Solving the 'Ghost in the Wires' ciphers

Before I was even done reading Ghost in the Wires, I had to start solving the little ciphers that introduce each chapter.

I know there are probably hundreds of solutions online, but I really wanted to see if I could solve them on my own and learn a few new ciphers along the way.

As you'll see, this article is a work in progress, and it mostly serves to register my approach to solving each challenge, if you're interested in all the solutions, you can check Drew Dunne's blog.

Chapter 1 | Rough Start

Max vhlm hy max unl wkboxk B nlxw mh ingva fr hpg mktglyxkl

Just by looking at the text we get the feeling that it's a valid sentence: it starts with an uppercase letter, all the characters are letters, there are longer words separated by shorter words, etc.

So, it was only natural that the cipher was a simple ROT13, which I quickly checked using CyberChef.

Cipher: ROT13 with shift=7
Question: The cost of the bus driver I used to punch my own transfers.
Solution: $15

Chapter 2 | Just Visiting

Estd mzzv esle elfrse xp szh ez ncplep yph topyetetpd hspy T hld l acp-eppy

Again, the text looked like a valid sentence, so basically the same as the previous answer just with a different shift.

Cipher: ROT13 with shift=15
Question: This book that taught me how to create new identities when I was a pre-teen.
Solution: The Paper Trip by Barry Reid.

Chapter 3 | Original Sin

pbzfsobp dkfobtpkx lq pbkfi ppbkfpry aoxtolc iixz lq abpr bobt pbzfsba cl bmvq obail bpbeQ

The uppercase letter at the end of the sentence made me think the chars were reversed. After that, it was just a matter of finding the shift for the ROT13 cipher once again, which turned out to be 3, also known as Ceaser Cipher.

Cipher: Reverse | Ceaser Cipher
Question: These older type of devices were used to call forward business lines to answering services.
Solution:

Chapter 4 | Escape Artist

gsvmznvlugsvnzrmuiznvhrszxpvwzgfhxrmgsvzikzmvgwzbh

This one was pure trial and error using CyberChef:

Cipher: Atbash
Question: The name of the mainframes I hacked at USC in the ARPANET days.
Solution: COSMOS

Chapter 5 | All Your Phone Lines Belong To Me

jbi ujt veo eco ntk iwa lhc eeo anu uir trs hae oni rfn irt toh imi ets shs !eu

After much overthinking, this one was as easy as "stacking" the words and reading the letters from top to bottom, starting from the last column:

Cipher: Reading letters of each word top to bottom, from the last column.
Question: I took a course on this subject when I ran from the juvenile authorities!
Solution: Criminal Justice

Chapter 6 | Will Hack for Love

bmFtZXRoZWNvbXBhbnl3aGVyZWJvbm5pZXdhc2VtcGxveWVkd2hlbndlc3RhcnRlZGRhdGluZw==

The equal signs at the end is a dead giveaway for Base64.

Cipher: Base64
Question: Name the company where Bonnie was employed when we started dating.
Solution: GTE

Chapter 7 | Hitched in Haste

multbqncannqenabrhfgacnqogehchetbkkebmsqgkncchebr

This was one of the hardest, since I wasn't expecting that you'd need to use the answer from the previous cipher.

I ended up not being able to crack this one myself, and had to check Fabien Sanglard's solution and then tested it for myself using an online Subtitution Cipher decrypter.

Cipher: Substitution cipher when alphabet starts with 'GTE', the solution for the previous question.
Question: Number of door codes I had for Pacific Bell central offices.
Solution: 11

Chapter 8 | Lex Luthor

'siass nuhmil sowsra amnapi waagoc ifinti dscisf iiiesf ahgbao staetn itmlro

Pretty similar to chapter 5, found the solution by "stacking" the words and reading each character from the bottom-left to the top-right:

Cipher: Stacking words | Read from bottom-left to top-right
Question: I said I wasn't this famous magician while beging a smartass to prision officials.
Solution: Harry Houdini

Chapter  9 | The Kevin Mitnick Discount Plan

tvifafwawehes hsesoonvtlimaeloemtcagmen irnoerrldony

Again, wasn't able to crack this one by myself and had to check Drew Dunne's solution, but this turned out to be a simple Rail fence Cipher ... should've guessed it :/

Cipher: Rail fence Cipher

t...v...i...f...a...f...w...a...w...e...h...e...s
.h.s.e.s.o.o.n.v.t.l.i.m.a.e.l.o.e.m.t.c.a.g.m.e.n
..i...r...n...o...e...r...r...l...d...o...n...y...

