CSAW 2013 Write-up: Jordan Wiens (Recon-3, 100pts)

This is a write-up for the ‘Jordan Wiens’ Recon-3 (100pts), for CSAW 2013.

For starters our hint is: "The trail starts where the trail ended." Since I solved this recon last year, I headed over to Jordan Wiens website where the CSAW 2012 key was located. (After much frustration, the judges announced that the problem wasn't setup properly/user error was disabling you from solving it. The solution was to purge the cache, hence why the images are in Google Chrome Incognito windows).

At Jordan Wiens Website we see:
Jordan Wiens Recon, CSAW 2013

The only thing here of use to me is: "Michael Vario sure does some suspicious signs, hope he doesn't do me." If you search this string in Google (using exact phrase search, Google Search Opperators) you come across this Tweet from cinnamon_carter (@cinnamon_carter):
cinnamon_carter, tweet to Michael Vario

Assuming that Jordan Wiens has a PGP key, we search for it (any public key server will do), and get:
CSAW 2013, Jordan Wiens pgp key

Here we open the first link, since he tells us "CSAW folks: getting warmer."
CSAW 2013, Jordan Wiens pgp key

Since we had the clue, that we're getting warmer: I decided to base64 decode his pgp key, (since pgp keys are base64 encoded, using: pgpkey.txt as the input) Zacks-MacBook-Pro:CSAW zack$ base64 -D pgpkey.txt > base64decode, which gives us: base64decode.

Opening our base64decode in any hex editor, you see:
CSAW 2013, Jordan Wiens pgp key decode

In the ASCII text I noticed “JFIF” which I know is a Magic Number for a jpeg, (Thankfully jpeg files have a file header and file trailer), so I took the hex from “FFD8” - “FFD9” (the start and end of a jpeg file in hex) and saved the file as magic.jpeg. Upon opening our new image, you get:
CSAW 2013 recon key - Jordan Wiens

You get the flag, key{mvarioisnotmyhomeboy}.

/endwriteup
-Zack