Cracking the DEFCON 33 Bug Bounty Village Challenge Coin

Written By Jorge Alberto Flores

Like every year, attending DEFCON means hacking, stickers, and, of course, challenge coins. If you ask me, ever since last year, the best coins have been from the Bug Bounty Village (BBV).

This year’s coin was something special, a gold triangle with a cryptic message and a small gold bug engraved on it. I knew right away it was going to be a fun challenge, so, just like last year, I set out to break the code.

 
 

Step 1: Letters and Symbols

First things first: let’s transcribe the text from each side of the coin.

Side 1:

Jr ubcr lbhe oht obhagl pnerre vf shyy bs ohtf naq tbyq

Side 2:

2?3 2‡?;: ¶600538 5; †81-‡ ;457) 45-78(‡8 1‡( ).‡)‡(63 ;48 -4500838 -‡6) -48-7 2?32‡?;:†81-‡ †‡; -‡9 )05)445-78(‡8-4500838-‡6*

Step 2: The Good Ol’ Caesar Cipher

If you’ve followed my past write-ups, you know my rule: when you see random letters A–Z, always try ROT13 first. For this challenge we can use CyberChef, a popular online tool to help us find the secret message.

 
 

Decoded message:

"We hope your bug bounty career is full of bugs and gold"

Not a bad warm-up.

Step 3: The Gold Bug Cipher

Well, that last message doesn’t really give us much, so we have to look at the second side of the coin. This one is a little bit more challenging. We have to take into account some of the clues found in the coin itself. The coin is gold and we find a little bug on the top corner. The message we see also includes the dagger (†) and paragraph signs (¶), which as far as I know only one cipher uses. The cipher we’re looking for is the Gold Bug cipher from the Edgar Allen Poe story! Using this site we can decode the message.

 
 

Decoded message:

"BUG BOUNTY VILLAGE AT DEFCON THANKS HACKERONE FOR SPONSORING THE CHALLENGE COINS CHECK BUGBOUNTYDEFCON DOT COM SLASHHACKERONECHALLNGECOIN"

We found a URL! Going to the website, we find a funny picture and the next piece of the puzzle.

 
 

Step 4: Morse Code Madness

The image contains Morse code. The real challenge is typing it all out on a morse code translator like this one here!

 
 

Using morse code, we find the secret code:

"CONGRATULATIONS FOR MAKING IT THIS FAR. IF YOU WANT TO UNLOCK THE BUG BOUNTY VILLAGE BADGE LIGHT RELATED TO THIS CHALLENGE TYPE THE FOLLOWING: ZERO ZERO ZERO ONE ZERO ONE ONE ZERO ONE ONE"

Step 5: Finding the light

The final message is clearly a badge unlock code. Unfortunately, I didn’t pick up a BBV badge this year, so I couldn’t test the light effect.

If you did grab one and want to try the code, send me a video or picture on X.com/@skycritch . I’d love to see it in action!

Wrap-Up

Another year, another Bug Bounty Village coin conquered! This one had a fun mix of ciphers:

  • ROT13 for the opener

  • Gold Bug cipher for the thematic core

  • Morse code for the final twist

And while I didn’t get to see the badge light up, solving the challenge was still a blast. Here’s to next year’s puzzle and maybe grabbing the badge in time.

Jorge Alberto Flores
Next

The Future of Hacking and Comics