Question: This version of NOVATEL firmware allowed me to change my ESN 
Solution: 1.05

Chapter 10 | Mistery Hacker

gnkusr ooursnsisti ttnotoihiec rolwaintmlk ovtgp

Inspired by the previous challenge, I was able to crack this Rail fence Cipher:

Cipher: Railfence Cipher

g........n.........k.........u.........s.........r....
.o......o..u......r..s......n..s......i..s......t..i..
..t....t....n....o....t....o....i....h....i....e....c.
...r..o......l..w......a..i......n..t......m..l......k
....o.........v.........t.........g.........p.........

Question: Got root on unlv workstation using this simple trick.
Solution: Turned on/off while repeatedly pressing Control+C

Chapter 11 | Foul Play

ow gw ty kc qb eb nm ht ud pc iy ty ik tu zo dp gl qt hd

This one absolutely blew my mind, I was just playing around with some online tools and came across this website.

To see how it worked, I entered this challenge and the answer was displayed immediately, along with the cipher: Playfair.

If I had known it before, this would be an easy challenge to break, since it's one of the most well-known techniques that encrypts pairs of letters (bigrams or digrams), instead of single letters.

Cipher: Playfair Cipher
Question: My brother Adam listened to this type of music.
Solution: Hip Hop

Chapter 12 | You can Never Hide

idniidhsubrseognteiyignuhrzdalrdietfetinmeablnigorcsnuatoiecli

SCWF to the rescue again.

Without much effort the site found the solution using Columnar Transposition (2 1).

Cipher: Columnar Transposition (2 1)
Question: I identified this number as belonging to Eric using unauthorized callerID.
Solution: 310 837-5412

Chapter 13 | The Wiretapper

qclgjq'acrjcrlmqnyrcpgursmzyddmbcnngrgmfupceylyk

Pretty straightforward, got it by playing around on CyberChef.

Cipher: ROT13 with shift=2 | Reverse
Question: Manager who I tipped off about wiretaps on teltec's lines.
Solution:

Chapter 14 | You Tap Me, I Tap You

c2VuaWxzJ2RhZHltbm9zcGF0ZXJpd2VodHRjZW5ub2NlcmRuYXNlbGVnbFzb2xvHlsZm90ZGFob2h3dG5lZ2F5dGlydWNlc2xsZWJjYXBlaHQ=

The equal sign at the end of the string made me think of Base64.

Once I Base64 decoded and reversed the entire string, part of the text was immediately readable.

I then removed the deciphered part of the string and tried the same process with the remaining chars.

Then, it was just a matter of tweaking the string until I could read the entire thing.

Cipher: (in parts) Base64 | Reverse
Question: The Pacbell Security agent who had to fly to Los Angeles and reconnect the wiretaps on my dad's lines.
Solution:

Chapter 15 | "How the fuck did you get that?"

ud mn cf ub mw re lb is ba of gx ty qc qh il ea ym nx bz ub he cf th is

Seeing pairs of letters made me think of the Playfair Cipher from Chapter 11.

Again, I found the solution by running the ciphered text through SCWF.

Cipher: Playfair Cipher
Question: This hacker we showed off SAS to while at Hamburger Hamlet.
Solution: Eric Heinz

Chapter 16 | Crashing Eric’s Private Party

7\3|2\9|3\5|4/0/8/2|6\7/0/4\4\5/6/6\5/7/8/9|7\8/7|9\5/9\2\3\5\7/8|2/0/8|2/6|6|2|7\7\0\4\9|

Definitely couldn't solve this on my own and had to go back to Drew Dunne's solutions to crack it.

This cipher starts with a Phone Keypad Cipher, i.e.: each number represents a key in a phone keypad:

("2", "ABC");
("3", "DEF");
("4", "GHI");
("5", "JKL");
("6", "MNO");
("7", "PRS");
("8", "TUV");
("9", "WXY");
("0", "Q Z");

and "the slashes represent which letter in the group of three it makes":

\: left, |: middle and /: right

Once we replace this, we get: PEAXDKIZVBMSZGGLOMLSVXPVRWLWADJSUCZUCNNBPPQGX

To get the actual question we again have to use the solution to the last cipher to crack the Viginère cipher:

Cipher: Phone dial key pag cipher + Vigenère
Question: I asked Eric for the key to this phone company facility Solution: --

Chapter 17 | Pulling Back the Curtain

100 0000 10 1 01 001 00 1000 1 010 11 000 0 0000 11 000 000111 00011 10000 11110 11000 00111 10000 11111 10000 11111

Initially I tried a couple of approaches thinking this was binary but after a lot of failure I decided to go with morse:

Where 1=. and 0=-:

.-- ---- .- . -. --. -- .--- . -.- .. --- - ---- .. --- ---... ---.. .---- ....- ..--- --... .---- ..... .---- .....

