25 |
| Green Hacker T-Shirt | A green colored, size Medum, hacker themed T-shirt. | 25 |
| Green Bacon Pancake | A pancake with bacon baked inside it made from green colored batter. | 25 |
| Green Cloth Napkin | A single green colored cloth napkin. | 30 |
| Green Floppy Disk | A green colored computer floppy disk. | 35 |
| Unique Green Badge | A green badge that I)ruid doesn’t already have. | 90 |
Upon returning the Lime item, Players would be awarded with the Inky Ghost puzzle piece:
Bitcoin Challenges
This track of challenges was focused entirely on Bitcoin skills. From simple usability tasks to simple blockchain analysis challenges, through encoding/decoding and finally wallet cracking, this track got progressively more difficult very quickly.
Bitcoin Signature
| Hint: | Private Key |
| Location: | Bitcoin Wallet |
| Challenge: | Sign the following message using an address from your bitcoin wallet. Please submit the address used to sign with and the signature. |
This challenge tasked the Player with proving that they know how to sign an arbitrary message with a specific Bitcoin address. Most any Bitcoin wallet provides this functionality as it has been important to Bitcoin use since the very early days. The challenge generated a unique message specific to the Player for them to sign. Entering the Bitcoin address used and the signature would solve this challenge.
Trace the Coinbase
| Hint: | Use a Blockchain Explorer |
| Location: | Bitcoin Blockchain |
| Challenge: | The majority of the Bitcoin sitting in address 1KWSBZAZKKmpujfyxi7UMTFKRaq6xyNvAG came from a single block’s coinbase. What block number is it? |
This challenge required the Player to use a Bitcoin blockchain explorer to begin at the specified address and trace the majority of coins in that address backward through the blockchain to determine what original mined block the coins came from. Entering the block number of the mined block that produced the coins solved this challenge.
Decode
| Hint: | Base58Check |
| Location: | Bitcoin Wiki |
| Challenge: | TLmSCiR1KPsdtiNvx82qyHTk2dFbbrR3Gv |
Base58Check is the encoding used to display Bitcoin addresses as Human-readable strings of alphanumeric characters (sans a few confusing characters). This challenge tasked the Player with decoding the provided Base58Check encoded string into an ASCII text string. Players would have to identify the encoding (if they didn’t unlock the hint), then decode it into a text string. Entering the decoded text string solved this challenge.
D++ Bitcoin Script Challenge
| Hint: | https://ide.scriptwiz.app/ |
| Location: | bc1qt98rawu5xvrx0nkj9dltwx5lxte03rgtfyzttkvvmrm4usvxa6fsll5uny |
| Challenge: | Visit D++’s Bitcoin Script Challenge webpage and evaluate the Bitcoin Script found there. What does this script evaluate to? |
This challenge tasked the Player with proving their skills with Bitcoin Script, the stack-based scripting language used by Bitcoin to evaluate whether or not a transaction is spendable. D++‘s webpage provided the script in question and entering what the script evaluated to would solve this challenge. This challenge also provided a bonus prize which went unclaimed! If you solved this challenge, you would also have the information needed to spend (sweep) the Bitcoin held by the address provided.
Crack this Wallet!
| Hint: | Encrypted wallet.dat File |
| Location: | Electrum |
| Challenge: | Crack this wallet.dat file and tell us how many sats were transferred to the wallet in the first transaction. |
Another challenge with a bonus prize, if you were the first to crack this wallet you had the opportunity to sweep the funds contained within to your own Bitcoin wallet. This challenge tasked the Player with brute-force cracking a passworded Electrum wallet.dat file. Analyzing the transactions the wallet contained, entering the amount of sats (Satoshis) that were sent to the wallet in its very first transaction would solve this challenge.
Social Challenges
The collection of Social Challenges prompt Players to get out and about and actually meet other Players in various ways. From finding and scanning other Players’ game profile QR codes to finding someone with matching hair color as them, these challenges were all about socializing. Not much technical detail to these, so we won’t detail them individually here.
OSINT Challenges
OSINT, or “Open-source Intelligence”, is all about digging up information about a target using publicly available and Internet-based informations sources. This track of challenges had the Player walk through the process of tracking down and identifying a Craigslist scammer, and was contributed in its entirety by Sin from OSINT Dojo. They’ve posted a video walkthrough of this subject-matter track on their YouTube channel.
