You may already know that the CRC-32 of any text can be forged if you can add 4 bytes anywhere in the text. See anarchriz's paper on the subject.
A real-world example of such a situation can be seen in JB's ESET CONFidence Crackme Writeup. Good code that I recently used it in another situation, in order to forge a text of a given CRC-32 by inserting 4 bytes at a specific position.
Wednesday, March 30, 2011
Saturday, March 26, 2011
Honeynet Project Public Conference
Last week was held the first-ever Honeynet project public conference in Paris at ESIEA. Great speakers, interesting conferences (slides online, CV+O notes) and nice people to meet at the social event.
During the conferences was also a small capture-the-flag (CTF) competition, which I played. It was composed of 8 challenges by Mark Schloesser and Felix Leder, including a forensic one by Guillaume Arcas. This is how the challenge board looked:
During the conferences was also a small capture-the-flag (CTF) competition, which I played. It was composed of 8 challenges by Mark Schloesser and Felix Leder, including a forensic one by Guillaume Arcas. This is how the challenge board looked:
Wednesday, March 09, 2011
Insomni'hack GPGPU reversing
One of the reversing challenges was exotic: we were given a ciphertext (ohv'c~f3ehnw4byzzky), a GPGPU file (kernel.bin) of the encryption routine, and the Instruction Set Architecture (ISA) of this GPU.
Since I have never played with GPGPUs (code/assembly/whatever), it seemed hard at first glance. But actually not! Open kernel.bin and see that there's some kind of disassembly. Good! And pretty small, roughly 80 lines of code.
I will explain how I reversed it and reimplemented it in Python to have the same encryption routine, discovered that it was also the decryption routine, and just run it against the ciphertext to obtain the plaintext.
Since I have never played with GPGPUs (code/assembly/whatever), it seemed hard at first glance. But actually not! Open kernel.bin and see that there's some kind of disassembly. Good! And pretty small, roughly 80 lines of code.
I will explain how I reversed it and reimplemented it in Python to have the same encryption routine, discovered that it was also the decryption routine, and just run it against the ciphertext to obtain the plaintext.
Tuesday, March 08, 2011
Insomni'hack, Codegate and others
Last week-end was great. I was at Insomni'Hack 2011 security event organized by SCRT. Conferences during the day (read Bruno Kerouanton or Emilien Girault), security challenges during the evening (6pm-1am). Short time and adapted challenges, staff did great! We missed the internet but we had beers :)
I played the challenges with some friends and we ended up in the first place winning a nice trophee, a Fortinet Firewall, some tshirts and other goodies. Thanks SCRT! If you are interested in the challenges, shell-storm has mirrored some of them (offline ones at least) while Djo, Emilien Girault and Pascal Junod have already published some write-ups. Also, staff said they will publish all challenges and solutions soon.
Last week-end were also Codegate 2011 qualifications, which I unfortunately did not play this year. Different kind of challenges, strong competition. Many write-ups have been shared by @codegate_yut.
Also, some cool stuff ahead: Honeynet public conference, HITB Amsterdam CTF prequals, HES 2011, and maybe a Plaid Parliament of Pwning (PPP) CTF.
And if you don't know what to do, there's a new wargame at Smash The Stack: amateria. Worth playing :)
I played the challenges with some friends and we ended up in the first place winning a nice trophee, a Fortinet Firewall, some tshirts and other goodies. Thanks SCRT! If you are interested in the challenges, shell-storm has mirrored some of them (offline ones at least) while Djo, Emilien Girault and Pascal Junod have already published some write-ups. Also, staff said they will publish all challenges and solutions soon.
Last week-end were also Codegate 2011 qualifications, which I unfortunately did not play this year. Different kind of challenges, strong competition. Many write-ups have been shared by @codegate_yut.
Also, some cool stuff ahead: Honeynet public conference, HITB Amsterdam CTF prequals, HES 2011, and maybe a Plaid Parliament of Pwning (PPP) CTF.
And if you don't know what to do, there's a new wargame at Smash The Stack: amateria. Worth playing :)