So the dead drop in Amsterdam is now over and I’m pretty sure I won’t be able to stay at a Radisson ever again. The first step was obviously to extract the secret message out of the BMP file. A couple of people actually found an existing tool on Windows that extracted it but at least one person wrote a custom ActionScript solution to get the clear text out of the image. The secret text was as follows:
—-[ GPS location (52.370067, 4.896679) - Wall to the left of room 617 - Need UV ]—-
Once arriving at the 6th floor you needed to illuminate the wall with UV light recover the next piece of information. The text on the wall read:
http://leebrimelow.com/lsb.html
key = doritos1973
You then had to go to that URL and type the key into the Flex application to decrypt the AES-encrypted message. This message was as follows:
It is under the 6th floor ice machine at the same hotel. There may be more than one ice machine. Once found follow the instructions in the note to get the serial number from me.
Now here is where it gets interesting. This morning someone who had gotten the first clue came into the hotel and asked if he could search for the software. The hotel security was having none of it and removed him from the building. Throughout the day there were other people at the hotel who had gotten the first clue but couldn’t find the UV writing. Security was apparently not very amused with this drop.
When I came back from FITC I was looking through my peephole at people walking back and forth across the 6th floor. I went out a little while ago to get something to eat and when I returned I was met outside the hotel by a man who said he had found the software. It wasn’t under the ice machine but rather at the front desk. Apparently the hotel staff or security had somehow found the software during the day. My guess is that once all these people came to the hotel saying that they were here to find something, security did a search because it was very well hidden.
The guy who found it was smart to simply go up to front desk and ask for it. So then we walked upstairs so I could show him the UV writing and while there we ran into a guy who had been here almost all day. He had written a custom ActionScript decrypter for the BMP file, went out and bought a UV light, and used the hotel computer to get the final message. I decided that I had to also give him a copy for his amazing effort.
Thanks to everyone for taking part and if you didn’t win then I hope you at least had a good time. This was by far the best drop yet and the staff finding it added some unexpected complexity.
Update: The co-winner, Bertrand Larrieu, sent along the ActionScript he wrote to retrieve the text. Much cleaner than my code which I’ll also be posting soon.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 | /** * @author lab9 - Bertrand Larrieu * @version 1.0 */ package { import flash.display.Sprite; import flash.events.Event; import flash.net.*; import flash.utils.ByteArray; public class Drop extends Sprite { private var loader :URLLoader private var bytes :ByteArray private var translate :ByteArray public function Drop() { loader = new URLLoader(); loader.dataFormat = URLLoaderDataFormat.BINARY; loader.addEventListener(Event.COMPLETE, complete) loader.load (new URLRequest("stego.bmp")) } private function complete(e:Event):void { trae ("youpi"); bytes = loader.data as ByteArray; translate = new ByteArray(); bytes.position = 54; var dec:int = 7; var b:int = 0; var lsb:int; for (var i:int = 0; i < 857280; i++) { lsb = bytes.readByte() & 1; b = b | ( lsb << dec); if (dec == 0) { translate.writeByte(b); dec = 8; b = 0; } dec --; } trace (translate.length); translate.position = 0; trace (translate.readMultiByte(translate.length, "iso-8859-1")); } } } |
London you’re next 
Lee
Awesome! Any chance we could get some info as to how one would have gone about writing the tool to decode the image?
I guess the other guy who found it was kelsolaar (french guy), i wish stayed with him, I was with him this afternoon. Is there any way i can please you to maybe give me a key as well, or maybe i’m just too honest and should’nt have asked the hotel to let me in this morning. Something which i should not be punished for but rewarded ;-( …i also understand that you can’t give away a master collection forever but i thought i can give it a try.
Sorry Marien. I’m sure you understand that I can’t give away software to everyone who goes after it. Yeah you really shouldn’t have asked the hotel. You were just asking for trouble
Cool drop! I’m curious what you’ll come up with next time.
Do you have the AS that you used to put the message inside of the Bitmap?
Do you remember that french girl, I think it was in the Bourne Supremacy, that, while Matt Damon was trying to do all his secret agent stuff, just walked to the reception of the hotel and asked for the information they needed, and they gave it to her just like that?
I guess i was thinking about that, when I walked back into the hotel, wondering why no one could find the package
,
Great fun,
Jeff.
for the curious i’ve used this program to decrypt the message:
http://wbstego.wbailer.com/
@Jeff i guess you owe me a thank you
if i did not ask the hotel staff to enter the hotel this morning they would not have found it, i guess…says a slightly dissapointed guy…
Wow, sounds like an enormous amount of fun… Any chance you’ll be doing something like this in Vancouver? I wanna play!
Lee, too much CSI I think
)) great game
So, GPS device, UV light – I wonder what else we’ll need for London…
@Marien thanks for asking
.
I understand you’re dissappointed; chapeau to you, and Bertrand, for deciphering the code so fast.
Snifff
Sounds like fun
Will you drop something in Berlin? 
@Bertrand Larrieu, bow and hats off
Actually you should have give a copy to the security guy/girl.
As he/she was the one who found it…
Nice puzzle Lee!
Any clue why those numbers were chosen??
Wow! London! That’s cool! Waiting for you eagerly!
Definitely props for Bertrand Larrieu for writing a custom AS3 class to decipher the code!
London yeh?
Bring it on I say
lol. awesome!
You might want to be careful where you leave it in London Lee, at the moment we’re still on a heightened terrorist alert. We might all turn up at the drop zone and find it being detonated under a lead dome by the bomb squad
Get out into the countryside…you know you want to
Just great Lee!
heheh come to poland ! ;]
I would have been way too hit from Barney’s to even get 1/2 way there…
It’s all about the pancakes with a milkshake!
I think i might just follow you out the airport when you land in London Lee… which airport??? joking!
Looking forward to Flashcamp
Hey Lee, can you please show to comunity the AS3 code you use to set the secret message on the .bmp image? Many thnks.
????????????Google baidu????????????????bmpdecoder??????????
http://weuio.com/2009/02/21/2266.html
Hey, it was fun to look for it, Ive wrote the decode-thing also, but needed some time to get that bmp pixels are ordered from down to top in the file
Anyway, cheers for everyone we met at the hotel next to the wall
and icemachine. Open bar at the boat sweetened out dissapointment 
That is quite a story! I’d be careful, though.. you probably have the attention of MI-6/CIA/FBI/McDonalds by now…
This was a great post. I love reading things that jump about in tangents while I actually learn something. Great discussion I got a few good laughs.