The solution to the riddle


SPOILER ALERT: If you want to solve this riddle on your own, don’t read beyond the preface.

During the last year or so I created an on-line riddle out of boredom. I posted a QR code / string to various friends, work colleagues, and on-line forums where I expected people to be able to solve it.

This is the QR code which decodes to:


Many people have responded jokingly, posting stuff such as “a cat has walked on your keyboard”, indicating they are not taking the challenge seriously and probably thinking that there is no solution. Ignorance is bliss…

Sadly nobody has been able to solve it so far, which I find a bit strange. No way I’m that awesome that I have created the best way to obfuscate data on the Internet? Probably the right person to solve it has not yet come along, or maybe I wasn’t effective enough at spreading the riddle to enough people capable of solving it.

Anyway, here is the solution.

Step 1

By looking at the string a skilled developer should recognize the striking similarity it has with a base64-encoded string, indicated by the “=” character at the end of the string. However there seem to be a bunch of other characters that do not belong in a base64 string.

A closer look will reveal that, starting with the first character, every 6th character after that doesn’t belong in a base64 string. So there is a pattern. Let’s remove every 6th character and see that we have left:

Base 64 string: QBdgHGILHR9vchNBTAt5X3oWbBxMbn5GR0wTQ0xuHBc=
Characters that don’t belong: #%&).\,*

Now we have a valid base64 string! Let’s decode it and see what we get:


Yeah, it doesn’t make much sense. A skilled developer is now supposed to recognize that the base64 string decodes to binary data. Why would that be the case? Let’s go back to the extra chars that don’t make sense, why did we have those chars there? It is highly possible that the binary data is actually encrypted data and the extra chars are the key. What is the simplest cipher for binary data encryption? The XOR cipher. Alright, let’s write a small script to test this hypothesis:

$string = "QBdgHGILHR9vchNBTAt5X3oWbBxMbn5GR0wTQ0xuHBc=";
$key = "#%&).\,*";

// Base64 decode
$dec = base64_decode($string);

// XOR decode $dec with $key
for ($i = 0; $i < strlen($dec); $i++) {
  $dec{$i} = $dec{$i} ^ $key{$i % strlen($key)};

// Echo the result
echo $dec;

Wow it worked, we get something that makes sense:


Now let’s base64 decode this and see what we get:

Step 1 completed.

Step 2

Step 1 provided us with a hostname. Let’s open it up in a browser and see what we get:

Those Greeks have concealed my writing, keep looking…

Interesting, not much information here. But wait, “say-my-name” must be a reference to something. Name -> Domain Name System -> DNS. Alright, let’s see if there are any TXT DNS records for this subdomain:

$ host -t TXT descriptive text "/bobby-tables"

Step 2 completed.

Step 3

Step 2 revealed a TXT DNS record. It returns "/bobby-tables". So let’s append that to the hostname previously found and visit

An XKCD comic appears… named exploits_of_a_mom.jpg. Is there an SQL injection vulnerability on the site? Maybe, but currently we cannot find any GET/POST variables on the site to exploit. Let’s keep looking… A skilled developer should recognize that the image ends with .jpg. XKCD comics are always .png! Oh wait, one more thing. Do you remember this quote from earlier?

Those Greeks have concealed my writing, keep looking…

A skilled developer is now supposed to think of Steganography. A quick Wikipedia search reveals:

The word steganography comes from New Latin steganographia, which combines the Greek words steganós (στεγανός), meaning “covered or concealed“, and -graphia (γραφή) meaning “writing“.

Got it now? There must be a message steganographically hidden within the .jpg image. A quick Google search reveals that the most common steganography tool in Linux is steghide. Let’s see if that can decode anything:

$ steghide --extract -sf exploits_of_a_mom.jpg 
Enter passphrase: # try without a passphrase
wrote extracted data to "message.txt".
$ cat message.txt 

Step 3 completed.

Step 4

Step 3 revealed what we desperately needed all along, a GET variable! Let’s visit and see what we get:

Come on, I’m spoon-feeding you now!

