can you crack it?

MiCr0 · 01-12-2011 1:24pm #1

any one tried this?

http://www.canyoucrackit.co.uk/

The Outside Agency · 01-12-2011 1:34pm

Looks like x86 assembly code

Should be simple enough to crack.

h57xiucj2z946q · 01-12-2011 1:38pm

here is the data represented as text to save you time typing it out:
http://pastebin.com/r8ACPb9N

The Outside Agency · 01-12-2011 1:40pm

Think I might be wrong about it being x86 assembly.

MiCr0 · 01-12-2011 1:41pm

eb 04 af c2 bf a3 81 ec   00 01 00 00 31 c9 88 0c 
0c fe c1 75 f9 31 c0 ba   ef be ad de 02 04 0c 00 
d0 c1 ca 08 8a 1c 0c 8a   3c 04 88 1c 04 88 3c 0c 
fe c1 75 e8 e9 5c 00 00   00 89 e3 81 c3 04 00 00 
00 5c 58 3d 41 41 41 41   75 43 58 3d 42 42 42 42 
75 3b 5a 89 d1 89 e6 89   df 29 cf f3 a4 89 de 89 
d1 89 df 29 cf 31 c0 31   db 31 d2 fe c0 02 1c 06 
8a 14 06 8a 34 1e 88 34   06 88 14 1e 00 f2 30 f6 
8a 1c 16 8a 17 30 da 88   17 47 49 75 de 31 db 89 
d8 fe c0 cd 80 90 90 e8   9d ff ff ff 41 41 41 41

The Outside Agency · 01-12-2011 2:14pm

nasm -f bin asm_code.asm
ndisasm -b 32 asm_code.bin

[PHP]00000000 EB04 jmp short 0x6
00000002 AF scasd
00000003 C2BFA3 ret 0xa3bf
00000006 81EC00010000 sub esp,0x100
0000000C 31C9 xor ecx,ecx
0000000E 880C0C mov [esp+ecx],cl
00000011 FEC1 inc cl
00000013 75F9 jnz 0xe
00000015 31C0 xor eax,eax
00000017 BAEFBEADDE mov edx,0xdeadbeef
0000001C 02040C add al,[esp+ecx]
0000001F 00D0 add al,dl
00000021 C1CA08 ror edx,0x8
00000024 8A1C0C mov bl,[esp+ecx]
00000027 8A3C04 mov bh,[esp+eax]
0000002A 881C04 mov [esp+eax],bl
0000002D 883C0C mov [esp+ecx],bh
00000030 FEC1 inc cl
00000032 75E8 jnz 0x1c
00000034 E95C000000 jmp dword 0x95
00000039 89E3 mov ebx,esp
0000003B 81C304000000 add ebx,0x4
00000041 5C pop esp
00000042 58 pop eax
00000043 3D41414141 cmp eax,0x41414141
00000048 7543 jnz 0x8d
0000004A 58 pop eax
0000004B 3D42424242 cmp eax,0x42424242
00000050 753B jnz 0x8d
00000052 5A pop edx
00000053 89D1 mov ecx,edx
00000055 89E6 mov esi,esp
00000057 89DF mov edi,ebx
00000059 29CF sub edi,ecx
0000005B F3A4 rep movsb
0000005D 89DE mov esi,ebx
0000005F 89D1 mov ecx,edx
00000061 89DF mov edi,ebx
00000063 29CF sub edi,ecx
00000065 31C0 xor eax,eax
00000067 31DB xor ebx,ebx
00000069 31D2 xor edx,edx
0000006B FEC0 inc al
0000006D 021C06 add bl,[esi+eax]
00000070 8A1406 mov dl,[esi+eax]
00000073 8A341E mov dh,[esi+ebx]
00000076 883406 mov [esi+eax],dh
00000079 88141E mov [esi+ebx],dl
0000007C 00F2 add dl,dh
0000007E 30F6 xor dh,dh
00000080 8A1C16 mov bl,[esi+edx]
00000083 8A17 mov dl,[edi]
00000085 30DA xor dl,bl
00000087 8817 mov [edi],dl
00000089 47 inc edi
0000008A 49 dec ecx
0000008B 75DE jnz 0x6b
0000008D 31DB xor ebx,ebx
0000008F 89D8 mov eax,ebx
00000091 FEC0 inc al
00000093 CD80 int 0x80
00000095 90 nop
00000096 90 nop
00000097 E89DFFFFFF call dword 0x39
0000009C 41 inc ecx
0000009D 41 inc ecx
0000009E 41 inc ecx
0000009F 41 inc ecx[/PHP]

After seeing who running the challenge (GHCQ), probably not so easy at all!
There are 3 stages.

