Make a donation

Author Topic: Can you crack it??  (Read 2712 times)

Offline rich83

  • Just look at my post count
  • ******
  • Thank You
  • -Given: 165
  • -Receive: 802
  • Posts: 13444
    • MK5 Golf GTI
  • My Ride: https://www.mk5golfgti.co.uk/forum/index.php?PHPSESSID=fdo4q41df95lbr8tit3lggvu0q&/topic,19740.0.html
Can you crack it??
« on: December 03, 2011, 09:26:54 am »
http://www.canyoucrackit.co.uk/

GCHQs latest recruitment drive.

Rich

Offline WhiteGTI

  • Just look at my post count
  • ******
  • Thank You
  • -Given: 29
  • -Receive: 22
  • Posts: 3222
  • F-A-S-T
Re: Can you crack it??
« Reply #1 on: December 03, 2011, 01:50:38 pm »
Wouldn't even know where to begin with that...
2008 Golf GTI - Revo Stage 2 NOW SOLD

2006 E46 BMW M3 - 343hp
2000 Lotus Elise Sport160 - 160hp

MPS

  • Guest
Re: Can you crack it??
« Reply #2 on: December 03, 2011, 02:03:26 pm »
Unless I'm very much mistaken, that looks like hexadecimal code.

Offline rich83

  • Just look at my post count
  • ******
  • Thank You
  • -Given: 165
  • -Receive: 802
  • Posts: 13444
    • MK5 Golf GTI
  • My Ride: https://www.mk5golfgti.co.uk/forum/index.php?PHPSESSID=fdo4q41df95lbr8tit3lggvu0q&/topic,19740.0.html
Re: Can you crack it??
« Reply #3 on: December 03, 2011, 02:18:49 pm »
Unless I'm very much mistaken, that looks like hexadecimal code.

It is hex.... thats as far as i got!  :signLOL:

Offline PDT

  • Just look at my post count
  • ******
  • Thank You
  • -Given: 3
  • -Receive: 142
  • Posts: 2010
    • Email
Re: Can you crack it??
« Reply #4 on: December 03, 2011, 03:34:26 pm »
Unless I'm very much mistaken, that looks like hexadecimal code.


Same format as  used in ECU software....  :evilgrin:

Offline rich83

  • Just look at my post count
  • ******
  • Thank You
  • -Given: 165
  • -Receive: 802
  • Posts: 13444
    • MK5 Golf GTI
  • My Ride: https://www.mk5golfgti.co.uk/forum/index.php?PHPSESSID=fdo4q41df95lbr8tit3lggvu0q&/topic,19740.0.html
Re: Can you crack it??
« Reply #5 on: December 03, 2011, 03:36:35 pm »
Unless I'm very much mistaken, that looks like hexadecimal code.


Same format as  used in ECU software....  :evilgrin:

Come on then.....  you and nick should be able to do this blind folded.  :grin:

Offline sub39h

  • Just look at my post count
  • ******
  • Thank You
  • -Given: 189
  • -Receive: 84
  • Posts: 1719
Re: Can you crack it??
« Reply #6 on: December 03, 2011, 03:36:53 pm »
go it... but i won't ruin it for the rest of you  :grin:
2006 Phantom Black A3 2.0T S-Line
DSG | Rear Parking Sensors | MFSW | BOSE | Auto lights/wipers | Half leather
MODS : '09 tail lights | TT vents | Bilstein B14 | RNS-E 2010 | AMI | AKS Tuning custom CAI | Titanium BBS VZs | NQS BBK | WALK | Autotech RARB | Bluemotion aero | Blueflame TBE | Autotech HPFP | MY11 Wing Mirrors | Bluetooth | S3 Intercooler
PLANS: Stage 2+

