XR3X

Jump to content


Photo

Cyber Challenge


  • You cannot start a new topic
  • Please log in to reply
30 replies to this topic

#21 x58

x58

    Advanced

  • Administrators
  • 4,076 posts
Contributor

Posted 02 February 2014 - 02:00 PM

Take that dutch one and post here if possible. :)


I don't have the files.. Ask Lupo.

#22 Hess

Hess

    Intelligence Service

  • Loyalist
  • 3,549 posts
  • LocationBelgrade
Contributor

Posted 02 February 2014 - 09:42 PM

He wont put them. :S



#23 IamLupo

IamLupo

    Intermediate Member

  • Loyalist
  • 167 posts
Contributor

Posted 03 February 2014 - 12:42 AM

Here you can download the challange:

Please Login or Register to see this Hidden Content

This crypt.exe was one of the challange. It has nesty debug tricks. ;)


  • Hess likes this

#24 karcrack

karcrack

    Advanced Member

  • Members ++
  • 435 posts

Posted 03 February 2014 - 08:42 AM

It was the first crypto-challenge I tried and was fun but I'm not ready yet for this kind of challenges yet :P  Hopefully after reading your solution everything will seem obvious :ph34r:

 

My guess is that GenerateKey() is linear and can be inverted. I'm really looking forward your solution. It's really unpleasant being unable to finish the challenge   Hope I'll end up learning something and next time you post a challenge I will beat the crap out of it ^_^


  • Hess and IamLupo like this

(PGP ID)

ASM, C, C++, VB6... skilled [malware] developer


#25 Hess

Hess

    Intelligence Service

  • Loyalist
  • 3,549 posts
  • LocationBelgrade
Contributor

Posted 03 February 2014 - 08:54 AM

"El Pistolero" , don't be disappointed , it is harder than it looks. :)


  • karcrack likes this

#26 IamLupo

IamLupo

    Intermediate Member

  • Loyalist
  • 167 posts
Contributor

Posted 03 February 2014 - 09:43 AM

It was the first crypto-challenge I tried and was fun but I'm not ready yet for this kind of challenges yet :P  Hopefully after reading your solution everything will seem obvious :ph34r:

 

My guess is that GenerateKey() is linear and can be inverted. I'm really looking forward your solution. It's really unpleasant being unable to finish the challenge   Hope I'll end up learning something and next time you post a challenge I will beat the crap out of it ^_^

 

I have to agree :P It is hard :D Even nice to see you tried. I also took a step back at this challange. And give it later on a chance. My second try i beated it up :P


  • Hess likes this

#27 Hess

Hess

    Intelligence Service

  • Loyalist
  • 3,549 posts
  • LocationBelgrade
Contributor

Posted 03 February 2014 - 11:40 AM

This original one , don't You dare to give any advice ! At least , to me , I wanna try it as hard as possible. :)



#28 IamLupo

IamLupo

    Intermediate Member

  • Loyalist
  • 167 posts
Contributor

Posted 07 February 2014 - 01:43 AM

Hey guys, we are now 2 weeks later and still nobody has cracked my challange. I promised you to give you the answers. I wrote a C++ crack for this challange ;)

 

What you needed

If you looked at the source code you would figure out that you would need the generated_key's and the master_key's to crack the file. The generated_key's already stored in the enc file at byte 8 untile byte 24. To get the master_key's is the challange and reverse it back to the password ;)

 

GenerateKey

The first thing you needed to figure out is that this had multiple vulnerabilities.

One of them is that master_key[3] has never been used. This means for decryption you don't need master_key[3].

Second in the "For_Loop_J" it takes key_values to scrumble the generat_key's. But what you will notice is that the first bit never change. This means generate_key[0] never changes in "For_Loop_J".

Please Login or Register to see this Hidden Content

Thirt GenerateKey can be reversed if you have the output generate_key's and the master_key's.

Please Login or Register to see this Hidden Content

Known information:

Please Login or Register to see this Hidden Content

Crack Part 1:

Out encrypted file ended with *.zip.enc.... Hmmm, what filetype should it be guys? :D right zip! And what that means is that the decrypt file has to start with "0x04034b50".

What we know is enc_file_data[0] XOR generat_key[0] = 0x04034b50. Also generat_key[0] = 0x04034b50 XOR 0xbc7d475c.

What we now have is the input/output of generated_key[0] in the GenerateKey function. Input generated_key[0] = 0xac9b280d and Output generated_key[0] = 0xB87E0C0C. What we know of generated_key[0] is that it only influenced by master_key[0] and multiplied with 0xF97CE7B7. This way we can figure out master_key[0].

 

Crack Part 2:

Because we have the master_key[0] we can figure out the time of encryption. We do this with bruteforce the "InitMasterTimeKey" function.

 

Crack Part 3:

Because we know the master_key[0] we can check what the input generat_key[0] was when it generated the "enc_file_passwordhash". This value can help us figure out master_key[1] and master_key[2].

 

Crack Part 4:

Because we figured out this generat_key[0] we know in function "InitMasterKey" that:

Please Login or Register to see this Hidden Content

What we conclude is that the generat_key[0] ^ master_key[0] = master_key[2] ^ master_key[1]. We only need to bruteforce 2^32 possibilities to get master_key[1] and master_key[2]. With heuristics we figure out that our decryption makes a right zip file.

 

Crack Part 5:

We only need to figure out master_key[3]. We bruteforce it with InitMasterTimeKey and check out generat_key's with "enc_file_keys". This will find multiple options!

 

Crack Part 6:

Because we have multiple master_key[3] options we need to reverse all of them and look at the password if it has strange symbols or not. And bingo we got of the 43 options 1 that fits!

Please Login or Register to see this Hidden Content

The first 2 bytes is the length of our password. In this case it was 0x4C. to get the length "charters = 0xC4 - 0xC3 = 0x10 = 16 charters".

Because "InitKey" it added the 1e and 16e charter with each other. to generated the generat_key's. In this case it was 0x7B. Littlebit logic we could figure out that "H" + "3" becomes 0x7B :D

 

Result: "[email protected]@nDm3"

 

Download source code:

Please Login or Register to see this Hidden Content


  • x58, karcrack, delphifocus and 1 other like this

#29 Hess

Hess

    Intelligence Service

  • Loyalist
  • 3,549 posts
  • LocationBelgrade
Contributor

Posted 07 February 2014 - 02:40 AM

This is good , I have no clue what's the word of , so I can work on my own ! :D



#30 karcrack

karcrack

    Advanced Member

  • Members ++
  • 435 posts

Posted 07 February 2014 - 06:45 AM

I didn't thought of using ZIP headers because they can be anywhere in the file :(

 

Thanks for sharing the solution. It's nice to see the pattern to solve this kind of challenges:

1- Spot weakness in entropy.

2- Find a possible known plaintext.

3- PROFIT :D


  • x58, Hess and IamLupo like this

(PGP ID)

ASM, C, C++, VB6... skilled [malware] developer


#31 IamLupo

IamLupo

    Intermediate Member

  • Loyalist
  • 167 posts
Contributor

Posted 07 April 2014 - 10:19 AM

Project Source Code:

Please Login or Register to see this Hidden Content

Have fun! ^_^


  • Ravage, bruce, karcrack and 1 other like this