This results in W#AENGMJEKIOT#IO:814271515.

Where 0=. and 1=-:

-.. .... -. - .- ..- .. -... - .-. -- ... . .... -- ... ...--- ...-- -.... ----. --... ..--- -.... ----- -.... -----

This results in DHNTAUIBTRMSEHMS#369726060.

Using a Rail fence cipher on the letters first:

D...H...N...T...A...U...I...B...T...R...M...S...E...H...M...S...#
W...A...E...N...G...M...J...E...K...I...O...T...#...I...O...:

# Removing every other char pair:

..H...T...U...B...R...S...H...S...#
W...A...N...M...E...I...T...I...:

what number is this:

And then on the numbers:

S...#...3...6...9...7...2...6...0...6...0
:...8...1...4...2...7...1...5...1...5

After some tweaking we get to the FBI's LA HQ: 310-477-6565.

Cipher: Morse code + Railway Cipher
Question: What number is this? 310-477-6565
Solution: The FBI's LA HQ.

Chapter 18 | Traffic Analysis

6365696a647a727573697775716d6d6e736e69627a74736a6f7969706469737967647163656c6f71776c66646d63656d78626c6879746d796f6d71747765686a6a71656d756c70696b6a627965696a71

If we organize the numbers by pair, they look like valid hex, so I started with converting the data from hex to ASCII:

At this point I was stuck, turns out this was again a Vigenère Cipher using the last challenge's solution - LAFBI - and then reversed:

I can again thank Drew Dunne for the solution:

Cipher: Plaintext ~> Reversed ~> Vigenère with LAFBI ~> Hex
Question: I identified the FBI cell phones that where calling Eric by hacking to this cellular provider
Solution: PacTel Cellular

Chapter 19 | Revelations

hranmoafignwoeoeiettwsoeheneteelaefnbaethscvrdniyajspwrl

Pretty much the same as in Chapter 12: SCWF identified the cipher as Columnar Transposition Cipher in a heartbeat.

Cipher: Columnar Transposition ( 2 1)
Question: The real name of an FBI agent whose identity was Joseph Wernle.
Solution: Joseph Ways

Chapter 20 | Reverse Sting

yo kb pn oc ox rh oq kb oh kp ge gs yt yt hg sa li mt ob sa po po mk pl md

Same as chapters 11 and 15, but with a little more manual tweaking.

Cipher: Playfair Cipher
Question: The company Teltec hacked into to get information on people.
Solution: TRW

Chapter 21: Cat and Mouse

77726e6b7668656a77676b6b276c6d6b6274616672656567776c6a7368697a70726f6d79656c

To be solved

Chapter 22: Detective Work

opoybdpmwoqbcpqcygagpcgxbpusapdluscplchxwoisgyeasdcpopdhadfyaethis

To be solved

Chapter 23: Raided

1001 0111 01 00 0 0 101 011 1111 1110 1011 1111 101 0110 1111 1101 110 010 100 0 0100 11 1011 1011 000 10 101 01

To be solved

Chapter 24: Vanishing Act

anhgynnrtfafaqgmbhsuuzkzfbhbfk

To be solved

Chapter 25 | Harry Houdini

nhyitekmnryoogmwefehocttntnoauttosumooalgei

SCWF helped me again by finding a pretty good solution: applying a Skip Cipher (selecting every 3rd chard) and reversing the chars.

Cipher: Select every 3rd char | Reverse | Rearrange words

nhyitekmnryoogmwefehocttntnoauttosumooalgei
n__i__k__r__o__w__e__c__n__o__t__s__o__l__i
__y__e__n__o__m__f__o__t__n__u__o__m__a__e
_h__t__m__y__g__e__h__t__t__a__t__u__o__g

goutatthegymtheamountofmoneyilostonceworkin
g out at the gym the amount of money i lost once workin
the amount of money i lost once working out at the gym

Question: The amount of money I lost once working out at the gym.
Solution: $11.000

Useful Links

• CyberChef
• Solve Crypto with Force!
• quipqiup
• dCode.fr