Didier Stevens

Friday 22 January 2016

BlackEnergy .XLS Dropper Puzzle

Filed under: Malware,Puzzle — Didier Stevens @ 0:00

Over at the ISC diary I posted an entry with a puzzle to help you to practice the extraction of an embedded file in a spreadsheet.

This is the image I embedded:


Thursday 21 August 2014

A Return: The Puzzle

Filed under: Encryption,Entertainment,Hacking,Puzzle — Didier Stevens @ 19:19

It’s been some time that I posted a puzzle. So here is a new little puzzle.

What is special about this file?

20140821- 211452

Tuesday 17 May 2011

Another PDF Puzzle

Filed under: Forensics,PDF,Puzzle — Didier Stevens @ 8:23

As I’m going to give my workshop on analysis of malicious PDFs at HiTB Amsterdam this Thursday, I thought I would share a PDF puzzle/challenge I made for BSidesLondon.

You can download it here.

And as there is write-up for the solution to this puzzle on a blog, I’ll link to this in the comments next week. Since you can just Google the solution, there is no prize this time.

Friday 25 June 2010

Solving the Win7 Puzzle

Filed under: PDF,Puzzle — Didier Stevens @ 9:39

The Win7 puzzle is actually a “PDF bomb”, something I’ve hinted at long ago but I hadn’t published a sample.

The PDF contains a doubly compressed object stream, which is around 100 MB large when uncompressed. Some of you might have experienced problems opening this PDF file in your favorite PDF reader, this is because it couldn’t handle an uncompressed stream of 100 MB. Which isn’t actually that large, a PDF bomb of 1 GB or 10 GB isn’t that much larger in compressed form…

If you used my pdf-parser, you’ve also encountered a problem. The objects lack the endobj keyword. A simple solution: add the missing keyword and extract the stream with my parser. The stream is 100 MB of spaces, with a small text in the middle: “De Ultieme Hallucinatie”. One way to extract this text is to trim the spaces of the 100 MB string.

If you’re interested in different solutions, be sure to read the comments of the Win7 Puzzle.

De Ultieme Hallucinatie (The Ultimate Hallucination) was a nice Art Nouveau cafe/restaurant in Brussels. But the Windows 7 Ultimate license won by Vincent is no ultimate hallucination 😉

Thursday 3 June 2010

A Win7 Puzzle…

Filed under: Puzzle — Didier Stevens @ 20:15

I’m presenting you a little puzzle…

The prize is a Windows 7 Ultimate license. Unless you don’t care for Windows, then you get a sticker 😉

The puzzle contains a text. Find it and post it in a comment to this post. You don’t have to be the first with the correct text to win. This challenge will run for a week, and I’m randomly selecting a winner from all the correct entries.

Comments are moderated and will not appear as long as the challenge is on.

Download the puzzle and find the text.

Thursday 27 August 2009

The Brucon WiFi Puzzle Solution

Filed under: Puzzle — Didier Stevens @ 14:16

Here’s one way to solve the Brucon WiFi Puzzle: open the capture file with Wireshark.

The capture file contains one beacon frame for the brucon09wifi network. If you’re a bit familiar with beacon frames, one tag will stand out: the vendor specific tag which Wireshark can’t interpret because it’s from a vendor it doesn’t know.


The hidden data is inside the vendor specific tag. Select it and export the selected bytes:


How do you decode this data? You can try all types of encoding and encryption schemes, but to prevent you from wasting time trying countless possibilities, I’ve given you a hint in the name of the vendor: XortecOy. The data is XOR-encrypted. And the key is tecOy. 😉

Open the saved bytes with Cryptool:


And apply XOR-decryption with key tecOy:


Et voilà!

Monday 23 March 2009

35 Year Old Puzzle

Filed under: Puzzle — Didier Stevens @ 17:26

Here’s a 25 35 year old puzzle (it’s not mine). I’m curious if you’ll find the solution without using Google.

First one to post a comment with the solution gets a sticker (and I’ll have “PDF – Penetration Document Format” stickers soon). But play fair and don’t post your solution if you just Googled the bit sequence.


Sunday 9 November 2008

Picture Puzzle

Filed under: Puzzle — Didier Stevens @ 7:41

As I announced via Twitter, here’s a new puzzle. Find the message I’ve hidden in this picture.

First one to post a comment with the correct answer can get a sticker. For those who don’t know, comments are moderated.

Tuesday 23 September 2008

CALL -151

Filed under: Entertainment,Nonsense,Puzzle — Didier Stevens @ 10:22

A quiz question for today: what is CALL -151?

Shout-outs to everyone who ever used CALL -151!


The answer:

Wednesday 17 September 2008

Authenticode Challenge – Solution Part 1

Filed under: Encryption,Puzzle — Didier Stevens @ 23:07

I’m starting a couple of posts with detailed explanations and solutions for my Authenticode Challenge. Let’s start with a solution using standard tools.

If you’re a bit into cryptography, you know that the textbook attack on RSA public-key cryptography is integer factorization. Long keys are used to thwart this attack, because no efficient method has been found to factor large integers within an acceptable time and cost. While researching Authenticode, I asked myself this question: assume you’ve solved the factorization problem, how exactly would you forge a new digital signature for a patched executable?

I worked out a method, and then got the idea to turn this into a difficult puzzle for you, i.e. a real challenge. But to do that, I had to find a way to make the integer factorization a non-issue for the puzzle. My first solution, using a very small key, was a dead-end. First the key had to be large enough to allow me to generate a certificate (about 360 bits long), but then the signcode procedure didn’t work. I figured out that the key had to be at least 512 bits for Authenticode to work. But a 512 bits key would take too long to factorize… Read on to find out how I solved this.

Solution 1

This solution takes mostly place on a Linux box. The first thing we have to do is recover the private key…

1) Get the authenticode challenge file ac.exe

2) Extract the PKCS7 Authenticode signature with my digital signature tool:

disitool.py extract ac.exe ac.exe.pkcs7

3) Dump the information in the pkcs7 file with openssl:

openssl pkcs7 -in ac.exe.pkcs7 -inform DER -text -print_certs > ac.exe.pkcs7.text

The public key is composed of the Modulus and the Exponent.

4) Lets extract the modulus from the certificate with this command:

openssl x509 -modulus -in ac.exe.pkcs7.text


The modulus N is an integer that is the product of 2 prime numbers, P and Q (P and Q are kept secret). Integer factorization will allow you to recover P and Q, and hence produce the private key. There are several algorithms and tools to factorize integers, I’ll just point you to a didactic cryptography tool I mentioned before: Cryptool. But because I’m using a 512 bit modulus, factorization will take a long time, and I wanted to avoid this. So lets do something else.

5) Convert the modulus from a hexadecimal representation to a decimal representation, for example with Python:

python -c 'print 0xD0EA1ABA978DF0065B2009F75C846F28B04ED5143B237B3FC24272245ADE837EFE0271E1A2854E0C81BA9F70A83AD86D47B0EACD062BC15BC61A99DC83124EC9'

The modulus N in decimal representation is:

6) Search for this number with Live Search (Google will not accept such a large search term):

To spare you the long factorization time, I used a 512 bit key that has already been factorized: RSA-155 (this is the first 512 bit key to be factorized and was a landmark result in integer factorization).

Thus we have:

P = 102639592829741105772054196573991675900716567808038066803341933521790711307779

Q = 106603488380168454820927220360012878679207958575989291522270608237193062808643

Next post will explain in detail how to use P and Q to generate a new Authenticode signature…

Next Page »

Blog at WordPress.com.