I am now home from Flashbelt and I had a great time in the 24 hours that I was there. In addition to giving two sessions I also did another dead drop. This one was very interesting for a few reasons. Firstly, many of the people who participated were actually speakers at the conference. Flash conference regulars like Geoff Stearns, Phillip Kerman, Robert Reinhardt, and many others worked together to try to solve the clues. I also gave hints to people who were having trouble getting past a certain point. Read below to see the steps that made up this drop.
The Carriage ID
In my initial blog post about the drop there was a form where people needed to enter their email address. After submitting the form they received an email welcoming them to the competition. It also contained a link to the first puzzle which you can see here. It contains an illustration of a carriage and has a text input where you have to enter the carriage ID. This one was tricky because the carriage ID was actually in a custom header that I set in the original email. Always question everything and viewing the email for hidden information would have quickly revealed the ID.
Jimmy Johns Meter
After the carriage ID you were taken to another Flash application that had some GPS coordinates, an electricity icon, and another text input. The GPS location too you to a Jimmy John’s sandwich shop and you had to enter the serial number off of the power meter to get to the next step. Phillip and the guys from Influxis actually found a transformer with a sticker on it that looked identical to the one on the website but this was just a coincidence. Because of this I gave out a clue on Twitter explaining that the meter was the intended target.
SQL Injection
After Jimmy Johns you were taken to another Flash application that consisted of a syringe and a text input asking for the Agent ID. So what was the agent ID that you needed to enter? It didn’t matter what you entered so long as you realized that the syringe meant you had to perform a SQL injection attack. Check out the Wikipedia page on SQL injection to get the details. All you had to enter was something like 7864′ or ‘t=t in order to get to the next stage. I saw Mario helping out Geoff to construct the SQL attack. I also had to do some work to make my PHP backend vulnerable to SQL injection.
Gold Medal Flour
The next clue was a photo of a theater located about 4 blocks from the conference. The word “CUE” was also on the image as there is a restaurant in the theater by that name. After going to the location you had to figure out that I removed something in the photo. Below you can see the before and after showing that the Gold Medal Flour sign had been Photoshopped out. This was what you had to enter in the text input to get to the last clue.
Lock Picking
Earlier in the week I Twittered a YouTube video that I created showing how you can easily pick simple office-style locks using simple office supplies. The last clue sent you to the Aloft hotel in Minneapolis and more specifically the handicapped stall in the lobby bathroom. There you had to pick the lock on the toilet paper dispenser to get the winning code, which I had written using a sharpie. The guys from Influxis who won actually asked a guy who worked there to open the lock so they didn’t have to pick it. That was good thinking although in an actual operation you would never expose yourself like that.
This one was kind of topsy turvy but was a lot of fun nonetheless. Many attendees were confused about what the dead drop was so I’m going to have to do a better job of getting the information out next time. Congratulations to the guys from Influxis for capturing the prize.
Lee
excellent lee these dead drops are so much fun. you did a great job thanks for the entertainment.
Awesome dead drop yet again. I would of given up with the sql injection for sure, lock picking on the other hand maybe not. Congrats to Influxis.
Awesome! I would have loved to participate in this one :]
Keep it up Lee, they just keep getting better and better!
More and More you make it so interesting
Good Job Lee
With all due respect to MSP… and to some in that area who DID try… I think we need to address the whole lack of effort–and the fact outsiders appeared (from my vantage point) to be the only (or main) ones working on this. Maybe a big spanking machine for them?
or my vid–which is more of a release than a piece of art: http://www.tinyurl.com/flashbeltdeaddrop
Thanks–excellent work Lee
Congratulations to the Influxis guys! Thanks Lee for keeping things interesting with your Dead Drops.
Awesome!
What about to create a virtual dead drop? By this way, people around the world can try to find, by example, a gift by some virtual shop that gives a prize.
Will be awesome too!
[]‘s
Lee Brimelow, do you ever feel like an Actionscript spy with all these dead drops, or perhaps becauase of your byte array manipulation skills?
It was certainly fun until I fell behind. I wish I could have tried the serial from the JJ meter (I had another one that was etched into it) but no Flash from the iphone dammit
It wasn’t a dead drop, but your Catalyst demo was drop dead clear and instructive.
One question: one of your fly-in’s was a video placeholder image. I rushed home after that day’s session, downloaded Catalyst, and tried importing a working, component video derived swf (called a network flv). The video actually showed up – without it’s component playback – but could not be controlled.
Can video be imported, and what prep is needed for it to work in Catalyst?
@Rich I’m not sure about how to get video working in Catalyst. In the full release version there will be support for it. For now I would recommend bringing your project into Flash Builder to add the video. Glad you liked the session.
Can’t wait for Catalyst to come out, seems like an age ago when they were demo’ing it at Max.
Some useful post would be nice, hum?
Great contest Lee! Will there be another one this year? I’m looking forward to FlashBelt on Monday.
BTW, The first clue with the carriage return didn’t work on a PC. On a Mac it was no problem.