Can you crack it?
nicklouse
Posts: 50,675
"Do not follow where the path may lead, Go instead where there is no path, and Leave a Trail."
Parktools :?:SheldonBrown
Parktools :?:SheldonBrown
0
Comments
-
nicklouse wrote:
Well its not crudcatcher, limes or string or even bacon....so obvioulsy the thing it shite..0 -
No.0
-
If I had a general idea of what the answer was supposed to be i'd even try it, but without a clue I won't.0
-
looks like i would have to use my brain,
for that reason i'm out0 -
Nope."I spent most of my money on birds, booze and fast cars: the rest of it I just squandered." [George Best]0
-
Is the prize a large Northface bag and a relaxing bath?0
-
0
-
its a hexadecimal equivalent of ASC II code
key word =
"Yes I Can Fit into a zipped up sportsbag"0 -
piece of cake
http://www.canyoucrackit.co.uk/soyoudidit.asp0 -
-
Boardman Team 09 HT
Orbea Aqua TTG CT 2010
Specialized Secteur Elite 20110 -
teulk wrote:
piece of cake
Obviously.......
I left it open and it takes you to the GCHQ site looking for top secret cyber security specialists....crikey !! then I looked at the salary...25-30k ? they can have their cake...and eat it0 -
Pudseyp wrote:teulk wrote:
piece of cake
Obviously.......
I left it open and it takes you to the GCHQ site looking for top secret cyber security specialists....crikey !! then I looked at the salary...25-30k ? they can have their cake...and eat it
I actually tried "piece of cake" and it didnt work.............i guess i made a spelling mistake :oops:Boardman Team 09 HT
Orbea Aqua TTG CT 2010
Specialized Secteur Elite 20110 -
Just tried it again and it still says its incorrect................Boardman Team 09 HT
Orbea Aqua TTG CT 2010
Specialized Secteur Elite 20110 -
Try the link
http://www.canyoucrackit.co.uk/soyoudidit.asp0 -
Actually, it's not, not simply, at least. Standard ASCII only goes up to a character reference of 127, which is represented in hex as 7F. The first string is eb, which shows it's not just an ASCII dump.mak3m wrote:its a hexadecimal equivalent of ASC II code
key word =
"Yes I Can Fit into a zipped up sportsbag"0 -
0
-
Cat With No Tail wrote:
see, i was trying to think of someting smart to say about that but you did it perfectly. nice work.
hope GCHQ are reading this and trying to get in touch with me for obvious intelligence!0 -
whyamihere wrote:
Actually, it's not, not simply, at least. Standard ASCII only goes up to a character reference of 127, which is represented in hex as 7F. The first string is eb, which shows it's not just an ASCII dump.mak3m wrote:its a hexadecimal equivalent of ASC II code
key word =
"Yes I Can Fit into a zipped up sportsbag"
aye it was a false trail
hexdecimal, converted to binary gives a load of spurious machine code with an ip adress in the middle of it, reverse dns, to second website then
1.// badeip
2.// pythonscript3.//
4.//
5.
6.#include <stdio.h>
7.#include <stdint.h>
8.#include <malloc.h>
9.#include <stdlib.h>
10.#include <errno.h>
11.#include <string.h>
12.#include <time.h>
13.#include <sys/types.h>
14.#include <sys/mman.h>
15.#include <sys/utsname.h>
16.
17.#include "part2.h" // see information above
18.