Offline monte

  • Just look at my post count
  • ******
  • Thank You
  • -Given: 116
  • -Receive: 134
  • Posts: 2747
  • Global Ruler
    • Deep-Shine Detail. Detailing-Wrapping-Tints. Lincoln.
  • My Ride: http://www.mk5golfgti.co.uk/forum/index.php/topic,67679.0.html
Re: Can you crack it??
« Reply #7 on: December 03, 2011, 05:22:10 pm »
Well just to be clever, where it says enter Keyword:………………………... I wrote "Keyword"  :laugh:
:laugh:
:laugh:
:laugh:
:laugh:
:laugh:
:laugh:
:laugh:
:laugh:
:laugh:
:laugh:
:laugh:
:laugh:
:laugh:
:laugh:
:laugh:
:laugh:
:laugh:
:laugh:
:laugh:
:laugh:
:laugh:
:laugh:
:laugh:
:laugh:
:laugh:
:laugh:
:laugh:
:laugh:
:laugh:
:laugh:
:laugh:
:laugh:
:laugh:
:laugh:
:laugh:
:laugh:
:laugh:
But it was incorrect  :sad1:

Offline B3n

  • Won't Shut up.
  • *****
  • Thank You
  • -Given: 25
  • -Receive: 29
  • Posts: 850
  • Boom!!!!
    • Email
Re: Can you crack it??
« Reply #8 on: December 03, 2011, 06:00:04 pm »
^^^^^^^^ :laugh: :laugh: :laugh: :laugh: :laugh: :laugh: :laugh: :laugh:

I done the same thing :signLOL:

Im awaiting the phone call with the job offer :signLOL:


My Flickr    Instagram: Chappers84

Offline 182_blue

  • Global Moderator
  • Just look at my post count
  • *
  • Thank You
  • -Given: 20
  • -Receive: 54
  • Posts: 3373
Re: Can you crack it??
« Reply #9 on: December 03, 2011, 09:23:52 pm »

Offline rob172cup

  • Always Involved
  • ****
  • Thank You
  • -Given: 0
  • -Receive: 2
  • Posts: 66
Re: Can you crack it??
« Reply #10 on: December 03, 2011, 09:31:17 pm »
:P :P
http://www.canyoucrackit.co.uk/soyoudidit.asp

i just used your link to apply ha ha they will soon realise im thick as sh*t !

Offline rich83

  • Just look at my post count
  • ******
  • Thank You
  • -Given: 165
  • -Receive: 802
  • Posts: 13444
    • MK5 Golf GTI
  • My Ride: https://www.mk5golfgti.co.uk/forum/index.php?PHPSESSID=fdo4q41df95lbr8tit3lggvu0q&/topic,19740.0.html

Offline Horatio

  • Won't Shut up.
  • *****
  • Thank You
  • -Given: 23
  • -Receive: 39
  • Posts: 733
Re: Can you crack it??
« Reply #12 on: December 03, 2011, 10:53:34 pm »
Quote
Could you use your skills and ingenuity to combat terrorism and cyber threats?

This made me laugh!  :stupid: :signLOL:
2007 Black Magic DSG Golf GTI Edition 30. No.1231
.:R32 "milk and juice come in 2 litres"
I run a dirty campervan, need scrubbers

Offline Deako

  • Just look at my post count
  • ******
  • Thank You
  • -Given: 38
  • -Receive: 44
  • Posts: 1655
  • Eat, Sleep....VAG
Re: Can you crack it??
« Reply #13 on: December 05, 2011, 08:32:53 am »
Here is the proper solution:

Quote
#include <stdio.h>
#include <stdint.h>
#include <malloc.h>
#include <stdlib.h>
#include <errno.h>
#include <string.h>
#include <time.h>
#include <sys/types.h>
#include <sys/mman.h>
#include <sys/utsname.h>

