Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

can you crack it?

Comments

  • Closed Accounts Posts: 235 ✭✭The Outside Agency


    Looks like x86 assembly code :)
    Should be simple enough to crack.


  • Closed Accounts Posts: 2,267 ✭✭✭h57xiucj2z946q


    here is the data represented as text to save you time typing it out:
    http://pastebin.com/r8ACPb9N


  • Closed Accounts Posts: 235 ✭✭The Outside Agency


    Think I might be wrong about it being x86 assembly.


  • Registered Users, Registered Users 2 Posts: 6,265 ✭✭✭MiCr0


    eb 04 af c2 bf a3 81 ec   00 01 00 00 31 c9 88 0c 
    0c fe c1 75 f9 31 c0 ba   ef be ad de 02 04 0c 00 
    d0 c1 ca 08 8a 1c 0c 8a   3c 04 88 1c 04 88 3c 0c 
    fe c1 75 e8 e9 5c 00 00   00 89 e3 81 c3 04 00 00 
    00 5c 58 3d 41 41 41 41   75 43 58 3d 42 42 42 42 
    75 3b 5a 89 d1 89 e6 89   df 29 cf f3 a4 89 de 89 
    d1 89 df 29 cf 31 c0 31   db 31 d2 fe c0 02 1c 06 
    8a 14 06 8a 34 1e 88 34   06 88 14 1e 00 f2 30 f6 
    8a 1c 16 8a 17 30 da 88   17 47 49 75 de 31 db 89 
    d8 fe c0 cd 80 90 90 e8   9d ff ff ff 41 41 41 41
    


  • Closed Accounts Posts: 235 ✭✭The Outside Agency


    nasm -f bin asm_code.asm
    ndisasm -b 32 asm_code.bin

    [PHP]00000000 EB04 jmp short 0x6
    00000002 AF scasd
    00000003 C2BFA3 ret 0xa3bf
    00000006 81EC00010000 sub esp,0x100
    0000000C 31C9 xor ecx,ecx
    0000000E 880C0C mov [esp+ecx],cl
    00000011 FEC1 inc cl
    00000013 75F9 jnz 0xe
    00000015 31C0 xor eax,eax
    00000017 BAEFBEADDE mov edx,0xdeadbeef
    0000001C 02040C add al,[esp+ecx]
    0000001F 00D0 add al,dl
    00000021 C1CA08 ror edx,0x8
    00000024 8A1C0C mov bl,[esp+ecx]
    00000027 8A3C04 mov bh,[esp+eax]
    0000002A 881C04 mov [esp+eax],bl
    0000002D 883C0C mov [esp+ecx],bh
    00000030 FEC1 inc cl
    00000032 75E8 jnz 0x1c
    00000034 E95C000000 jmp dword 0x95
    00000039 89E3 mov ebx,esp
    0000003B 81C304000000 add ebx,0x4
    00000041 5C pop esp
    00000042 58 pop eax
    00000043 3D41414141 cmp eax,0x41414141
    00000048 7543 jnz 0x8d
    0000004A 58 pop eax
    0000004B 3D42424242 cmp eax,0x42424242
    00000050 753B jnz 0x8d
    00000052 5A pop edx
    00000053 89D1 mov ecx,edx
    00000055 89E6 mov esi,esp
    00000057 89DF mov edi,ebx
    00000059 29CF sub edi,ecx
    0000005B F3A4 rep movsb
    0000005D 89DE mov esi,ebx
    0000005F 89D1 mov ecx,edx
    00000061 89DF mov edi,ebx
    00000063 29CF sub edi,ecx
    00000065 31C0 xor eax,eax
    00000067 31DB xor ebx,ebx
    00000069 31D2 xor edx,edx
    0000006B FEC0 inc al
    0000006D 021C06 add bl,[esi+eax]
    00000070 8A1406 mov dl,[esi+eax]
    00000073 8A341E mov dh,[esi+ebx]
    00000076 883406 mov [esi+eax],dh
    00000079 88141E mov [esi+ebx],dl
    0000007C 00F2 add dl,dh
    0000007E 30F6 xor dh,dh
    00000080 8A1C16 mov bl,[esi+edx]
    00000083 8A17 mov dl,[edi]
    00000085 30DA xor dl,bl
    00000087 8817 mov [edi],dl
    00000089 47 inc edi
    0000008A 49 dec ecx
    0000008B 75DE jnz 0x6b
    0000008D 31DB xor ebx,ebx
    0000008F 89D8 mov eax,ebx
    00000091 FEC0 inc al
    00000093 CD80 int 0x80
    00000095 90 nop
    00000096 90 nop
    00000097 E89DFFFFFF call dword 0x39
    0000009C 41 inc ecx
    0000009D 41 inc ecx
    0000009E 41 inc ecx
    0000009F 41 inc ecx[/PHP]

    After seeing who running the challenge (GHCQ), probably not so easy at all!
    There are 3 stages.