EDIT: I can't run this code at moment but it probably gives you some hint or answer for next stage.

h57xiucj2z946q · 01-12-2011 2:19pm

I see 0xdeadbeef in your asm listing ! Something base 64'ish in the cyper.png header also.

The Outside Agency · 01-12-2011 2:27pm

must be more code?

hexdump cyber.png

00000000: 89 50 4E 47 0D 0A 1A 0A - 00 00 00 0D 49 48 44 52 | PNG        IHDR|
00000010: 00 00 02 E4 00 00 01 04 - 08 02 00 00 00 EF 6A B6 |              j |
00000020: 2D 00 00 00 01 73 52 47 - 42 00 AE CE 1C E9 00 00 |-    sRGB       |
00000030: 00 09 70 48 59 73 00 00 - 0B 13 00 00 0B 13 01 00 |  pHYs          |
00000040: 9A 9C 18 00 00 00 07 74 - 49 4D 45 07 DB 08 05 0E |       tIME     |
00000050: 12 33 7E 39 C1 70 00 00 - 00 5D 69 54 58 74 43 6F | 3~9 p   ]iTXtCo|
00000060: 6D 6D 65 6E 74 00 00 00 - 00 00 51 6B 4A 43 51 6A |mment     QkJCQj|
00000070: 49 41 41 41 43 52 32 50 - 46 74 63 43 41 36 71 32 |IAAACR2PFtcCA6q2|
00000080: 65 61 43 38 53 52 2B 38 - 64 6D 44 2F 7A 4E 7A 4C |eaC8SR+8dmD/zNzL|
00000090: 51 43 2B 74 64 33 74 46 - 51 34 71 78 38 4F 34 34 |QC+td3tFQ4qx8O44|
000000a0: 37 54 44 65 75 5A 77 35 - 50 2B 30 53 73 62 45 63 |7TDeuZw5P+0SsbEc|
000000b0: 59 52 0A 37 38 6A 4B 4C - 77 3D 3D 32 CA BE F1 00 |YR 78jKLw==2    |

The Outside Agency · 01-12-2011 2:33pm

I see now when you decode the comment :

QkJCQjIAAACR2PFtcCA6q2eaC8SR+8dmD/zNzLQC+td3tFQ4qx8O447TDeuZw5P+0SsbEcYR78jKLw==

Disassemble, looks like more code.

[PHP]
00000000 42 inc edx
00000001 42 inc edx
00000002 42 inc edx
00000003 42 inc edx
00000004 3200 xor al,[eax]
00000006 0000 add [eax],al
00000008 91 xchg eax,ecx
00000009 D8F1 fdiv st1
0000000B 6D insd
0000000C 7020 jo 0x2e
0000000E 3AAB679A0BC4 cmp ch,[ebx-0x3bf46599]
00000014 91 xchg eax,ecx
00000015 FB sti
00000016 C7 db 0xc7
00000017 660FFCCD paddb xmm1,xmm5
0000001B CC int3
0000001C B402 mov ah,0x2
0000001E FA cli
0000001F D7 xlatb
00000020 77B4 ja 0xffffffd6
00000022 54 push esp
00000023 38AB1F0EE38E cmp [ebx-0x711cf1e1],ch
00000029 D30DEB99C393 ror dword [dword 0x93c399eb],cl
0000002F FE db 0xfe
00000030 D12B shr dword [ebx],1
00000032 1B11 sbb edx,[ecx]
00000034 C6 db 0xc6
00000035 11EF adc edi,ebp
00000037 C8 db 0xc8
00000038 CA db 0xca
00000039 2F das
[/PHP]

instructions aren't valid format but the 0x42424242 at the beginning makes me think it's just obfuscated.

[-0-] · 04-12-2011 6:14am

http://lolhax.org/2011/12/03/can-you-crack-it/

mod edit: this link is to a detailed solution. do not click if you are working on it yourself. LoLth

h57xiucj2z946q · 05-12-2011 3:26pm

[-0-] wrote: »

http://lolhax.org/2011/12/03/can-you-crack-it/

mod edit: this link is to a detailed solution. do not click if you are working on it yourself. LoLth

Alot of that way way beyond me!

infodox · 22-12-2011 1:01am

Use google and the site: operator for a lulzy solution, however that is public now and gives you a load of news sites instead.

can you crack it?

Comments