#include "part2.h" // see information above

static char part1[] = {
    0xeb, 0x04, 0xaf, 0xc2, 0xbf, 0xa3, 0x81, 0xec,   0x00, 0x01, 0x00, 0x00, 0x31, 0xc9, 0x88, 0x0c,
    0x0c, 0xfe, 0xc1, 0x75, 0xf9, 0x31, 0xc0, 0xba,   0xef, 0xbe, 0xad, 0xde, 0x02, 0x04, 0x0c, 0x00,
    0xd0, 0xc1, 0xca, 0x08, 0x8a, 0x1c, 0x0c, 0x8a,   0x3c, 0x04, 0x88, 0x1c, 0x04, 0x88, 0x3c, 0x0c,
    0xfe, 0xc1, 0x75, 0xe8, 0xe9, 0x5c, 0x00, 0x00,   0x00, 0x89, 0xe3, 0x81, 0xc3, 0x04, 0x00, 0x00,
    0x00, 0x5c, 0x58, 0x3d, 0x41, 0x41, 0x41, 0x41,   0x75, 0x43, 0x58, 0x3d, 0x42, 0x42, 0x42, 0x42,
    0x75, 0x3b, 0x5a, 0x89, 0xd1, 0x89, 0xe6, 0x89,   0xdf, 0x29, 0xcf, 0xf3, 0xa4, 0x89, 0xde, 0x89,
    0xd1, 0x89, 0xdf, 0x29, 0xcf, 0x31, 0xc0, 0x31,   0xdb, 0x31, 0xd2, 0xfe, 0xc0, 0x02, 0x1c, 0x06,
    0x8a, 0x14, 0x06, 0x8a, 0x34, 0x1e, 0x88, 0x34,   0x06, 0x88, 0x14, 0x1e, 0x00, 0xf2, 0x30, 0xf6,
    0x8a, 0x1c, 0x16, 0x8a, 0x17, 0x30, 0xda, 0x88,   0x17, 0x47, 0x49, 0x75, 0xde, 0x31, 0xdb, 0x89,
    0xd8, 0xfe, 0xc0, 0xcd, 0x80, 0x90, 0x90, 0xe8,   0x9d, 0xff, 0xff, 0xff, 0x41, 0x41, 0x41, 0x41,
};

// code to dump the decrypted memory:
static const char dump_mem[] = {
    0xba, 0x31, 0x00, 0x00, 0x00,   // mov    edx, 0x40
    0x8d, 0x4f, 0xce,               // lea    ecx, [edi-0x32]
    0x31, 0xdb,                     // xor    ebx, ebx
    0x43,                           // inc    ebx (stdout)
    0x31, 0xc0,                     // xor    eax, eax
    0xb0, 0x04,                     // add    al, 0x4           - sys_write
    0xcd, 0x80,                     // int    0x80
    0x31, 0xdb,                     // xor    ebx,ebx
    0x43,                           // inc    ebx
    0x31, 0xd2,                     // xor    edx,edx
    0x42,                           // inc    edx
    0x68, 0x0a, 0x00,0x00, 0x00,    // push   0xa
    0x8d, 0x0c, 0x24,               // lea    ecx,[esp]
    0xb8, 0x04, 0x00,0x00, 0x00,    // mov    eax, 0x4
    0xcd, 0x80,                     // int    0x80              - sys_write
    0x31, 0xdb,                     // xor    ebx,ebx
    0x31, 0xc0,                     // xor    eax,eax
    0x40,                           // inc    eax
    0xcd, 0x80,                     // int    0x80              - sys_exit
};

uint32_t patch_mem(char *ptr, size_t size)
{
    uint32_t i;

    for (i = 0; i < size; i++) {
        if (*(uint16_t *)&ptr == 0x80cd) {
            *(uint16_t *)&ptr = 0x45eb;
            return 0;
        }
    }
    return 1;
}

uint32_t check_arch(void)
{
    struct utsname kernel_info;

    uname(&kernel_info);
    return strcmp(kernel_info.machine, "i686") ? 1 : 0;
}

int main(int argc, char **argv)
{
    void *mem;

    if (check_arch()) {
        printf("[-] this program must run on a 32-bit architecture\n");
        return 1;
    }

    printf("
  • allocating page aligned memory\n");

    mem = memalign(4096, 4096);
    if (!mem) {
        printf("[-] error: %s\n", strerror(errno));
        return 1;
    }
    memset(mem, 0, 4096);

    printf("
  • setting page permissions\n");

    if (mprotect(mem, 4096, PROT_READ | PROT_WRITE | PROT_EXEC)) {
        printf("[-] error: %s\n", strerror(errno));
        return 1;
    }

    printf("
  • copying payload\n");


    memcpy(mem, part1, sizeof(part1));
    memcpy(mem + sizeof(part1), part2, sizeof(part2));
    memcpy(mem + sizeof(part1) + sizeof(part2), dump_mem, sizeof(dump_mem));

    printf("
  • adding dump_mem payload\n");

    if (patch_mem(mem, sizeof(part1))) {
        printf("[-] failed to patch memory\n");
        return 0;
    }

    printf("
  • executing payload..\n\n");


    ((int(*)(void))mem)();

    return 0;
}


Worked it out on my own. LOL. Errr.........
#1493