The sorts of crypto I've dealt with in more traditional contexts (Attacking a web application, etc), are very different from the skillset required for 1o57's badge challenge.
They're both a ton of fun, and an aptitude for one probably hints at an aptitude for the other, but I wouldn't discount yourself entirely, just because one writeup scared you off :)
The DEFCON badge challenges are definitely above and beyond what most people are expected to be able to do. It's also less about cryptography and more about general puzzle solving and recognition, though good crypto knowledge is just a necessity.
In other words, some of the world's best cryptographers would probably not be able to get past the first or second parts, let alone complete the challenge.
Like a lot of people, I find that while the talks are interesting, there are enough other things going on that are even more fun, so the talks definitely take a lower priority. I'd need 10+ instances of myself to have paid full attention to everything I liked at DC22.
I never bother with going to the talks while at DEF CON. Everything gets posted online afterwards, and there's enough going on outside of the talks, that I've never been able to justify actually attending them.
I also completed the badge challenge (Though a few hours after this team), and as far as I know, there was no hint as to which line of the cryptex was the OTP. We just knew, from the 'YQESMJDOJOTM' comment on the one page, that the cryptex was involved, so we tried every line as a key until we got something.
1o57 tends to design most of his puzzles around similar ideas, so you just start to get a feel for how he works after a while.
Yes. I'm working on a pet project called F0UND that's meant to automate as much of the badge challenge as possible. There will still be a lot of human effort involved, but I think a lot of the information gathering and cross-referencing can be automated.
Next year the black badge will be mine, whatever it takes.
Loved reading this. Some incredible reasoning, even being shown the answer there are multiple stages I can't follow the reasoning that allowed them to progress.
Kudos, respect, and jealousy!
The contest starts when you get your badge Thursday morning (8:00 AM - 3:00 PM depending on the line), and the team that won this year finished at about 6:00 AM on Saturday.
That was kinda insane! Now I have to wonder just how many bits of random stuff get handed out to Defcon attendees that might or might not be part of some sort of puzzle like this.
I can't imagine trying to solve this! You'd have to love puzzles with an insatiable appetite to endure this.
Good job, team.