19.static char part1[] = {
20. 0xeb, 0x04, 0xaf, 0xc2, 0xbf, 0xa3, 0x81, 0xec, 0x00, 0x01, 0x00, 0x00, 0x31, 0xc9, 0x88, 0x0c,
21. 0x0c, 0xfe, 0xc1, 0x75, 0xf9, 0x31, 0xc0, 0xba, 0xef, 0xbe, 0xad, 0xde, 0x02, 0x04, 0x0c, 0x00,
22. 0xd0, 0xc1, 0xca, 0x08, 0x8a, 0x1c, 0x0c, 0x8a, 0x3c, 0x04, 0x88, 0x1c, 0x04, 0x88, 0x3c, 0x0c,
23. 0xfe, 0xc1, 0x75, 0xe8, 0xe9, 0x5c, 0x00, 0x00, 0x00, 0x89, 0xe3, 0x81, 0xc3, 0x04, 0x00, 0x00,
24. 0x00, 0x5c, 0x58, 0x3d, 0x41, 0x41, 0x41, 0x41, 0x75, 0x43, 0x58, 0x3d, 0x42, 0x42, 0x42, 0x42,
25. 0x75, 0x3b, 0x5a, 0x89, 0xd1, 0x89, 0xe6, 0x89, 0xdf, 0x29, 0xcf, 0xf3, 0xa4, 0x89, 0xde, 0x89,
26. 0xd1, 0x89, 0xdf, 0x29, 0xcf, 0x31, 0xc0, 0x31, 0xdb, 0x31, 0xd2, 0xfe, 0xc0, 0x02, 0x1c, 0x06,
27. 0x8a, 0x14, 0x06, 0x8a, 0x34, 0x1e, 0x88, 0x34, 0x06, 0x88, 0x14, 0x1e, 0x00, 0xf2, 0x30, 0xf6,
28. 0x8a, 0x1c, 0x16, 0x8a, 0x17, 0x30, 0xda, 0x88, 0x17, 0x47, 0x49, 0x75, 0xde, 0x31, 0xdb, 0x89,
29. 0xd8, 0xfe, 0xc0, 0xcd, 0x80, 0x90, 0x90, 0xe8, 0x9d, 0xff, 0xff, 0xff, 0x41, 0x41, 0x41, 0x41,
30.};
31.
32.// code to dump the decrypted memory:
33.static const char dump_mem[] = {
34. 0xba, 0x31, 0x00, 0x00, 0x00, // mov edx, 0x40
35. 0x8d, 0x4f, 0xce, // lea ecx, [edi-0x32]
36. 0x31, 0xdb, // xor ebx, ebx
37. 0x43, // inc ebx (stdout)
38. 0x31, 0xc0, // xor eax, eax
39. 0xb0, 0x04, // add al, 0x4 - sys_write
40. 0xcd, 0x80, // int 0x80
41. 0x31, 0xdb, // xor ebx,ebx
42. 0x43, // inc ebx
43. 0x31, 0xd2, // xor edx,edx
44. 0x42, // inc edx
45. 0x68, 0x0a, 0x00,0x00, 0x00, // push 0xa
46. 0x8d, 0x0c, 0x24, // lea ecx,[esp]
47. 0xb8, 0x04, 0x00,0x00, 0x00, // mov eax, 0x4
48. 0xcd, 0x80, // int 0x80 - sys_write
49. 0x31, 0xdb, // xor ebx,ebx
50. 0x31, 0xc0, // xor eax,eax
51. 0x40, // inc eax
52. 0xcd, 0x80, // int 0x80 - sys_exit
53.};
54.
55.uint32_t patch_mem(char *ptr, size_t size)
56.{
57. uint32_t i;
58.
59. for (i = 0; i < size; i++) {
60. if (*(uint16_t *)&ptr == 0x80cd) {
61. *(uint16_t *)&ptr = 0x45eb;
62. return 0;
63. }
64. }
65. return 1;
66.}
67.
68.uint32_t check_arch(void)
69.{
70. struct utsname kernel_info;
71.
72. uname(&kernel_info);
73. return strcmp(kernel_info.machine, "i686") ? 1 : 0;
74.}
75.
76.int main(int argc, char **argv)
77.{
78. void *mem;
79.
80. if (check_arch()) {
81. printf("[-] this program must run on a 32-bit architecture\n");
82. return 1;
83. }
84.
85. printf("[*] allocating page aligned memory\n");
86. mem = memalign(4096, 4096);
87. if (!mem) {
88. printf("[-] error: %s\n", strerror(errno));
89. return 1;
90. }
91. memset(mem, 0, 4096);
92.
