K41r0 Escape Game

The K41r0 escape game is a hacking-themed escape game. It was designed to educate people about cyber risks in their private lives in a passive way, meaning participants aren't actively looking to learn. They play, but by playing, they will learn without even realizing it.

Players will understand the techniques attackers use to target them. With this knowledge, they will be able to protect their privacy and that of their loved ones. They will also learn to recognize common attacks and their impact in personal or professional environments. Perhaps, they will start asking more questions in the future.

A large puzzle, in multiple stages, is already well-developed and ready to use. However, the beginning is missing, allowing you to customize it if you'd like. Otherwise, I will explain how I created the start so you can replicate it. This also allows you to adjust the length of the escape game to your preference.

This escape game is challenging. To make it medium or easy in difficulty, the game master will need to provide hints to the players. You will find these hints below.

Steps

  1. Go to the following page: https://mauricelambert.github.io/EscapeGames/K41r0/, where you will find the scenario and instructions for the players. From there, players can click on the start button and begin the escape game, on this page: https://mauricelambert.github.io/EscapeGames/K41r0/login.html.
  2. A password is needed on this page. The earlier instructions hint that it can be found by solving a first puzzle away from the computer. You can create your own way to access the password. Otherwise, here's how I designed the first puzzle.
  3. [Not implemented] A box locked with a padlock is placed on the table, but without the key. The instructions say to search for something unusual in the surroundings. In my case, the players were outside, near a garden. In that garden, I had planted a pink plastic pineapple that opens. When the players open the pineapple, they discover that the keys are inside, along with a cork stopper... They cannot remove the pineapple from the ground, so they can't tip it over. It's too complicated to pull it out with sticks... They will need to find a clever solution to get the keys: filling the pineapple with water will cause the keys to float, allowing them to retrieve them. Of course, you might not have a pineapple or a garden, but that's not a problem. You can use objects like a water bottle or a baby bottle, which have shapes that work well for this kind of puzzle. The instructions mention an item that is out of place, not necessarily a garden or a pineapple, so it's easy to adapt the puzzle in your own way.
  4. [Not implemented] Once in possession of the keys, the players can open the box, which contains a small plastic case, inside which there is a small electronic module called Digispark (the Digispark module on Amazon, which can be purchased for around $3 each online). I programmed the module so that it can automatically type the password on the computer when plugged in, as explained here: https://github.com/mauricelambert/Talk1.BankSecurity#user-content-how-to-build-you-own-sneaky-rubber-ducky. Once the password is typed (password is: 0xK41r0), the players can press the Enter key and proceed to the next part of the puzzle. This will also be the moment to start the countdown or to plug in the end-of-game electronic module (which does the countdown).
  5. The players reach a page where a clue is written, related to a decoding process, followed by an empty space. They can display additional elements by clicking on the 4 green buttons at the top of the page. On the second page, they will see a second clue of a philosophical nature, related to emptiness and invisibility. They will need to return to the first page to discover the invisible text in the void (by selecting the text with the mouse or pressing Ctrl+A).
  6. The text doesn't mean anything, but as a reminder, the first clue is a decoding process. The process is relatively simple: characters at even indices form the beginning of the text, and characters at odd indices form the end. They can apply it manually with paper and a pen or using a notepad application, but be careful, they need to count spaces and line breaks (as the game master, make sure to give them this information, it's important)! If one of the players knows about computers, they can save their team some time with a line of code (for example, in Python it is possible to display the text with this line: b = """<paste text here>"""; print(b[::2] + b[1::2])). The text thus obtained is the following: 
    As agreed
I've connected the data
To the new account and hooked up the paper
Shredder to this account.
The protection remains the same.
Since you unlocked it,
You've loaded paper, and
The countdown has started.
Because it is very fragile,
It cannot be moved or unplugged.
If an error occurs, you must follow the instructions
To disarm it,
Bend down under the machine
You will need light and
When reaching for the safety handle, beware of moisture
The heat of a summer day,
We wouldn't want you to get hurt. Next, enter your user ID
Along with the 4-digit secret code
And the page you no longer wish to destroy
That you'll need to identify
Must be removed and then placed
Within my data.
  7. Once the first part of the decoding is completed: "Divided into two halves along one path, to reveal a false meaning's mask.", they get a text with meaning, but without any importance. They now need to decode the meaning with the clue: "Then slice one half along another way, to uncover truth where shadows play." They need to take every other line starting from the second one. The word "matrix" is used to guide the players to columns (represented by the characters) and then to rows. So, they will have already processed one meaning: that of the columns by taking the characters, and this step processes the second meaning, that of the rows. The text thus obtained is the following: 
    I've connected the data
Shredder to this account.
Since you unlocked it,
The countdown has started.
It cannot be moved or unplugged.
To disarm it,
You will need light and
The heat of a summer day,
Along with the 4-digit secret code
That you'll need to identify
Within my data.
  8. The previous action gives the instructions for the last riddle, which allows disarming the data destructor to preserve it. The last riddle contains 3 steps: the first consists of finding the secret disarm code, the second allows finding the necessary temperature for disarming, and the third to find the light level needed for disarming. In the original escape game, I had built an electronic module. When the players set the potentiometer (4-digit secret code) to the correct value, raised the temperature above the required temperature, and set the light level above the required level without making the module shake (a piezoelectric sensor verified that the vibrations were low enough not to trigger destruction), the escape was solved. To best illustrate this electronic module, I created a web interface that allows modifying the temperature, the light level, and the potentiometer value, and detecting changes that are too large, simulating vibrations that make the players restart.
  9. Now that we know what the players need to do, let's see how to solve the riddles. The data in the Informations section needs to be analyzed, and the players should keep in mind the statement: and then replicate a part of my investigation to uncover gang members still hidden in the shadows. They must therefore identify the gang members from the information they have. By observing closely, they see that the phone numbers are consecutive... or almost, as there are gaps. One can deduce that the gang bought a batch of prepaid phones... and that the numbers follow a sequence. This is the key to solving the riddles, as the missing phone numbers belong to the still unknown gang members.
  10. All the riddles work the same way, the phone numbers are the key. The players must identify the missing digits in the correct order to obtain the 4-digit code, which forms the secret code for disarming and allows setting the potentiometer to the correct value. The phone numbers are: +44 7300 899999 for -1, +44 7300 900008 for 8, +44 7300 900002 for 2, +44 7300 900004 for 4, +44 7300 900003 for 3, +44 7300 900010 for 10, +44 7300 900001 for 1, +44 7300 900007 for 7. The missing numbers are therefore in this order: 0956 (after +44 7300 899999, there is the number +44 7300 900000, which does not appear and allows finding the number 0; after +44 7300 900008, there is the number +44 7300 900009, which does not appear and allows finding the number 9; +44 7300 900002 represents 2, but +44 7300 900003 represents 3, which is present; +44 7300 900004 represents 4, but 5 and 6 are missing, and these are the last two digits of the secret code). Therefore, the potentiometer must be set to 0956 (thus 956).
  11. Now the players need to find the temperature. By observing closely, there are 2 descriptions with the flame emojis, which symbolize heat. The first is on the number +44 7300 900003 which represents 3 with 2 emojis, the second is +44 7300 900007 which represents 7 with a single flame emoji. 2 emojis represent the tens place, and 1 emoji represents the ones place, giving us 37. Therefore, the temperature needs to be set to 37 degrees.
  12. Finally, the players will need to read the descriptions until they find a suspicious one, that of +44 7300 900002 because it contains the word light three times. Upon closer inspection of the other descriptions for the word light, we see that +44 7300 900008 contains 2 occurrences, +44 7300 900003 contains 1 occurrence of the word light, and all the others contain 0. This is the key for the light level: 283 (+44 7300 900002 represents 2 with 3 occurrences, which indicates the hundreds place; +44 7300 900008 represents 8 with 2 occurrences for the tens place, and finally +44 7300 900003 with 1 occurrence for the ones place).
  13. All that's left is to heat the temperature sensor, increase the brightness detected by the light sensor, and set the potentiometer to the correct value, all without making the module shake! If you haven't built the module, you can use the Hardware page provided in the escape game. Congratulations, you have successfully found and saved the data!

