Here’s a new puzzle, and “by popular demand”, it’s a couple of magnitudes harder than previous puzzles.
The puzzle is a Windows console application, you can download it here. When you run the program, it prints “Authenticode Challenge version 1” to stdin. The challenge is twofold:
1) make the program print “Authenticode Challenge version 2” (that’s easy)
2) update the digital signature to keep it valid (not so easy)
When you check the digital signature of the puzzle, you’ll see this:
And after you changed the program to print “Authenticode Challenge version 2”, you’ll see an invalid signature:
The challenge is to keep the signature valid, using a certificate with the same public key.
All the data you need from me is in the executable. You’re not allowed to hack my servers in search of the private key.
FYI: this puzzle was reviewed by a PKI expert, who confirmed the solution.
Good luck, I hope there will be many challengers, and better yet, with another solution than mine!
Didier Stevens 
Um, dropping user32.dll proxy and patching in memory doesn’t count as an answer?
Or there’s strict requirement to patch file?
Comment by Joes — Wednesday 23 July 2008 @ 17:03
No, that’s not the solution I’m looking for.
I’ve done what you suggest with my bpmtk, but haven’t published it yet.
Comment by Didier Stevens — Wednesday 23 July 2008 @ 17:11
No one tell him that his puzzles are easy ever again! 🙂
Comment by DF — Wednesday 23 July 2008 @ 18:23
Ok, I’ll post the easy part (no I haven’t finished the hard part because I’ve been on a Linux machine, but I’ll try this later if I have time):
1) I opened ac.exe with vi and used it as a hex editor:
:%!xxd
[lines skipped]
0008120: 0000 0000 0000 0000 4175 7468 656e 7469 ……..Authenti
0008130: 636f 6465 2043 6861 6c6c 656e 6765 2076 code Challenge v
0008140: 6572 7369 6f6e 2031 0000 0000 0000 0000 ersion 1……..
[lines skipped]
The value of interest is 31 on the third line (which is hex for the digit 1). Change this to 32. So now you should have:
[lines skipped]
0008120: 0000 0000 0000 0000 4175 7468 656e 7469 ……..Authenti
0008130: 636f 6465 2043 6861 6c6c 656e 6765 2076 code Challenge v
0008140: 6572 7369 6f6e 2032 0000 0000 0000 0000 ersion 2……..
[lines skipped]
Recover the file and save:
:%!xxd -r
:wq
The executable should now spit out:
Authenticode Challenge version 2
Comment by jamie — Wednesday 23 July 2008 @ 21:19
I did most of part 2 on a Linux box…
Comment by Didier Stevens — Wednesday 23 July 2008 @ 21:30
Some Quick HEXing .. showing “No Signature was present in the Subject” 🙂
at
http://rapidshare.com/files/132159254/Modified.exe.html
ok i’ll @work again …. checksum……..
Comment by Ian Starkc — Thursday 24 July 2008 @ 18:15
I think I’d need to know a lot more than I do about how certificate are validated to have any chance at part 2. Still I am happy that I got part 1 to work. I have a guess on how to proceed for part two. I think using Disitool might provide the information that we need but won’t find in the exe. Now if I can just get python to work on my computer I can try that myself.
Comment by DF — Monday 28 July 2008 @ 15:57
Disitool can help you extract the PKCS7, but you can also use an hex editor, for example.
Comment by Didier Stevens — Monday 28 July 2008 @ 21:12
[…] now on, winners of my little puzzles can expect a little prize (I’ll contact winners of past […]
Pingback by How Is My Hacking? (.com) « Didier Stevens — Tuesday 5 August 2008 @ 17:50
So, no right answers ?
Isnt’t it time to post the solution ?
Comment by Insane — Monday 1 September 2008 @ 11:14
I know a couple of people are working on this.
Comment by Didier Stevens — Monday 1 September 2008 @ 13:40
Didier,
Do you accept this solution ?
http://rapidshare.com/files/142137743/ac2.zip
If so, I’ll take some time to detail how I got there.
Comment by Mister P and Q — Tuesday 2 September 2008 @ 20:12
Congratulations, this is the correct solution! Your file is identical to my solution.
I’m very interested in the steps you followed to solve this puzzle.
Comment by Didier Stevens — Tuesday 2 September 2008 @ 21:13
Didier,
Here are some details/tools how I got there …
http://rapidshare.com/files/142655251/Solution.zip
and thanks for the “How Is My Hacking? (.com)” sticker !
Comment by Mister P and Q — Thursday 4 September 2008 @ 20:43
Thanks for this excellent description Mister P and Q! I’ll include it in an upcoming blogpost with some extra details.
Comment by Didier Stevens — Friday 5 September 2008 @ 12:36
[…] Filed under: Encryption, Hacking, Puzzle — Didier Stevens @ 15:49 Mr. P and Q has solved my Authenticode Challenge. You can download his solution here, I copied his howto here below. I’ll add my own details […]
Pingback by Mister P and Q’s Excellent Solution « Didier Stevens — Sunday 7 September 2008 @ 15:54
So the answer is crack the 512 bits RSA key, right ?
Comment by Insane — Wednesday 10 September 2008 @ 11:18
@Insane
Actually, no.
1) There’s more to it than cracking the key
2) You don’t have to spend time factorizing the modulus
Details in an upcoming post.
Comment by Didier Stevens — Tuesday 16 September 2008 @ 11:14
[…] @ 23:07 I’m starting a couple of posts with detailed explanations and solutions for my Authenticode Challenge. Let’s start with a solution using standard […]
Pingback by Authenticode Challenge - Solution Part 1 « Didier Stevens — Wednesday 17 September 2008 @ 23:09
[…] I’ve used this process to generate certs for my own code signing, and for my Authenticode Challenge. […]
Pingback by Howto: Make Your Own Cert With OpenSSL « Didier Stevens — Tuesday 30 December 2008 @ 21:19
[…] à l’excellente solution de messieurs P & Q au challenge Authenticode de Didier Stevens, ça a été très […]
Pingback by Nibbles microblog » Write-up Codegate 2010 – Déchiffrer un https utilisant RSA-768bits — Monday 15 March 2010 @ 17:38