Here’s one way to solve the Brucon WiFi Puzzle: open the capture file with Wireshark.
The capture file contains one beacon frame for the brucon09wifi network. If you’re a bit familiar with beacon frames, one tag will stand out: the vendor specific tag which Wireshark can’t interpret because it’s from a vendor it doesn’t know.
The hidden data is inside the vendor specific tag. Select it and export the selected bytes:
How do you decode this data? You can try all types of encoding and encryption schemes, but to prevent you from wasting time trying countless possibilities, I’ve given you a hint in the name of the vendor: XortecOy. The data is XOR-encrypted. And the key is tecOy. 😉
Open the saved bytes with Cryptool:
And apply XOR-decryption with key tecOy:
Et voilà!
Didier Stevens 
[…] Get stuck on the Brucon wifi puzzle? Didier Stevens to the rescue with a fabulous, and illustrated, run down of one way to solve. [The Brucon Wifi Puzzle] […]
Pingback by Daily Digs – 08.27.2009 « Security Stallions Blog — Friday 28 August 2009 @ 4:18
Great puzzle and challenge. I thought the vendor “xortecoy” sounded suspicious and I immediately tried taking that hex block thats “Not Interpreted” and xor’ing against random strings to guess the key, but didn’t find the answer. I Didn’t think to use “tecoy” in hex as the key. Fun puzzle. Keep them coming!
Comment by David — Friday 28 August 2009 @ 15:39