B|Sides Edmonton
BSides Edmonton Badge Challenge
Welcome to the BSides Edmonton 2024 badge challenge. This is a fun challenge that takes place for the duration of the conference. Not to be confused with the CTFs, this is a separate challenge that results in some swag that is only available to those that finish the challenge. There are 8 tasks in total, none of them require a computer necessarily, but you may find them easier to complete with one. The challenges must be done in order with all challenges needing to be completed to collect a prize.
Hints will be added to this page at the beginning of day 2. We hope you enjoy the challenge – good luck, have fun!
Challenge 1: In reading this page, you have likely solved the entrance to this challenge, which was to find the URL to this page.
Challenge 2: There are 5 identical tokens hidden around the conference. Familiarize yourself with a subset of RFID technologies to get information from them.
Challenge 3: I think Hashcat rules, listen to a radio to find out why.
Challenge 4: Challenges 2 and 3 provide you with something that is unusable in current state – make useable.
Challenge 5: Reception would be interested in hearing about what you have found after it is useable.
Challenge 6: Reception will let you know what you need to do.
Challenge 7: I like to inspect things, what about you?
A note from Dan
As BSides Edmonton 2024 comes to a close, I’m excited to reflect on the event's success, particularly the badge challenge that I had the pleasure of co-creating with Brad van Koll, CISSP. We poured a lot of energy into designing engaging challenges, including some unique elements we hadn’t seen in similar challenges before, as well as some fun reimagined classics.
It’s great to hear that participants enjoyed it, and it seems like Challenge #3 (the wireless radio challenge) really put people's skills to the test. We hope everyone walked away having learned something new, alongside earning prizes for their tenacity and problem-solving skills.
Now that the challenge has wrapped up, here’s a peek into the solution flow:
1) Decode base64 on the back of the badge to start the challenge
2) Scan an NFC tag located at the conference to collect a hash
3) Find a wireless SSID named as a hashcat rule
4) Crack the hash with a wordlist + hashcat rule
5) Inform reception of the cracked hash
6) Reception will tell you to find the technical contact of the BSides Edmonton parent organization, which is BSides - this can be solved with some OSINT, a WHOIS lookup, and finding the person on LinkedIn.
7) Inspect the source of the page for challenge 8 as an HTML comment.
8) Tell reception the secret phrase for a prize!
​
--
​
Congratulations to the 8 people who got the exclusive Holographic sticker, NO ONE else got it :) Be chuffed.
​
We'll be back next year!