DRG
DRG Online Challenge November 2013 Solution
2013-12-02

We received only one submission for the November challenge. Vytautaus Krakauskas must now be acknowledged as the DRG challenge master as he has turned in a correct submission to all of our online challenges thus far. Björn Zettergren, a regular contributor gets a honorable mention. He came within reaching distance, but didn't quite cross the finish line before his alloted time was exhausted. We may have made this sufficiently difficult to have found a bar for our players. We'll be able to better judge after the next challenge as we think we've lowered it enough that most serious players should be able to complete it. By default, but well deserved, we're giving the bragging rights this month to Vytautaus Krakauskas, take it away Vytautaus...

First I entered all zeros as the password to see plain data in case XOR was used. An Second action was to look at the page source code which contained a peculiar comment with IP, port, date and time of the request. Then I resubmitted the same password for a few times to see if the string would change and it did. I looked at the end of the string which was changing and quickly recognized time from the comment. The trick was that the nibbles of each byte were swapped. Also minutes and seconds were in a slightly different format. The first part of the date resembled numbers in ASCII string so I presumed that everything should be a string. If I would enter another password, the date part would change, so I decided to write a small python script and check if it would reveal an obvious key by XOR'ing the encrypted string with the the comment. And that was it, the output (reformatted) was "Your password was: 0000000000000000\x00\x00\x00\x00"

To confirm I used TOR to get a different IP and picked another password:

Password: 000001715badc0de

The comment in HTML code:

<!-- Logged: 94.242.204.74:47614 @ 20131102 18:35:28 -->

And the encoded string:

06b5b5044124f4143434145405a1346554b0410107012000004000402535442580e56553a32383

Python script:

  1. from binascii import unhexlify
  2. def swap(byte):
  3.      a=(byte & 0xf0) >> 4
  4.      b=byte & 0x0f
  5.      return (b << 4) | a
  6. secret=unhexlify('06b5b5044124f414...2580e56553a32383')
  7. text='94.242.204.74:47614 @ 20131102 18:35:28'
  8. sbytes = [ord(x) for x in secret]
  9. tbytes = [ord(x) for x in text]
  10. i=0
  11. for b in sbytes:
  12.      sb = swap(b)
  13.      x = sb ^ tbytes[i]
  14.      print "%02x %02x(%s) %02x(%s)" % (sb, tbytes[i],text[i], x, chr(x))
  15.      i += 1

The output:

60 39(9) 59(Y)
5b 34(4) 6f(o)
5b 2e(.) 75(u)
40 32(2) 72(r)
14 34(4) 20( )
42 32(2) 70(p)
4f 2e(.) 61(a)
41 32(2) 73(s)
43 30(0) 73(s)
43 34(4) 77(w)
41 2e(.) 6f(o)
45 37(7) 72(r)
50 34(4) 64(d)
1a 3a(:) 20( )
43 34(4) 77(w)
56 37(7) 61(a)
45 36(6) 73(s)
0b 31(1) 3a(:)
14 34(4) 20( )
10 20( ) 30(0)
70 40(@) 30(0)
10 20( ) 30(0)
02 32(2) 30(0)
00 30(0) 30(0)
00 31(1) 31(1)
04 33(3) 37(7)
00 31(1) 31(1)
04 31(1) 35(5)
52 30(0) 62(b)
53 32(2) 61(a)
44 20( ) 64(d)
52 31(1) 63(c)
08 38(8) 30(0)
5e 3a(:) 64(d)
56 33(3) 65(e)
35 35(5) 00()
3a 3a(:) 00()
32 32(2) 00()
38 38(8) 00()

That was fun, thank's as usual! :-)

For further details on how the challenge was constructed along with notes and write-ups from all challenge players who solved solved the challenge, please see the updated DRG Online Challenge November 2013 page. The newest, DRG Online Challenge December 2013 is now available. Visit the DRG Challenges page for information about all current, future and past challenges.

posted at 8:47 pm | permanent link



About DRG

Apply to DRG

Host a DRG Distro Pod

Insight & Analysis

Tools

Weekend Reads

Challenges

Security Innovation Grant

Mailing lists

DRG PGP public key

Follow us on Twitter Follow DragonResearch on Twitter


Feedback: dragon@dragonresearchgroup.org

Archives: