Didier Stevens

Friday 22 January 2016

BlackEnergy .XLS Dropper Puzzle

Filed under: Malware,Puzzle — Didier Stevens @ 0:00

Over at the ISC diary I posted an entry with a puzzle to help you to practice the extraction of an embedded file in a spreadsheet.

This is the image I embedded:

Waterlogue-2016-01-11-20-13-29

Thursday 21 August 2014

A Return: The Puzzle

Filed under: Encryption,Entertainment,Hacking,Puzzle — Didier Stevens @ 19:19

It’s been some time that I posted a puzzle. So here is a new little puzzle.

What is special about this file?

20140821- 211452

Tuesday 17 May 2011

Another PDF Puzzle

Filed under: Forensics,PDF,Puzzle — Didier Stevens @ 8:23

As I’m going to give my workshop on analysis of malicious PDFs at HiTB Amsterdam this Thursday, I thought I would share a PDF puzzle/challenge I made for BSidesLondon.

You can download it here.

And as there is write-up for the solution to this puzzle on a blog, I’ll link to this in the comments next week. Since you can just Google the solution, there is no prize this time.

Friday 25 June 2010

Solving the Win7 Puzzle

Filed under: PDF,Puzzle — Didier Stevens @ 9:39

The Win7 puzzle is actually a “PDF bomb”, something I’ve hinted at long ago but I hadn’t published a sample.

The PDF contains a doubly compressed object stream, which is around 100 MB large when uncompressed. Some of you might have experienced problems opening this PDF file in your favorite PDF reader, this is because it couldn’t handle an uncompressed stream of 100 MB. Which isn’t actually that large, a PDF bomb of 1 GB or 10 GB isn’t that much larger in compressed form…

If you used my pdf-parser, you’ve also encountered a problem. The objects lack the endobj keyword. A simple solution: add the missing keyword and extract the stream with my parser. The stream is 100 MB of spaces, with a small text in the middle: “De Ultieme Hallucinatie”. One way to extract this text is to trim the spaces of the 100 MB string.

If you’re interested in different solutions, be sure to read the comments of the Win7 Puzzle.

De Ultieme Hallucinatie (The Ultimate Hallucination) was a nice Art Nouveau cafe/restaurant in Brussels. But the Windows 7 Ultimate license won by Vincent is no ultimate hallucination 😉

Thursday 3 June 2010

A Win7 Puzzle…

Filed under: Puzzle — Didier Stevens @ 20:15

I’m presenting you a little puzzle…

The prize is a Windows 7 Ultimate license. Unless you don’t care for Windows, then you get a sticker 😉

The puzzle contains a text. Find it and post it in a comment to this post. You don’t have to be the first with the correct text to win. This challenge will run for a week, and I’m randomly selecting a winner from all the correct entries.

Comments are moderated and will not appear as long as the challenge is on.

Download the puzzle and find the text.

Thursday 27 August 2009

The Brucon WiFi Puzzle Solution

Filed under: Puzzle — Didier Stevens @ 14:16

Here’s one way to solve the Brucon WiFi Puzzle: open the capture file with Wireshark.

The capture file contains one beacon frame for the brucon09wifi network. If you’re a bit familiar with beacon frames, one tag will stand out: the vendor specific tag which Wireshark can’t interpret because it’s from a vendor it doesn’t know.

bruconwifipuzzle-1

The hidden data is inside the vendor specific tag. Select it and export the selected bytes:

bruconwifipuzzle-2b

How do you decode this data? You can try all types of encoding and encryption schemes, but to prevent you from wasting time trying countless possibilities, I’ve given you a hint in the name of the vendor: XortecOy. The data is XOR-encrypted. And the key is tecOy. 😉

Open the saved bytes with Cryptool:

bruconwifipuzzle-3

And apply XOR-decryption with key tecOy:

bruconwifipuzzle-4

Et voilà!

Monday 23 March 2009

35 Year Old Puzzle

Filed under: Puzzle — Didier Stevens @ 17:26

Here’s a 25 35 year old puzzle (it’s not mine). I’m curious if you’ll find the solution without using Google.

First one to post a comment with the solution gets a sticker (and I’ll have “PDF – Penetration Document Format” stickers soon). But play fair and don’t post your solution if you just Googled the bit sequence.

