Skip To Content

Crypto

A Game for Codebreakers.

View all Challenges Join our Hall of Fame

How to play

Few false ideas have more firmly gripped the minds of so many intelligent people than the one that, if they just tried, they could invent a cipher that no one could break.

The objective of this challenge is to make your way through our eight crypto challenges. These levels cover a wide range of topics, from steganography to cryptographic attacks.

We’ve set up a web service to generate levels. After obtaining an auth token from /api-token-auth/, you’ll be allowed to request levels. Each time you send a GET request to ‘/challenge/’, the backend generates a completely new challenge (with a new password). Once you’ve generated the challenge, you can submit password guesses by POST-ing to /challenge/<level>/. A correct guess will return a hash which can be sent to careers@praetorian.com. You must complete the levels in order, but you may submit your hash at any time.

Icon/Info

When you complete this challenge, send your resume along with the hash value you collected and any code used in the challenge to: careers@praetorian.com — Please remember to document your solutions and provide code where applicable.

Interacting with the API

The challenge API is documented below and all requests are sent to http://crypto.praetorian.com/

Icon/Info

NOTE: In each subsequent request, you’ll need to provide a special authentication header:
Authorization: JWT <token>
Please limit your requests to the crypto challenge APIs to no more than 1 per second. Exceeding this threshold will cause your requests to be inserted into a queue and you will receive delayed responses. If you continue to submit responses and the queue is full, you will start to receive HTTP 503 responses until the queue has additional space.

Method Action Details

POST

/api-token-auth/

Authenticate to the service. You only need an email address to obtain a token. Note: in each subsequent request, you’ll need to provide a special authentication header: Authorization: JWT <token>

Request:
{"email": "bobby.tables@example.com"}

Response:
{"token": "d2VsbCBhcmVuJ3QgeW91IGN1cmlvdXM/..."}

GET

/challenge/<level>/

Retrieve a new challenge and hint for a certain level. You must play levels in order, i.e. you cannot do level 8 before the previous 7 levels.

Response:
{"level": 1, challenge": "", "hint": ""}

POST

/challenge/<level>/

Attempt to solve a certain level. If you correctly solve the puzzle, you’ll receive a hash. Note: This hash may be sent to careers@praetorian.com at any time.

Request:
{"guess":"SubaquaticMastermind"}

Response:
{"hash":"796f75206d757374206265206120636174"}

GET

/hash/

At any point, you may request the hash corresponding to your current highest level.

Response:
{"level": 8, hash":"6f722061206d61727320726f766572"}

Getting started

To help get you started, we’ve included basic code needed to retrieve and solve challenges.

The code may require you to install the Requests Python module before running. If you don’t have this module installed already, follow the simple installation instructions before starting.

Python

Ruby

Winners Circle

Will you be next? We’ll be watching. But feel free to reach out via Twitter @PraetorianLabs.

We don't support Internet Explorer

Please use Chrome, Safari, Firefox, or Edge to view this site.