Alright alright, let’s assign some value to ?mom e.g.

Name: Robert

Interesting, a reference to Robert “Bobby Tables” from the comic. Let’s seek for an SQL injection at ?mom, e.g. using something like' OR 'x'='x:

Name: Robert

Step 4 completed.

Step 5

In step 4 we injected a GET variable and retrieved a bunch of database entries in the form of various links. The first link points to the Cranberries song “Zombie” with the unforgettable chorus “In your head, in your head“. RIP Dolores :'( The second and third links both refer to a band named “Machine Head“.

Did you get it yet? Yes we have to check the HTTP header! A quick inspection in your favorite browser’s inspection tool reveals the following entries that don’t belong there:

Step 5 completed.

Step 6

Step 5 revealed a telnet server and a telnet key. Let’s make a telnet connection and see what we get:

$ telnet 666
Connected to
Escape character is '^]'.
Connection closed by foreign host.

Very interesting, yet another base64 string. Can we decode it directly?

-WHQG&e|<n+r?f)t'%}(:["h8!s1z5xB' vQ*
x 	y8	sAF;2*BxzYW}0b#0ev*P\.N1wK2,jtM4?ei%O}$z[(
a	s@\S7eBs_}?D[W*d+*Q9Q1xc z55DZaT5Bm
[(7[	2sD":M
s Q/	 0m('p

It doesn’t seem so, we get binary data again. Oh wait, we have the X-Telnet-Key from earlier! Let’s run the XOR cipher once more with the new key and the new base64 string and see what we get:

$key = "h4cK3rM4nh4x0rz";

// Base64 decode
$dec = base64_decode($string);

// XOR decode $dec with $key
for ($i = 0; $i < strlen($dec); $i++) {
  $dec{$i} = $dec{$i} ^ $key{$i % strlen($key)};

echo base64_decode($dec);

And the result is:

Congratulations! You solved the riddle! There is no prize, I’m too poor for that, I was just bored and made this. Let me know if you would like to brag: <my email here>

Step 6 completed.


That was the riddle. Do you think it was too involved? I think the first step was the hardest, once you recognize the XOR cipher and the fact that it can be reused in step 6 the riddle is not that complicated.

Anyway, I will leave the infrastructure for this riddle up and running for a few more weeks if anyone wants to verify my solution, but then I will take it down.

Thanks for reading!

PS: Don’t try to hack my server using the intentionally created SQL injection, it will not work ;)

First week in Greece

I haven’t written much the past week. I have been busy searching for a car, and I have no Internet @ home so I have to visit some Internet Cafe places all the time. The problem here in Greece is that everybody smokes cigarettes, even in public places, they really don’t care about the ones that do not smoke, like me… But this is about to change. From 1:st July there will be a new law forbidding people to smoke in public places. I want to see how this is going to be implemented… There will be so called “smoke-police” visiting random places to see if they are smoking or not. Anyway, I don’t think this is going to work at all. From my opinion something like 90% of the Greek population smokes, which is going to be really hard to just make them stop, and that sucks.

Now on to the pictures. This is snowy Alpes from the airplane Zurich to Thessaloniki in HDR. Thanks to the auto bracketing in the camera I’ve been able to shoot 3 pictures with different exposures really fast. Otherwise I wouldn’t be able to make this pictures as the airplane is moving in something like 800 km/h.


I found some bugs to shoot. The first one is a feature, not a bug ;P
Continue reading


Today I got my new Arduino Diecimila that I ordered yesterday. That was a quick delivery.

I like the simple Arduino programming language. It’s much more easy to program than C but still as functional as C.

For those who don’t know, Arduino is a physical computing platform based on a simple I/O board and a development environment that implements the Processing/Wiring language. Arduino can be used to develop stand-alone interactive objects or can be connected to software on your computer. Currently shipping versions can be purchased pre-assembled; hardware design information is available for those who would like to assemble an Arduino by hand.

Prepare now, more fun projects are to come ;)

Arduino Diecimila