banner

[Rule] Rules  [Home] Main Forum  [Portal] Portal  
[Members] Member Listing  [Statistics] Statistics  [Search] Search  [Reading Room] Reading Room 
[Register] Register  
[Login] Loginhttp  | https  ]
 
Forum Index Thảo luận thâm nhập WOWHacker CTF's Crypto Challenges  XML
  [Article]   WOWHacker CTF's Crypto Challenges 18/08/2009 18:27:42 (+0700) | #1 | 190377
mrro
Administrator

Joined: 27/12/2001 05:07:00
Messages: 745
Offline
[Profile] [PM]
Hello bà con,

Đây là cái writeup về 2 cái crypto challenge trong cái WOWHacker's CTF mà mình tham dự với team CLGT tuần rồi. Do mình phải gửi cho bọn củ sâm nên phải viết tiếng Anh :-p.

Last week team CLGT took part in the WOWHacker CTF. I was in charged of crypto challenges, so I decide to write something about challenge 1 and challenge 10.

1. Challenge 1

http://221.143.48.96:8080/level1.jsp is...crazy hahaha. Only one or two teams could solve it until the author (hello hinehong :-D) gave out a list of 7 hints. I have designed some web-related crypto challenges (which you will see soon ^^) so I think the difficulty of challenge 1 relies on how fast people can guess the meaning of the cookie. It would be easier for the teams if the author sets the cookie as cookie = cipher + "|" + key. BTW, here's my solution.

When you access the link above, you'll see a bunch of javascripts. After decoding those javascripts (which I leave as exercise for readers), you'll see a form whose target is http://221.143.48.96:8080/you_are_the_man_but_try_again.jsp. This form accepts a parameter named "hong" which is either true or false. If you set hong=true, the server sends back a cookie like below:

id =pKCdQgyJb4dziUESVUv+5qBIoGwQgL2WB@ae506e

This looks like a base64 encoded string, but it's not. In fact you need to modify it a little bit before you can base64 decode it. This is, as I said previously, why this challenge is hard.

One experience I learn from this challenge is to guess the boundary between key and cipher text, one should try to truncate one character a time and base64 decode the string until he gets an output whose length in bytes is a multiple of 8 or 16, which are common block cipher's block length.

The cookie can be either "cipher + key" or "key + cipher", so one should try the above process in both cases. If you can't find any such output, then you know your theory is wrong, i.e. the cookie is in some other form. Fortunately, my theory is right in this case.

It turns out that the first 32 bytes of the cookie is the cipher text, and the rest 8 bytes is the key. It's a 8-bytes key, so this cookie should be encrypted by DES which is a popular 8-bytes key block cipher. I wrote a small python script to decrypt the it:

>>>from Crypto.Cipher import DES
>>>cookie = 'pKCdQgyJb4dziUESVUv+5qBIoGwQgL2WB@ae506e'
>>> key = cookie[32:]
>>> data = base64.b64decode(cookie[0:32])
>>> des = DES.new(key, DES.MODE_CBC)
>>> des.decrypt(data)
'wowhacke\xd6\xe0\xbc*e\xe7\n\xc7\x1a\xf92w6H\xfd\xe5'

Hmm. I remembered I tried to submit 'wowhacke' to the scoring server, but, of course, it's not the correct answer. Then I wasted the next hour to test various stupid theories to understand what the last 16 bytes of the output are.

It was not until I nearly gave up on this challenge, I realized the obvious: this is mode ECB stupid!!! Why on earth I always thought it's CBC? I changed the mode, and the result is:

>>> des = DES.new(key)
>>> des.decrypt(data)
'wowhacker@!hine@ipsec\x03\x03\x03'

Remember those '\x03\x03\x03'. You'll see them again in my crypto challenges smilie.

2. Challenge 10

http://mega.1280.com/file/VA9JDUSD/ is cool. In summary, the author sets a RSA private key as a property of a Java object, then he gives out the serialization stream of that object, and asks teams to recover the private key to decrypt a ciphertext.

So the first thing we must do is to understand how Java does serialization. I was never a fan of Java, so this is something completely new to me. But that's why I really enjoy playing capture the flag games. It forces me to learn new thing fast in a very short time.

I spent nearly 1 hour reading the spec, mostly on the object serialization stream protocol. Then I spent one and a half hour starring at my hex editor screen and acting as a binary parser which was, I don't know why I feel that, really fun (later on Tora of SexyPwndas fame showed me a much less painful way to recover the object. Thanks Tora!)