93. printf("[*] setting page permissions\n");
94. if (mprotect(mem, 4096, PROT_READ | PROT_WRITE | PROT_EXEC)) {
95. printf("[-] error: %s\n", strerror(errno));
96. return 1;
97. }
98.
99. printf("[*] copying payload\n");
100.
101. memcpy(mem, part1, sizeof(part1));
102. memcpy(mem + sizeof(part1), part2, sizeof(part2));
103. memcpy(mem + sizeof(part1) + sizeof(part2), dump_mem, sizeof(dump_mem));
104.
105. printf("[*] adding dump_mem payload\n");
106. if (patch_mem(mem, sizeof(part1))) {
107. printf("[-] failed to patch memory\n");
108. return 0;
109. }
110.
111. printf("[*] executing payload..\n\n");
112.
113. ((int(*)(void))mem)();
114.
115. return 0;
116.}
Second site
static char part1[] = {
0xeb, 0x04, 0xaf, 0xc2, 0xbf, 0xa3, 0x81, 0xec, 0x00, 0x01, 0x00, 0x00, 0x31, 0xc9, 0x88, 0x0c,
0x0c, 0xfe, 0xc1, 0x75, 0xf9, 0x31, 0xc0, 0xba, 0xef, 0xbe, 0xad, 0xde, 0x02, 0x04, 0x0c, 0x00,
0xd0, 0xc1, 0xca, 0x08, 0x8a, 0x1c, 0x0c, 0x8a, 0x3c, 0x04, 0x88, 0x1c, 0x04, 0x88, 0x3c, 0x0c,
0xfe, 0xc1, 0x75, 0xe8, 0xe9, 0x5c, 0x00, 0x00, 0x00, 0x89, 0xe3, 0x81, 0xc3, 0x04, 0x00, 0x00,
0x00, 0x5c, 0x58, 0x3d, 0x41, 0x41, 0x41, 0x41, 0x75, 0x43, 0x58, 0x3d, 0x42, 0x42, 0x42, 0x42,
0x75, 0x3b, 0x5a, 0x89, 0xd1, 0x89, 0xe6, 0x89, 0xdf, 0x29, 0xcf, 0xf3, 0xa4, 0x89, 0xde, 0x89,
0xd1, 0x89, 0xdf, 0x29, 0xcf, 0x31, 0xc0, 0x31, 0xdb, 0x31, 0xd2, 0xfe, 0xc0, 0x02, 0x1c, 0x06,
0x8a, 0x14, 0x06, 0x8a, 0x34, 0x1e, 0x88, 0x34, 0x06, 0x88, 0x14, 0x1e, 0x00, 0xf2, 0x30, 0xf6,
0x8a, 0x1c, 0x16, 0x8a, 0x17, 0x30, 0xda, 0x88, 0x17, 0x47, 0x49, 0x75, 0xde, 0x31, 0xdb, 0x89,
0xd8, 0xfe, 0xc0, 0xcd, 0x80, 0x90, 0x90, 0xe8, 0x9d, 0xff, 0xff, 0xff, 0x41, 0x41, 0x41, 0x41,
};
// code to dump the decrypted memory:
static const char dump_mem[] = {
0xba, 0x31, 0x00, 0x00, 0x00, // mov edx, 0x40
0x8d, 0x4f, 0xce, // lea ecx, [edi-0x32]
0x31, 0xdb, // xor ebx, ebx
0x43, // inc ebx (stdout)
0x31, 0xc0, // xor eax, eax
0xb0, 0x04, // add al, 0x4 - sys_write
0xcd, 0x80, // int 0x80
0x31, 0xdb, // xor ebx,ebx
0x43, // inc ebx
0x31, 0xd2, // xor edx,edx
0x42, // inc edx
0x68, 0x0a, 0x00,0x00, 0x00, // push 0xa
0x8d, 0x0c, 0x24, // lea ecx,[esp]
0xb8, 0x04, 0x00,0x00, 0x00, // mov eax, 0x4
0xcd, 0x80, // int 0x80 - sys_write
0x31, 0xdb, // xor ebx,ebx
0x31, 0xc0, // xor eax,eax
0x40, // inc eax
0xcd, 0x80, // int 0x80 - sys_exit
};
uint32_t patch_mem(char *ptr, size_t size)
{
uint32_t i;
for (i = 0; i < size; i++) {
if (*(uint16_t *)&ptr == 0x80cd) {
*(uint16_t *)&ptr = 0x45eb;
return 0;
}
}
return 1;
}
uint32_t check_arch(void)
{
struct utsname kernel_info;
uname(&kernel_info);
return strcmp(kernel_info.machine, "i686") ? 1 : 0;
}
int main(int argc, char **argv)
{
void *mem;
if (check_arch()) {
printf("[-] this program must run on a 32-bit architecture\n");
return 1;
}
printf("[*] allocating page aligned memory\n");
mem = memalign(4096, 4096);
if (!mem) {
printf("[-] error: %s\n", strerror(errno));
return 1;
}
memset(mem, 0, 4096);