Scam Craigslist Ad
| Hint: | Find a machine that goes Way Back |
| Location: | <a href=”https://archive.org/web/” target=”_blank”>Archive.org<</a> |
| Challenge: | You’ve been asked to investigate a Craigslist scam. One of the victims sent you an email containing a screenshot of the fraudulent ad. Email:  Email Attachment:  Use the information within the email to initiate your investigation and identify what day of the week the scammer posted the Craigslist ad, in Pacific Standard time. |
Starting off this Track of challenges, the Player was givin an email with an attachment showing the fraudulent ad posted by the scammer. Entering the date that the ad was posted solved this challenge.
Scammer’s Reddit Username
| Hint: | Be warned, this scammer has Pretty Good Privacy |
| Location: | MIT PGP Server |
| Challenge: | Data points like an email address may also allow us to pivot to a target’s social media accounts. Using their email address as a jumping off point, what is the scammer’s Reddit username? |
After a few more steps, the Player had collected the scammer’s email address and was ready to pivot from collecting information from the Craigslist post to finding the scammer on other platforms. Entering the scammer’s Reddit username would solve this challenge.
Game Store Geolocation
| Hint: | This character is neither speedy nor slow-pokey |
| Location: | Tumblr OSINT |
| Challenge: | Geolocating images on a target’s social media can help investigators build up a timeline of movement or perhaps identify relevant interests. On May 29, 2023 PST the scammer posted a photo they took at a retro video game store. There are four large pixel characters on the outside of the building above this store’s sign. What is the English nickname of the first character from the left? |
After collecting some of the scammer’s other social media usernames, it was time for the Player to expand their search to the real, physical world. Using a photo from one of the scammer’s social media posts, the Player was tasked with identifying some of the physical characteristics of the physical location shown. Entering the name of one of the characters on the building’s sign would solve this challenge.
Scammer’s Previous Employer
| Hint: | Zoom Enhance! |
| Location: | Archive.org Gimp |
| Challenge: | Throughout your investigation be sure to revisit things you’ve already discovered and check them more closely for new clues. Looking again at information we’ve previously unveiled, where was the scammer previously employed as a Game Technician? |
The next couple of challenges, including this one, pointed out the importance of reviewing information already collected for things that might have been missed. This challenge tasked the Player with taking a closer look at a previously collected image to identify the scammer’s previous employer. Entering the name of the business solved this challenge.
Previous Employer’s BSSID
| Hint: | Wigle it (just a little bit) |
| Location: | Wigle |
| Description: | When investigating a target it never hurts to gather some basic information about where they worked as well. What was the BSSID for the Wifi at the business where the scammer previously worked as a Game Technician? |
The final challenge in this Track tasked the Player with identifying the scammer’s previous employer’s WiFi network identifier. Entering the MAC address of the network AP solved this challenge.
Others’ Challenges
New to Hac-Man this year, we included a group of challenges that were… the first step in other people’s challenges! If our game didn’t have enough for you, every challenge in this group would get you started on challenges or CTFs elsewhere… We won’t detail them all here, guess you had to be there. The list of others’ challenges were:
| 1. | Caezar’s Challenge |
| 2. | Raitlin’s Challenge (Illuminati Party) |
| 3. | SquadCon CTF |
| 4. | Astronaut Badge CTF |
| 5. | Secure A.S.S. Badge |
| 6. | Z80 Retro Badge CTF |
| 7. | Future Badge Challenges |
| 8. | 2023 Challenge Coin |
| 9. | Embedded CTF |
#BadgeLife Challenges
This year we took a hard focus on #BadgeLife, as it’s grown to becoming a defininig characteristic of DEF CON hacker culture. From the official DEF CON electronic badges (every other year) to party passes to hacker group SWAG to many other uses, or just for fun, there are so many badges available at DEF CON these days it will make your head spin (and your neck hurt). Many of these badges have integrated challenges, so we decided to partner up with a bunch of badgemakers and include a group of challenges built around the badges.
