impossible-challenge.md

If it's so easy to guess a uuid, here you go

I ran crypto.randomUUID() twice on my machine.

The first ID was 15041508-fd38-4eda-bc1d-7b74e4738cd9

The second? That's your challenge.

I encrypted a text file with the following command:

openssl enc -aes-256-cbc -salt \
  -in impossible-challenge.txt \
  -out impossible-challenge.txt.enc \
  -pass pass:{2nd-uuid-goes-here}

If you can crack this UUID, I'll give you $1,000.

Tbh it will probably easier to brute force the decryption than to guess the right ID.

glhf 🫡

URL: https://ezkf3xv6eh.ufs.sh/f/3odeDX4eRzTNTR6yUXl7hyMRY9qSDBodia428EnbJtWKgZzp

Is this the correct UUID?

@t3dotgg

Is it the correct one?

Why not checking yourself first?

openssl enc -d -aes-256-cbc -salt \
  -in impossible-challenge.txt.enc \
  -out impossible-challenge.txt.dec \
  -pass pass:7dbf5a58-3163-4e43-b06e-9957168c40fc
*** WARNING : deprecated key derivation used.
Using -iter or -pbkdf2 would be better.
bad decrypt
40C8BCEE01000000:error:1C800064:Provider routines:ossl_cipher_unpadblock:bad decrypt:providers/implementations/ciphers/ciphercommon_block.c:107:

cat impossible-challenge.txt.dec
ThK�n���|E�̵�z<3*�hJ�n���;gpϹ��`�q�sFn��%                                                                                                                                                                                                             

Is this the correct UUID?

@t3dotgg
Is it the correct one?

Why not checking yourself first?

openssl enc -d -aes-256-cbc -salt \
  -in impossible-challenge.txt.enc \
  -out impossible-challenge.txt.dec \
  -pass pass:7dbf5a58-3163-4e43-b06e-9957168c40fc
*** WARNING : deprecated key derivation used.
Using -iter or -pbkdf2 would be better.
bad decrypt
40C8BCEE01000000:error:1C800064:Provider routines:ossl_cipher_unpadblock:bad decrypt:providers/implementations/ciphers/ciphercommon_block.c:107:

cat impossible-challenge.txt.dec
ThK�n���|E�̵�z<3*�hJ�n���;gpϹ��`�q�sFn��%                                                                                                                                                                                                             

The words from the decrypt must be valid English

checking

Is this the correct UUID?

@t3dotgg
Is it the correct one?

Why not checking yourself first?

openssl enc -d -aes-256-cbc -salt \
  -in impossible-challenge.txt.enc \
  -out impossible-challenge.txt.dec \
  -pass pass:7dbf5a58-3163-4e43-b06e-9957168c40fc
*** WARNING : deprecated key derivation used.
Using -iter or -pbkdf2 would be better.
bad decrypt
40C8BCEE01000000:error:1C800064:Provider routines:ossl_cipher_unpadblock:bad decrypt:providers/implementations/ciphers/ciphercommon_block.c:107:

cat impossible-challenge.txt.dec
ThK�n���|E�̵�z<3*�hJ�n���;gpϹ��`�q�sFn��%                                                                                                                                                                                                             

Saw the tweet in transit, still in transit.

is the content of the file "The quick brown fox jumps over the lazy dog"?

Guys I think I found it, is it 892ca870-c4bf-4d1b-9ebe-c98003454635?

Oh shit wrong account

hello from stream

Thank you @t3dotgg i had the time of my life. i feel like we need to sign a yearbook or something

We.re.gonna.be.friends._.mp4

Theoretically, and that caries a lot of meaning in this sentance, if you knew a way to predict openSSL's RAND_bytes method's next output from it's previous few inputs. In this case [21, 4, 21, 8, 253, 56, 78, 218, 188, 29, 123, 116, 228, 115, 140, 217]. You could get the next few bytes, meaning you could know what the rest of node's uuidData variable is filled with, meaning you could convert that to hex and format it into a UUID. Only issue is the whole predicting openSSL's RAND_bytes method's next output.