00000010101010000000000001010000
01010000000100100010001000100101
10010101010101010101001001000000
00000000000000000000000000000001
10000000000000000000110100000000
00000000000110100000000000000000
01010100000000000000000011111000
00000000000000000000000000000110
00011100011000011000100000000000
00110010000110100011000110000110
10111110111110111110111110000000
00000000000000000001000000000000
00000100000000000000000000000000
00100000000000000000111111000000
00000001111100000000000000000000
00011000011000011100011000100000
00100000000010000110100001100011
10011010111110111110111110111110
00000000000000000000000001000000
11000000000100000000000110000000
00000000100000110000000000111111
00000110000001111100000000001100
00000000000100000000100000000100
00010000001100000001000000011000
01100000010000000000110001000011
00000000000000011001100000000000
00110001000011000000000110000110
00000100000001000000100000000100
00010000000110000000010001000000
00110000000010001000000000100000
00100000100000001000000010000000
10000000000001100000000011000000
00110000000001000111010110000000
00001000000010000000000000010000
01111100000000000010000101110100
10110110000001001110010011111110
11100001110000011011100000000010
10000011101100100000010100000111
11100100000010100000110000001000
00110110000000000000000000000000
00000000001110000010000000000000
01110101000101010101010011100000
00001010101000000000000000010100
00000000000011111000000000000000
01111111110000000000001110000000
11100000000011000000000001100000
00110100000000010110000011001100
00000110011000010001010000010100
01000010001001000100100010000000
01000101000100000000000010000100
00100000000000010000000001000000
00000000100101000000000001111001
111101001111000

Sunday 9 November 2008

Picture Puzzle

Filed under: Puzzle — Didier Stevens @ 7:41

As I announced via Twitter, here’s a new puzzle. Find the message I’ve hidden in this picture.

First one to post a comment with the correct answer can get a sticker. For those who don’t know, comments are moderated.

Tuesday 23 September 2008

CALL -151

Filed under: Entertainment,Nonsense,Puzzle — Didier Stevens @ 10:22

A quiz question for today: what is CALL -151?

Shout-outs to everyone who ever used CALL -151!

Update:

The answer:

Wednesday 17 September 2008

Authenticode Challenge – Solution Part 1

Filed under: Encryption,Puzzle — Didier Stevens @ 23:07

I’m starting a couple of posts with detailed explanations and solutions for my Authenticode Challenge. Let’s start with a solution using standard tools.

If you’re a bit into cryptography, you know that the textbook attack on RSA public-key cryptography is integer factorization. Long keys are used to thwart this attack, because no efficient method has been found to factor large integers within an acceptable time and cost. While researching Authenticode, I asked myself this question: assume you’ve solved the factorization problem, how exactly would you forge a new digital signature for a patched executable?

I worked out a method, and then got the idea to turn this into a difficult puzzle for you, i.e. a real challenge. But to do that, I had to find a way to make the integer factorization a non-issue for the puzzle. My first solution, using a very small key, was a dead-end. First the key had to be large enough to allow me to generate a certificate (about 360 bits long), but then the signcode procedure didn’t work. I figured out that the key had to be at least 512 bits for Authenticode to work. But a 512 bits key would take too long to factorize… Read on to find out how I solved this.

Solution 1

This solution takes mostly place on a Linux box. The first thing we have to do is recover the private key…

1) Get the authenticode challenge file ac.exe

2) Extract the PKCS7 Authenticode signature with my digital signature tool:

disitool.py extract ac.exe ac.exe.pkcs7

3) Dump the information in the pkcs7 file with openssl:

openssl pkcs7 -in ac.exe.pkcs7 -inform DER -text -print_certs > ac.exe.pkcs7.text


The public key is composed of the Modulus and the Exponent.

4) Lets extract the modulus from the certificate with this command:

openssl x509 -modulus -in ac.exe.pkcs7.text

Modulus=D0EA1ABA978DF0065B2009F75C846F28B04ED5143B237B3FC24272245ADE837EFE0271E1A2854E0C81BA9F70A83AD86D47B0EACD062BC15BC61A99DC83124EC9

The modulus N is an integer that is the product of 2 prime numbers, P and Q (P and Q are kept secret). Integer factorization will allow you to recover P and Q, and hence produce the private key. There are several algorithms and tools to factorize integers, I’ll just point you to a didactic cryptography tool I mentioned before: Cryptool. But because I’m using a 512 bit modulus, factorization will take a long time, and I wanted to avoid this. So lets do something else.

5) Convert the modulus from a hexadecimal representation to a decimal representation, for example with Python:

python -c 'print 0xD0EA1ABA978DF0065B2009F75C846F28B04ED5143B237B3FC24272245ADE837EFE0271E1A2854E0C81BA9F70A83AD86D47B0EACD062BC15BC61A99DC83124EC9'

The modulus N in decimal representation is:
10941738641570527421809707322040357612003732945449205990913842131476349984288934784717997257891267332497625752899781833797076537244027146743531593354333897

6) Search for this number with Live Search (Google will not accept such a large search term):

To spare you the long factorization time, I used a 512 bit key that has already been factorized: RSA-155 (this is the first 512 bit key to be factorized and was a landmark result in integer factorization).

Thus we have:

P = 102639592829741105772054196573991675900716567808038066803341933521790711307779

Q = 106603488380168454820927220360012878679207958575989291522270608237193062808643

Next post will explain in detail how to use P and Q to generate a new Authenticode signature…

Next Page »

Blog at WordPress.com.