DEF CON Badge
| Hint: | Any mod will do… |
| Location: | DEF CON Registration |
| Challenge: | You made it to DEF CON and have checked in! Now that you have your badge, modify it in some way! Stop by the Hac-Man table in the Contests Area and show us what you’ve done to receive the passphrase. |
Of course we had to start this collection of challenges off with a challenge related to the official conference badge. As there is another contest for modding the official badge, we focused our challenge on getting Players started on this by simply asking them to come by the booth and show us their modded badge, at which point they would receive a passphrase to solve the challenge in our game. Players would also receive the Blinky puzzle piece for completing this challenge:
Secure A.S.S. Badge
| Hint: | Radio Frequency |
| Location: | Twitter #badgelife |
| Challenge: | What is the SECURE A.S.Swarm’s operating band frequency? |
The Secure A.S.S. Badge could swarm with other Secure A.S.S. badges over radio. This challenge tasked the Player with either researching the badge to determine its operating band frequency, or using an RF scanner with the badge to do the same. Entering the operating band would solve this challenge.
Tor Badge
| Hint: | Konami |
| Location: | Tor Vendor Booth |
| Challenge: | In the challenging realm of the gaming world, there are whispers of a legendary sequence, a dance of analog dexterity born from an era of 8-bit challenges. They speak of a time when up was not always up, and down didn’t always mean down. Where east and west met twice in succession, and a couple simple letters could be more powerful than any enchanted sword. This cryptic code is not a mere relic. Its relevance persists, waiting to be invoked by the knowledgeable. A beacon of secrets veiled in the guise of assistance – our trusted Help Screen – might just be the stage for this timeless dance. Dare to tap to the rhythm of this retro riddle? Press onward, oh virtuoso of the arrows, and you may uncover the riddle hidden behind our badge’s LCD screen. |
We love the Tor project and are always looking for ways to include Tor in our games. Fortunately this year there was a Tor badge! Hidden on its Help screen, Players could enter a classic video gaming sequence to have the badge display a riddle:
Tor Devs have long shins,
Tor Badge Riddle
Socks they had to extend
In TorSpec are no games.
How would someone
look up some names?
Solving the riddle had the Players digging through the Tor specification regarding SOCKS proxy extensions to find the resolver function. Entering the name of the resolver function solved this challenge.
Wright Stuff Badge
| Hint: | Settings Page |
| Location: | Aviation Village |
| Challenge: | In the realm of flight, legends were born, Two brothers’ dreams, to the skies they’d adorn. To unravel the mystery, this riddle does leak, Connect through the air to find the clue you seek. Ride the signal, where the air waves flow, To a server of settings, your device shall go. Within the settings, a web server unfolds, The next clue lies there, as here is foretold. |
This challenge employed an API call to an external METARS aviation weather data system to validate its answer. Solving the riddle led the Player to the Settings page on the badge where further information was found. This information asked the Player what the current altimiter reading for a particular nearby airport was. Entering the correct real-time reading from the airport’s METAR data solved this challenge.
Z80 Retro Badge
| Hint: | CP/M p: |
| Location: | Hacker Warehouse Vendor Booth |
| Challenge: | Within the badge is a classic text adventure game called Polybius. Within the game there is a Pac-Man arcade machine. You’ll need coins to operate it… What is HacMan’s high score? |
This challenge tasked the Player with playing the classic text adventure game found on the badge. Within the game, the Player had to collect coins so that they could operate the Pac-Man arcade machine and read the leaderboard to find HacMan’s high score. Entering the correct score solved this challenge.
Shitty Add-on Challenges
Further extending the focus on #BadgeLife, many badges support “Shitty Add-ons”, or simple little devices that can be plugged into or soldered onto other badges to add basic functionality like blinky lights. Some of these even include their own challenges, or we were able to build challenges around them.
