You can read
Papers and Source Code
Terms & Conditions
nuggetsports.de: The ''real life'' code breaking/geocaching challenge - UPDATE: september 2011 code-breaking challenge has ended. Nobody was able to break the code!
nuggetsports.de: The real Treasure Hunt (puzzle/geo-caching challenge). Break a 6-character key and watch where 4 silver coins are buried in the Alps.
UPDATE: September 2011 code-breaking challenge has ended on October 09, 2011, which is exactly four weeks after the geocache was buried. Nobody was able to break the 36 bit code!
The password was
Everybody who wishes to verify the password can download the encrypted video
, as well as the
and decrypt the data.
The treasure hunt (36 bit code-breaking challenge) started on September 12, 2011. The geocache was buried at the location 47,74664 North 12,01105 East on September 11, 2011.
This is the original text:
Yes, it's true: guess a passphrase like "Susan8" or "Peter1" and you can dig out 4 silver coins in the Alps!
Break a 6-character GBPMC HASH/ GBPMC_V1 key consisting of only capital letters (A..Z), lower-case letters (a..z) and numbers (0..9) and you'll be able to watch a movie that contains the exact location of the silver coins. Dig them out and they are yours.
The challenge clearly has primarily an academic value rather than anything else. If the little movie was encrypted with the standard AES Rijndael cipher, the first gold diggers would show up at the site after a little more than 3 or 4 hours.
Well, here's the maths: 6 characters, each character selected from a set of 62 characters: 62^6=56.800.235.584 (approx. 57 billion possible key combinations)
A brute force attack on AES 128 runs at approx. 4.6 million key combinations per second. In order to try all possible 57 billion key combinations it consequently takes 12348 seconds (=3.43 hours) AT MAXIMUM.
Taking into account that silver is pretty expensive these days - why the heck are we nuts and give away liver coins that easily?
The truth is that the challenge is pretty hard. Of course we are not so stupid to use AES with short keys (although actually almost everybody does).
We use the GBPMC HASH/GBPMC_V1 hash/cipher combination. It's just a little harder to break than AES.
Who can take part and what is needed to take part at the challenge?
- everybody can !
- it's free !
you can even find the source code here !
All that you need is here:
Simply download our little
code breaker tool
for 32 bit Windows or 64 bit Windows.
The archive includes the executables (32- and 64 bit) as well as the complete source code
If you own a fast PC with many processor cores that are cooled very well, you have an advantage over other participants.
Then download the encrypted video
rename the file to "geocache.MOV._ciphertext_",
enter the full file path into the
code breaker tool
GBPMC HASH/GBPMC_V1 and limit keyspace to "only a-z and A-Z and 0-9". Finally hit the "Decrypt/Break File" button and then wait.
Once the correct password has been found by your computer, note it and enter it in the "password" edit box. Then hit the
"Decrypt/Break File" button. After a short time the file is decrypted and you can rename the file to geocache.mov. Watch it, note the GPS coordinates, jump into the car and dig out the silver coins.
Here's an AES 128 bit- encrypted MP3 file for testing
. the file should be renamed to "aes128_ecrypted_mp3_file.mp3._ciphertext_" ! You'll find the password pretty soon with the
code breaker tool
(select "AES 128" and
limit keyspace to "only a-z and A-Z and 0-9")
This is a summary of the files that you need to download from our downloads section:
Here's the code breater tool:
download code breaker tool here
And here's code that needs to be broken:
download the encrypted video here
. Please rename the file to "geocache.MOV._ciphertext_".
The challenge started on September 12, 2011