    EDIT: I can't run this code at moment but it probably gives you some hint or answer for next stage.


  • Advertisement
  • Closed Accounts Posts: 2,267 ✭✭✭h57xiucj2z946q


    I see 0xdeadbeef in your asm listing ! Something base 64'ish in the cyper.png header also.


  • Closed Accounts Posts: 235 ✭✭The Outside Agency


    must be more code?

    hexdump cyber.png

    00000000: 89 50 4E 47 0D 0A 1A 0A - 00 00 00 0D 49 48 44 52 | PNG        IHDR|
    00000010: 00 00 02 E4 00 00 01 04 - 08 02 00 00 00 EF 6A B6 |              j |
    00000020: 2D 00 00 00 01 73 52 47 - 42 00 AE CE 1C E9 00 00 |-    sRGB       |
    00000030: 00 09 70 48 59 73 00 00 - 0B 13 00 00 0B 13 01 00 |  pHYs          |
    00000040: 9A 9C 18 00 00 00 07 74 - 49 4D 45 07 DB 08 05 0E |       tIME     |
    00000050: 12 33 7E 39 C1 70 00 00 - 00 5D 69 54 58 74 43 6F | 3~9 p   ]iTXtCo|
    00000060: 6D 6D 65 6E 74 00 00 00 - 00 00 51 6B 4A 43 51 6A |mment     QkJCQj|
    00000070: 49 41 41 41 43 52 32 50 - 46 74 63 43 41 36 71 32 |IAAACR2PFtcCA6q2|
    00000080: 65 61 43 38 53 52 2B 38 - 64 6D 44 2F 7A 4E 7A 4C |eaC8SR+8dmD/zNzL|
    00000090: 51 43 2B 74 64 33 74 46 - 51 34 71 78 38 4F 34 34 |QC+td3tFQ4qx8O44|
    000000a0: 37 54 44 65 75 5A 77 35 - 50 2B 30 53 73 62 45 63 |7TDeuZw5P+0SsbEc|
    000000b0: 59 52 0A 37 38 6A 4B 4C - 77 3D 3D 32 CA BE F1 00 |YR 78jKLw==2    |
    


  • Closed Accounts Posts: 235 ✭✭The Outside Agency


    I see now when you decode the comment :

    QkJCQjIAAACR2PFtcCA6q2eaC8SR+8dmD/zNzLQC+td3tFQ4qx8O447TDeuZw5P+0SsbEcYR78jKLw==

    Disassemble, looks like more code.

    [PHP]
    00000000 42 inc edx
    00000001 42 inc edx
    00000002 42 inc edx
    00000003 42 inc edx
    00000004 3200 xor al,[eax]
    00000006 0000 add [eax],al
    00000008 91 xchg eax,ecx
    00000009 D8F1 fdiv st1
    0000000B 6D insd
    0000000C 7020 jo 0x2e
    0000000E 3AAB679A0BC4 cmp ch,[ebx-0x3bf46599]
    00000014 91 xchg eax,ecx
    00000015 FB sti
    00000016 C7 db 0xc7
    00000017 660FFCCD paddb xmm1,xmm5
    0000001B CC int3
    0000001C B402 mov ah,0x2
    0000001E FA cli
    0000001F D7 xlatb
    00000020 77B4 ja 0xffffffd6
    00000022 54 push esp
    00000023 38AB1F0EE38E cmp [ebx-0x711cf1e1],ch
    00000029 D30DEB99C393 ror dword [dword 0x93c399eb],cl
    0000002F FE db 0xfe
    00000030 D12B shr dword [ebx],1
    00000032 1B11 sbb edx,[ecx]
    00000034 C6 db 0xc6
    00000035 11EF adc edi,ebp
    00000037 C8 db 0xc8
    00000038 CA db 0xca
    00000039 2F das
    [/PHP]

    instructions aren't valid format but the 0x42424242 at the beginning makes me think it's just obfuscated.


  • Closed Accounts Posts: 3,981 ✭✭✭[-0-]


    http://lolhax.org/2011/12/03/can-you-crack-it/


    mod edit: this link is to a detailed solution. do not click if you are working on it yourself. LoLth


  • Closed Accounts Posts: 2,267 ✭✭✭h57xiucj2z946q


    [-0-] wrote: »
    http://lolhax.org/2011/12/03/can-you-crack-it/


    mod edit: this link is to a detailed solution. do not click if you are working on it yourself. LoLth


    Alot of that way way beyond me!


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 126 ✭✭infodox


    Use google and the site: operator for a lulzy solution, however that is public now and gives you a load of news sites instead.


Advertisement