Any One Will Do
| Hint: | Any Combo |
| Location: | So many… |
| Challenge: | Find an SAO and add it to one of your badges. Bring the “upgraded” badge by the Hac-Man table in the Contests area and show us your successful addition to receive the passphrase to solve this challenge. |
Similar to the first challenge in the #BadgeLife group of challenges, we just wanted Players to come show us that they did the thing. Bringing any badge with any SAO attached to it by the booth earned the Player the passphrase to solve this challenge. It also earned them the Clyde puzzle piece:
Hak4Kids Learn to Solder SAO
| Hint: | Hardware Hacking Village has Soldering Irons |
| Location: | Find “Heal” wearing a black lab coat with “Phreaker Life” on the back. |
| Challenge: | What color are Tinker’s eyes when all three potentiometers are turned to the 5-o-clock position? |
This challenge tasked the player with obtaining and assembling the SAO. The SAO provided an image of a robot named “Tinker” with LED eyes. The color of the eyes could be controlled by two potentiometers. Entering the color of Tinker’s eyes when the potentiometers were turned to the 5-o-clock position solved this challenge.
Gundam Morty SAO
| Hint: | ROT Cipher |
| Location: | Find “Heal” wearing a black lab coat with “Phreaker Life” on the back. |
| Challenge: | What is the name on the back of the PCB rotated by the number on the back of the PCB? |
On the back of this SAO was some information, both a name and a number. This challenge tasked the Player with encoding the name using a rotation cipher with a shift of the number also found there. Entering the correct encoded name solved this challenge.
L33T Badge Insert
| Hint: | Solder Pads |
| Location: | Hacker Warehouse Vendor Booth |
| Challenge: | [D2:A2:M:D1:J:A1] [G1:M:E] [L:K:M:J] [D2:J:G2:B:C] |
This SAO had four LED character displays that could be “programmed” to a static value by soldering pads on the back of the SAO. This challenge tasked the Player with telling us what the badge would say if the given pads were soldered. Entering the correct four-letter word solved this challenge.
Flux SAO
| Hint: | CAN Interface |
| Location: | Car Hacking Villiage |
| Challenge: | Play the fifth song in the music player. What just happened? |
Never missing an opportunity to Rickroll our Players, this SAO had a number of embedded songs in it that it could play. After the Player played the song we instructed them to, we asked them what had just happened…
DEF CON Trivia Challenges
Our games almost always have a Track of Trivia challenges to provide some low-hanging fruit for some easy points, with progressively more points as the questions get harder.
Apparently this year, some of these questions ended up being quite difficult! Maybe we shouldn’t have asked Dark Tangent for some really obscure DEF CON history, but the entire Track of challenges was about DEF CON, so we kinda had to find some obscure facts…
We’re not going to detail the questions here as again you just had to be there, but we’ll give you their names and point values:
| Name | Points Value |
| The Beginning | 4 |
| The Tangential Founder | 4 |
| Cancelled! No, for real this time. | 4 |
| Black Badge | 8 |
| Jackpot | 8 |
| Logo Persona | 16 |
| Epic Patching Effort | 32 |
| Free as in Beer | 32 |
| Official Banana | 64 |
| Misattribution of Blame | 128 |
NFC Hunt Challenges
This physical-world group of challenges has also become a stable of our Hac-Man game and gets Players out of the Convention Center and moving around the surrounding Las Vegas area hunting for NFC stickers. Provided with a map and some close-up photos (wider-angle photos available as hints), Players had to track down these stickers, scan them, and enter the passprhase provided to solve each of the ten challenges. Here’s a photo gallery of the close-ups:
Final Challenges
After completing at least one of any of the other subject-matter specific tracks, the door at the top of the Lobby Maze leading to the Final Challenges would open. This smaller group of challenges were the most difficult in the game, including our final Pac-Man Collectible Puzzle that Players had been collecting puzzle pieces for throughout the rest of the game.