I recovered the RSA private key eventually. How to use it to decrypt the ciphertext in key.txt? While de-serializing the object, you would see that there's a field named tripleDesKey containing a 24-bit string which you can get by base64-decoding the last 32 bytes of the serialized object.

At first I thought I should use the RSA key to decrypt this 24-bit string to get the real tripleDesKey, and uses that key in turn to decrypt key.txt. This hybrid approach is the standard way to do encryption using public key cryptosystem. But you shouldn't expect anything standard in CTF, rite?

It turns out all that tripleDes key and ciphertext are just there to distract me. I have to admit that I don't like challenges giving false trails. You can either give good trails or no trail at all. Giving false trail is a sin :-P.

Anyway, if you look at key.txt, you'll see that its content is a 128-bytes string. 128-bytes = 1024-bit = the size of the modulus in the recovered RSA private key. So this string should be the ciphertext encrypted directly using the RSA private key. Indeed it is!

>>> from M2Crypto.RSA import *
>>> rsa = load_key('my_rsa_key')
>>> data = open('key.bin').read()
>>> rsa.private_decrypt(data, 3)
'\x00\x02#padding#x00isec@#$wowhacker!!'

There's a small minor issue that I intentionally left out. Can you find out what it is and resolve it yourself?

I hope you enjoy reading this. Happy hacking!

-m
http://tinsang.net

TetCon 2013 http://tetcon.org

Làm an toàn thông tin thì học gì?/hvaonline/posts/list/42133.html
[Up] [Print Copy]
  [Article]   WOWHacker CTF's Crypto Challenges 22/08/2009 15:15:30 (+0700) | #2 | 190806
[Avatar]
Jino_Hoang
Member

[Minus]    0    [Plus]
Joined: 09/04/2009 13:58:10
Messages: 239
Location: Mạng Internet
Offline
[Profile] [PM] [Yahoo!]
Bác có thể biên dich ra tiếng việt được không. Newbies bọn em không hiểu gfi cả
Đã Trở Lại - Ăn Hại Hơn Trước
[Up] [Print Copy]
  [Article]   WOWHacker CTF's Crypto Challenges 22/08/2009 16:07:22 (+0700) | #3 | 190815
[Avatar]
bolzano_1989
Journalist

[Minus]    0    [Plus]
Joined: 30/01/2007 12:49:15
Messages: 1406
Offline
[Profile] [PM]

Jino_Hoang wrote:
Bác có thể biên dich ra tiếng việt được không. Newbies bọn em không hiểu gfi cả
 

Newbie thì càng cần phải học tiếng Anh đó bạn.
Kiểm tra các file bạn nghi ngờ có virus:
http://goo.gl/m3Fb6C
http://goo.gl/EqaZt
http://goo.gl/gEF8e
Nhận mẫu virus qua FB: http://goo.gl/70Xo23
HVA Malware Response Team: kiemtravirus@gmail.com
Trợ giúp diệt virus: http://goo.gl/2bqxY
[Up] [Print Copy]
  [Article]   WOWHacker CTF's Crypto Challenges 26/08/2009 07:33:40 (+0700) | #4 | 191123
mrro
Administrator

Joined: 27/12/2001 05:07:00
Messages: 745
Offline
[Profile] [PM]
Toàn bộ writeup của team CLGT đang được đưa lên http://vnsecurity.net/blog.

-m
http://tinsang.net

TetCon 2013 http://tetcon.org

Làm an toàn thông tin thì học gì?/hvaonline/posts/list/42133.html
[Up] [Print Copy]
  [Article]   WOWHacker CTF's Crypto Challenges 26/08/2009 21:00:32 (+0700) | #5 | 191178
[Avatar]
gsmth
Elite Member

[Minus]    0    [Plus]
Joined: 15/02/2007 13:25:36
Messages: 749
Offline
[Profile] [PM] [WWW] [Yahoo!]

mrro wrote:
Toàn bộ writeup của team CLGT đang được đưa lên http://vnsecurity.net/blog.

-m 


Thanks mrro,

Các bác tiến bộ từng ngày. Chúc các bác mấy ngày sắp tới thành công ở Hàn smilie
[Up] [Print Copy]
[digg] [delicious] [google] [yahoo] [technorati] [reddit] [stumbleupon]
Go to: 
 Users currently in here 
1 Anonymous

Powered by JForum - Extended by HVAOnline
 hvaonline.net  |  hvaforum.net  |  hvazone.net  |  hvanews.net  |  vnhacker.org
1999 - 2013 © v2012|0504|218|