| Ferrous Moon http://www.ferrousmoon.com:80/forums/ |
|
| Shameless plug http://www.ferrousmoon.com:80/forums/viewtopic.php?f=52&t=403 |
Page 5 of 5 |
| Author: | ConstableBrew [Tue Mar 21, 2006 1:34 pm ] |
| Post subject: | |
Quote: Well I obviously downloaded it, since the axce.dll is inside the zip, D'OH?? Well it seems pretty obivious to me that the dll is doing the encryption, only since burningmace has said so.And I spent I nice share of my time trying to figure out how to take care of that, but up to now no progress. To fix program and allow it to run see my post above regarding regsrv32. |
|
| Author: | Burningmace [Tue Mar 21, 2006 1:35 pm ] |
| Post subject: | |
You can try if you like, but killing a mace that'll disintegrate anything that comes within 10 feet of it can be hard. Anyway, the algorithm isn't really much different in this version. Unless you got past my algorithm's confusion techniques, it won't affect you (i.e the core cipher was altered, not the outer shells of ciphers and confusion). Also, this version should regsvr32 the DLL for you 
|
|
| Author: | ConstableBrew [Tue Mar 21, 2006 1:41 pm ] |
| Post subject: | |
Quote: You can try if you like, but killing a mace that'll disintegrate anything that comes within 10 feet of it can be hard. I'll just have to use my Disintegrated-Style martial arts.
Quote: Anyway, the algorithm isn't really much different in this version. Unless you got past my algorithm's confusion techniques, it won't affect you (i.e the core cipher was altered, not the outer shells of ciphers and confusion). Yes, you will have to die then.
|
|
| Author: | Burningmace [Tue Mar 21, 2006 1:53 pm ] |
| Post subject: | |
Oh, and on a side note, the DLL may do the encryption, but you'd be better off using the application that uses it than trying to implement your own app. Trust me. |
|
| Author: | ConstableBrew [Tue Mar 21, 2006 3:59 pm ] |
| Post subject: | |
Yeah, I just figured that out... So what, I have to initialize the dll with some password before it will spit out nice encrypted text? Now I have to build all my testing material by hand using the app... which I had mostly done before with the original app but then decided to make my own vb app to generate it all. I JUST got it working when i checked the forums and learned the bad news. Dang! gerrrr... *assumes disintegrator stance* So is challenge 8 to write a program that uses the DLL, bypassing or some how figuring out the super secret init pass? |
|
| Author: | Burningmace [Thu Mar 23, 2006 11:54 am ] |
| Post subject: | |
If you like... in fact, yes. That's going on my site UPDATE: Added as challenge 8. I must stress that what the challenge readme says, goes. |
|
| Author: | ConstableBrew [Thu Mar 23, 2006 12:47 pm ] |
| Post subject: | |
I think you should facillitate learning here by including a free or open source compiler/ide with the challenge. That way everyone who doesn't normally program will be better able to participate. You should write a solution to this challenge with some free or open source compiler/ide before including it, just to make sure its do-able. (Just don't give us the solution.) Also, would you be interested in puzzles that aren't encryption puzzles? For example, here are two puzzles I've started creating and will give to you if you want them: Challenge: We have obtained a copy of a small module used by Orion Systems. The module acts as a security authenticator for a internal program used by their executives. Examine the module and determine at least three passwords that will be accepted by it. Challenge: Orion Systems engineers utilize some in-house software that automates data entry of some common chemical names. We've obtained a copy of this module. Modify one byte and one byte only of the module so that the wrong chemical names are submitted by the module. You may only modify one byte so that we can replace their existing module without being detected by the system monitors. This hack should throw the Orion Systems engineers off for several weeks. |
|
| Author: | Burningmace [Thu Mar 23, 2006 1:10 pm ] |
| Post subject: | |
As long as open-source compilers take standard VB/C++ code, then there's no problem. Things like Visual Fred (which aren't actually compilers for VB, but variants of the VB language) won't work. If you think about it, it is an obviously possible challenge, as I've already done it by having my program... feel free to rip apart Challenge7.exe in a disassembler (I recommend Heaventools PE Explorer, which I believe you can download a free trial of) to see if you can find a solution. Also, could you explain those challenges further? By 'module' do you mean a DLL, or a VB module, or something completely different? If I understand the challenges, then probably. I'd probably split them into a different section though, away from the crypto challenges. |
|
| Author: | ConstableBrew [Thu Mar 23, 2006 1:18 pm ] |
| Post subject: | |
Each "module" is a simple .com file that I've compiled from assembler source. The first challenge would perform some sort of weak hash (one byte) on the password supplied and see if it matches a pre-determined value. The second challenge would build output from several strings stored in the com file. The challenge is to figure out which byte (an instruction or parameter) can be changed that would give different output. |
|
| Author: | Burningmace [Thu Mar 23, 2006 3:31 pm ] |
| Post subject: | |
I understand the second one, but not the first. From what it looks like, you mean reverse engineering challenges. Just to make sure, would the following class as a challenge...? I make this EXE in C++ (don't worry if the ASM is a bit off, it's just an example) Code: void main() {
__asm {
nop
mov al, 2
mov dx, 0xD007
out al, dx
}
}
The challenge would be for you to find that code (inside the __asm block).Of course, with a little research, most people could do this with a hex editor (or a decompiler, I have both and could use either to do it). That sorta thing? On a side note, Challenge 9 now available. |
|
| Author: | Burningmace [Thu Mar 23, 2006 4:26 pm ] |
| Post subject: | |
Oh yes.  http://www.onlink-mod.net/forums/viewforum.php?f=28 Further posts regarding challenges are to go into there. Also, ConstableBrew, are you done fixing my site yet? |
|
| Author: | ConstableBrew [Thu Mar 23, 2006 5:00 pm ] |
| Post subject: | |
About your site: I've gotten a bit distratced trying to make my little challanges... Once I get my first one done I'll do your site for ya. It would make it alot FASTER (i.e. I would do it right away) for me if you could zip all your site files and email them to me. |
|
| Author: | ConstableBrew [Thu Mar 23, 2006 5:30 pm ] |
| Post subject: | |
Quote: I understand the second one, but not the first.
You have it. And I expect they would use a hex editor/debuger/disassembler. I don't know how you could do it otherwise.
From what it looks like, you mean reverse engineering challenges. Just to make sure, would the following class as a challenge...? I make this EXE in C++ (don't worry if the ASM is a bit off, it's just an example) Code: void main() {
__asm {
nop
mov al, 2
mov dx, 0xD007
out al, dx
}
}
The challenge would be for you to find that code (inside the __asm block).Of course, with a little research, most people could do this with a hex editor (or a decompiler, I have both and could use either to do it). That sorta thing? On a side note, Challenge 9 now available. |
|
| Author: | Burningmace [Fri Mar 24, 2006 2:54 am ] |
| Post subject: | |
In which case, sure! What I'll probably do is start writing these types of challenges in C++, as it's much easier to disassemble/hex-edit than VB. Anyway, this convo should really go into the new forum now! Apart from the discussion of getting my site fixed, that is ^.^ I'll zip and send tonight. |
|
| Author: | GeneralSamov [Fri Mar 24, 2006 9:14 am ] |
| Post subject: | |
K, got it to work, thank you But now, when I ran it and tried what outputs it gives me, I was like OH CRAP! 
|
|
| Page 5 of 5 | All times are UTC-05:00 |
| Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group http://www.phpbb.com/ |
|