Clues

Advanced Level

  • Explain that spaces and line breaks need to be considered, and mention that if someone knows computer science, they can perform the decoding with a computer to save time.

Medium Level

  • The clues from the advanced level
  • A matrix is an array containing columns and rows.
  • The phone numbers are the key to the steps of the final puzzle.

Easy Level

  • The clues from the advanced and medium levels
  • Each character in a line of text can be seen as a column in a matrix.
  • A sequence with missing numbers from -1 to 10 inclusive can indicate a code with the missing digits.

Beginner Level

  • The clues from the advanced, medium, and easy levels
  • One direction in a matrix can be seen as columns, the second direction would be rows.
  • Key symbols and repetitions of key words can indicate digits and their occurrences can define the position to form a numeric value.

Cyber Techniques

  1. The first technique is a USB key that writes by itself when plugged in. Showing this technique is important because it allows you to take control of a computer in less than 4 seconds, highlighting the importance of always locking your session even if you step away for a moment to grab a coffee or retrieve something nearby.
  2. Various OSINT techniques that allow you to find a person from their photos (including profile pictures), pseudonyms, name, phone number, or email address. The message is simple: limit your photos, use different pseudonyms on platforms, limit the exposure of your name online (and if possible, never with a photo of you), use different email addresses (one per pseudonym), use multiple phone numbers (one per pseudonym).
  3. It is possible to trap someone by making them click on a link. Never click on a link, whether by message or email.
  4. Fake websites can be created where you are asked to enter login credentials. If someone enters these credentials, the attacker can reuse them to take control of the real account. Always verify the legitimacy of a website before entering passwords!
  5. It is possible to get someone to download and execute files to take control of their computer or phone. Never download files and never click on them !