printf("[*] setting page permissions\n");
if (mprotect(mem, 4096, PROT_READ | PROT_WRITE | PROT_EXEC)) {
printf("[-] error: %s\n", strerror(errno));
return 1;
}
printf("[*] copying payload\n");
memcpy(mem, part1, sizeof(part1));
memcpy(mem + sizeof(part1), part2, sizeof(part2));
memcpy(mem + sizeof(part1) + sizeof(part2), dump_mem, sizeof(dump_mem));
printf("[*] adding dump_mem payload\n");
if (patch_mem(mem, sizeof(part1))) {
printf("[-] failed to patch memory\n");
return 0;
}
printf("[*] executing payload..\n\n");
((int(*)(void))mem)();
return 0;
}0 -
But im too busy learning how to shoot a Walther PPK and various covert lime insertion techniques
so i just googled it and found the answer on the ARRSE forums
0 -
so what's the bloody word then?mak3m wrote:whyamihere wrote:
Actually, it's not, not simply, at least. Standard ASCII only goes up to a character reference of 127, which is represented in hex as 7F. The first string is eb, which shows it's not just an ASCII dump.mak3m wrote:its a hexadecimal equivalent of ASC II code
key word =
"Yes I Can Fit into a zipped up sportsbag"
aye it was a false trail
hexdecimal, converted to binary gives a load of spurious machine code with an ip adress in the middle of it, reverse dns, to second website then
blah blah blah, geek geek geek, cheat cheat cheat0 -
0
-
To be fair, after five minutes of looking at it, I'd probably just stop trying and go watch some good ol' German hardcore filth.
THAT is the purpose of the internet...not some poofy website that wants you to pretend you're in the Matrix. Do they give out free Nokia 7110s to people who get it right?Formally known as Coatbridgeguy0 -
So it was an epic fail in the end - Google's web crawlers ended up reaching the page that contained the answer so anyone could crack the code via Google. Brilliant.You only need two tools: WD40 and Duck Tape.
If it doesn't move and should, use the WD40.
If it shouldn't move and does, use the tape.0 -
Daz555 wrote:So it was an epic fail in the end - Google's web crawlers ended up reaching the page that contained the answer so anyone could crack the code via Google. Brilliant.
It does go some way to show the power of "teh interwebs" though.0 -
Cat With No Tail wrote:Daz555 wrote:So it was an epic fail in the end - Google's web crawlers ended up reaching the page that contained the answer so anyone could crack the code via Google. Brilliant.
It does go some way to show the power of "teh interwebs" though.
They should invite it in for an interviewFormally known as Coatbridgeguy0 -
Raymondavalon wrote:
One of the comments at the end of those vids is
'Such a shame it's written in the wrong assembler language for me. S/370 would have been much more fun.
I must get round to learning 586/686 assembler some time.'
Yeah me too mate, me too.The dissenter is every human being at those moments of his life when he resigns
momentarily from the herd and thinks for himself.0
