Beat, Cops and Robbers Part 5

I suggest you refresh your memory with the middle of Beat’s saga here first to maintain the flow.

Beat had a head full of new facts and a major puzzle to solve. He sat down at his terminal and opened some security tools, hoping to get lucky. He started encoding and decoding the name “robber” every which way. To start, he tried text to hexadecimal code.

726f62626572

He saved that for later.

Next, he tried converting that hex string to binary.

011100100110111101100010011000100110010101110010

Still nothing popped out.

He tried a childishly simple ROT-13 replacement algorithm on robber.

eboore

Nothing was clicking. Nothing made sense. He intuitively just tried looking up the website domain for robber.com. Registration was private. He bypassed the privacy setting and found the website was registered to the following:

Bulletproof Manufacturing and Aerospace Corporation (BMAC)
6572 Mockingbird Blvd Suite F
Omaha, AR 72662

Now some numbers started lining up; he couldn’t believe his luck. Not only that but the abuse contact was even better:

For abuse complaints, contact: Edward Boore – eboore@robber.bmac.com

In a few easy keystrokes, almost too easy, as if someone left breadcrumbs intended to be collected, Beat was one step closer to solving the puzzle. He did another few lookups from some other security tools to gather information on the company and the domain. The corporate website was nothing out of the ordinary, but they weren’t a publicly traded company so no deep digging there. The bottom of the page contained the typical array of quick links. Contact Us, History, Help, FAQ, Demo and Return to Top.

He took a peek under the hood with the HTML inspector built into his browser and started reading through the code. Yet another fingerprint became apparent; a snippet of Javascript was attached to the Demo link. The URL didn’t make the typical call to an internal function of the site and it wasn’t some early HTML 1.0 link either. In fact, it was a total anomaly. It was an encrypted link function which triggered a decryption after the button was clicked to provide the accurate URL to the user’s web browser without revealing the actual site URL. It was split into three parts to further obscure what it would take as input and pass on to the server. Beat grabbed the code snippet and transferred it to his sandbox server. As he watched the server logs, he saw the Demo URL transformed to this string:

60rk2c9g60rk0c1h64r32c9h64r32c9g60r32c1g64rk0c1g64r30c9h60r32c1h60rk2c9g60rk0

More simple encryption. The repeating characters “rk” signified paired numbers or letters. Feeding that string into a Base32 decoder, there was the detonation:

011100100110111101100010011000100110010101110010

Converting that binary back into text: robber. Beat slammed his hand down on the desk and started gaining steam. Either he was misled into a honeypot, or he was right over the target. Going back to the original page, he clicked on Demo to see what would happen. Immediately, he got a connection refused error. Reloading more times, more connections refused. The easy part was starting to fade a tiny bit, but being an ASE, he was nowhere near running out of options. He launched PRISM, the global website penetration tool that had federally mandated backdoors built into all US-based websites. He entered the full URL for the Demo link into PRISM, and something curious happened next.

WARNING: PRISM ENHANCED MODE REQUIRED. ENTER PKI3 AUTHENTICATION TO CONTINUE.

Beat plugged his PKI3 card into the terminal and the dialog box on screen filled up with X’s in the blanks reserved for the password.

PRISM ENHANCED PKI3 BYPASS DETECTED. ELEVATING RIGHTS TO PRISM SILENT CIRCLE.

Beat paused. PRISM asked to elevate a single authorization level and somehow skipped to a mode that he didn’t even know existed. He then remembered having the same card in the Cerberus terminal. Did Cerberus modify the card? It was the only explanation, and he was hot on the trail of what Cerberus was after. PRISM then prompted him:

PRISM SILENT CIRCLE – WEBSITE DEMO ACCESS (Y/n)?

Again, Beat paused, feeling like he was at a point of no return. He hesitated to hit enter. This was about to take a hard left turn and he wanted to be prepared. He closed his eyes, leaned back in his chair and jammed his knuckles into his eyelids and twisted until he saw stars that quickly faded away. Cracking his knuckles, he took a deep breath and hit enter.

THANK YOU FOR USING PRISM SILENT CIRCLE. DEMO LOADING, PLEASE WAIT.

His terminal faded to a totally white screen, then to a black screen, then back to a gray screen somewhere in between. One by one, the letters from the PRISM prompt flew off the screen, in every direction, accompanied by old cartoon sound effects. Next, a black mask came into view with artificial glass eyes staring blankly towards Beat. No face, no body, just a bandit mask with 3d eyes.

He heard a voice coming from his speakers. “Welcome, PRISM SC user. I am Robert. I have stolen your letters as payment. What I steal next is up to you. Choose your desire:”

Another prompt came up on screen:

DO YOU DESIRE FAME, FORTUNE, OR POWER (Fa, Fo, Po)?

This was a game, and Beat wanted to bend the rules. He typed in MORE and hit enter.

YOU DESIRE MORE THAN FAME, FORTUNE AND POWER. IF THIS IS CORRECT, STANDBY FOR 5 SECONDS. TO ABORT, PRESS ANY KEY.

Beat simply waited.

MORE DATA IS REQUESTED. DO YOU HUNGER FOR KNOWLEDGE? (Y/n)

He hit enter again.

KNOWLEDGE TARGET NUMBER REQUIRED TO CONTINUE. TO LIST KT’S, ENTER L. OTHERWISE ENTER THE KT NUMBER.

More puzzles to solve. He hit L and started grinning ear to ear at the results.

KT TARGETS AVAILABLE:

1. DENNIS – 6581
2. CHARLES – 8580
3. FRANKFORD – 68001
4. NEWTON – A01
5. CERBERUS – CRB3
6. AGNES – ARM1
7. BLACKWATER – DEEP-C
8. COPERNICUS – COPER
9. ROBBER – EBOORE8F

Beat’s mind went into fast forward mode wondering what he’d discover. These were all named AI and he was dying to know what this system knew about them. But he had to stay on track. 15 minutes remained. Beat hit 8, for Copernicus, and watched the output.