Megane Sport Forum banner

1 - 14 of 14 Posts

·
Registered
Joined
·
1,989 Posts
Discussion Starter · #1 ·
The Goverment are looking for new coders...

This is the entry test...

Can you crack it?

http://canyoucrackit.co.uk/index.asp

Ill get you started....

______________________________________________________________________

#include < stdio.h>
#include < stdint.h>
#include < malloc.h>
#include < stdlib.h>
#include < errno.h>
#include < string.h>
#include < time.h>
#include < sys/types.h>
#include < sys/mman.h>
#include < sys/utsname.h>


static char part1[] = {
0xeb, 0x04, 0xaf, 0xc2, 0xbf, 0xa3, 0x81, 0xec, 0x00, 0x01, 0x00, 0x00, 0x31, 0xc9, 0x88, 0x0c,
0x0c, 0xfe, 0xc1, 0x75, 0xf9, 0x31, 0xc0, 0xba, 0xef, 0xbe, 0xad, 0xde, 0x02, 0x04, 0x0c, 0x00,
0xd0, 0xc1, 0xca, 0x08, 0x8a, 0x1c, 0x0c, 0x8a, 0x3c, 0x04, 0x88, 0x1c, 0x04, 0x88, 0x3c, 0x0c,
0xfe, 0xc1, 0x75, 0xe8, 0xe9, 0x5c, 0x00, 0x00, 0x00, 0x89, 0xe3, 0x81, 0xc3, 0x04, 0x00, 0x00,
0x00, 0x5c, 0x58, 0x3d, 0x41, 0x41, 0x41, 0x41, 0x75, 0x43, 0x58, 0x3d, 0x42, 0x42, 0x42, 0x42,
0x75, 0x3b, 0x5a, 0x89, 0xd1, 0x89, 0xe6, 0x89, 0xdf, 0x29, 0xcf, 0xf3, 0xa4, 0x89, 0xde, 0x89,
0xd1, 0x89, 0xdf, 0x29, 0xcf, 0x31, 0xc0, 0x31, 0xdb, 0x31, 0xd2, 0xfe, 0xc0, 0x02, 0x1c, 0x06,
0x8a, 0x14, 0x06, 0x8a, 0x34, 0x1e, 0x88, 0x34, 0x06, 0x88, 0x14, 0x1e, 0x00, 0xf2, 0x30, 0xf6,
0x8a, 0x1c, 0x16, 0x8a, 0x17, 0x30, 0xda, 0x88, 0x17, 0x47, 0x49, 0x75, 0xde, 0x31, 0xdb, 0x89,
0xd8, 0xfe, 0xc0, 0xcd, 0x80, 0x90, 0x90, 0xe8, 0x9d, 0xff, 0xff, 0xff, 0x41, 0x41, 0x41, 0x41,
};

// code to dump the decrypted memory:
static const char dump_mem[] = {
0xba, 0x31, 0x00, 0x00, 0x00, // mov edx, 0x40
0x8d, 0x4f, 0xce, // lea ecx, [edi-0x32]
0x31, 0xdb, // xor ebx, ebx
0x43, // inc ebx (stdout)
0x31, 0xc0, // xor eax, eax
0xb0, 0x04, // add al, 0x4 - sys_write
0xcd, 0x80, // int 0x80
0x31, 0xdb, // xor ebx,ebx
0x43, // inc ebx
0x31, 0xd2, // xor edx,edx
0x42, // inc edx
0x68, 0x0a, 0x00,0x00, 0x00, // push 0xa
0x8d, 0x0c, 0x24, // lea ecx,[esp]
0xb8, 0x04, 0x00,0x00, 0x00, // mov eax, 0x4
0xcd, 0x80, // int 0x80 - sys_write
0x31, 0xdb, // xor ebx,ebx
0x31, 0xc0, // xor eax,eax
0x40, // inc eax
0xcd, 0x80, // int 0x80 - sys_exit
};

uint32_t patch_mem(char *ptr, size_t size)
{
uint32_t i;

for (i = 0; i < size; i++) {
if (*(uint16_t *)&ptr == 0x80cd) {
*(uint16_t *)&ptr = 0x45eb;
return 0;
}
}
return 1;
}

uint32_t check_arch(void)
{
struct utsname kernel_info;

uname(&kernel_info);
return strcmp(kernel_info.machine, "i686") ? 1 : 0;
}

int main(int argc, char **argv)
{
void *mem;

if (check_arch()) {
printf("[-] this program must run on a 64-bit architecture\n");
return 1;
}

printf("[*] allocating page aligned memory\n");
mem = memalign(4096, 4096);
if (!mem) {
printf("[-] error: %s\n", strerror(errno));
return 1;
}
memset(mem, 0, 4096);

printf("[*] setting page permissions\n");
if (mprotect(mem, 4096, PROT_READ | PROT_WRITE | PROT_EXEC)) {
printf("[-] error: %s\n", strerror(errno));
return 1;
}

printf("[*] copying payload\n");

memcpy(mem, part1, sizeof(part1));
memcpy(mem + sizeof(part1), part2, sizeof(part2));
memcpy(mem + sizeof(part1) + sizeof(part2), dump_mem, sizeof(dump_mem));

printf("[*] adding dump_mem payload\n");
if (patch_mem(mem, sizeof(part1))) {
printf("[-] failed to patch memory\n");
return 0;
}

printf("[*] executing payload..\n\n");

((int(*)(void))mem)();

return 0;
}


_________________________________________________________________________
 

·
Premium Member
Joined
·
1,820 Posts
I like this kind of stuff, but I don't have specialist skills, so I'm assuming it's beyond me. I can tell it's hexadecimal, but that's about as far as I can get!
 

·
Premium Member
Joined
·
3,292 Posts
Its not standard hexidecimal, there are combinations in there not covered by it, most of it is padded. Its a substitution cipher by the look of it.
 

·
Premium Member
Joined
·
3,292 Posts
Just did it. The source paddy found is off google, you can copy it into a file and call it part1.c but when you compile you find out its totally useless without part2.h

If anyone manages to crack it all that happens is you get redirected to a page which says:

"So you did it. Well done! Now this is where it gets interesting. Could you use your skills and ingenuity to combat terrorism and cyber threats? As one of our experts, you'll help protect our nation's security and the lives of thousands. Every day will bring new challenges, new solutions to find – and new ways to prove that you're one of the best."

With a link to the GCHQ jobs website...Pretty pointless really.
 

·
Registered
Joined
·
2,063 Posts
If anyone manages to crack it all that happens is you get redirected to a page which says:

"So you did it. Well done! Now this is where it gets interesting. Could you use your skills and ingenuity to combat terrorism and cyber threats? As one of our experts, you'll help protect our nation's security and the lives of thousands. Every day will bring new challenges, new solutions to find – and new ways to prove that you're one of the best."

With a link to the GCHQ jobs website...Pretty pointless really.
it said that in todays paper :p
 
1 - 14 of 14 Posts
Top