Lockbox
| Hint: | Multiple Locks |
| Location: | Hac-Man Table |
| Challenge: | Come to the Hac-Man table in the Contests area and open the lockbox. What’s inside it? |
At the Hac-Man table in the Contests area, we had a physical lockbox, secured with two separate and different types of locks. Players had to pick the locks and open the lockbox to retrieve both the passphrase and the final Pac-Man puzzle piece:
Crack That WiFi
| Hint: | WEP |
| Location: | Hac-Man Table |
| Challenge: | Crack the WiFi network password for the network coming from the Hac-Man table in the Contest area. What is the network password? |
Also at the Hac-Man table in the Contests area we had a shitty little WiFi router broadcasting a network secured only with WEP, which is crackable. Players had to crack the WEP security to get the network password, which when entered would solve this challenge and reveal the Inky clue:
Phantom Rogue Signal
| Hint: | WiFi |
| Location: | LINQ District 2 Tower |
| Challenge: | Within the LINQ, where adventure thrives, At District Two, you should arrive. Find your way to heights divine, On the floor that’s marked with a number prime. To find the signal, scan doors with care… Eventually, you will find its lair. Of Pac-Man theme, the signals are. Can you tell us what they are? |
This challenge had Players tracking down a WiFi network being broadcast in a very specific location within the LINQ hotel. Solving the riddle brought Players within range of the WiFi signal so that they could identify what they were. Entering any of the themed SSID names would solve this challenge and reveal the Blinky clue:
Puzzle’s Backpack
| Hint: | ALL YOUR 64 BASE BELONG TO US |
| Location: | On Puzzle’s Back |
| Challenge: | Find Puzzle‘s Backpack and solve its challenge. What is the movie quote? |
Every year, Puzzle creates a unique themed backpack for DEF CON which she wears around the conference while simultaneously auctioning it off to one savvy bidder. Her backpack usually contains puzzles or challenges. This challenge had Players tracking Puzzle down to solve her backpack’s challenge. Armed with access to her Instagram where she was posting photos of where she was along with a real-time map tracking her backpack using GPS, finding her wasn’t too difficult. Once found however, the real challenge began. Solving the backpack challenge revealed a HACKERS movie quote, which when entered solved this challenge and revealed the Pinky Clue:
Hash Cracking
| Hint: | Put them in order |
| Location: | Password Village |
| Challenge: | Somewhere at DEF CON there are public use hash cracking stations. Hidden on them somewhere are hashes specific to Hac-Man. Find and crack them. What do they tell you to submit? |
In the Password Village, our friends let us put some data on the publicly available hash cracking stations… Once found, they contained hashes specific to our Hac-Man game. When cracked and put in the correct order, they contained a mesage telling you what password to submit to solve this challenge. Entering the correct password would solve this challenge and reveal the Clyde clue:
Pac-Man Collectible Puzzle
| Hint: | 5 Pieces, 16 Clues |
| Location: | Earlier Challenges |
| Challenge: | Collect the puzzle pieces and clues from earlier challenges. Bring them all to the Hac-Man table in the Contests area and use them with the Pac-Man letters maze to uncover the passphrase. |
For the Players that made it this far, all the way to the end, if they had not collected all of the physical puzzle pieces and clues, it would be extremely difficult to solve this puzzle. Throughout the game, challenges awarded a total of 5 physical puzzle pieces and 16 total clues. Four of these clues were awarded by the challenges in the Final track, as detailed previously. The other 12 of these clues were awarded by other challenges throughout the game. Here’s a gallery with a small sampling of them:
Going back through the game and finding the challenges that awarded Players all of the pieces and clues was only the beginning of this challenge… Once collected, Players had to put all of these clues and pieces together using our Pac-Man letters maze to uncover a passphrase. Placing the puzzle pieces on the board in different locations and at different orientations would reveal characters in the hexadecimal character set:
Decoding the hexadecimal into ASCII would reveal the passphrase, and entering the correct passphrase would solve this challenge and win the game!
This physical puzzle was designed by I)ruid and laser cut by Puzzle. You can find a short video of the puzzle fabrication by Puzzle on our YouTube channel.
Winners
Congratulations to our winners! At the end of the con, the leaderboard ended up like this:
These Top 10 winners each chose a prize from the prize list, in ranked order, which was shipped to them after the conference.
Conclusion
As always, producing such a huge and complicated game, spanning various subject-matter and including both virtual and phsyical components is a massive undertaking and we absolutely couldn’t accomplish this without our many volunteers and colaborators.
From those who collaborate on individual challenges, those who produce entire groups or tracks of challenges themselves, to our in-person staff dilligently helping those who come by the table, we wholeheartedly thank each and every once of you. Unfortunately, the game has grown to the point that there are simply far too many of you to list everyone by name. Hopefully we mentioned and tagged you throughout this walkthrough blog post where appropriate, and the most prolific contributors had a credit in-game:
Onward to next year! If you would like to collaborate or contribute to our game, please do get in touch! You can find us over on our Discord server in the Hac-Man channel.