Changes

Jump to: navigation, search

Gits2012teaser

1,513 bytes added, 14:39, 8 January 2012
/* #1 TelAviv */
[[Image:gist-telaviv-password-data.png]]
 
The following Python script ([[Media:tlv.py|tlv.py]]) decodes the password:
 
<nowiki>#!/usr/bin/env python
#
# http://ghostintheshellcode.com/
# Ghost in the Shellcode 2012 Teaser
#
# Challenge #1 TelAviv
#
# By Francois Deppierraz <francois@ctrlaltdel.ch>
 
import sys
from pprint import pprint
from binascii import hexlify
 
f = open("7139a4ea239dcac655f7c38ca6a77b61.bin")
f.seek(0x244) # seek to the data of interest, offset found with wireshark
data = f.read(233) # data size
 
total_len = 0
packets = []
index=0
while index < len(data):
length = ord(data[index])
packets.append(data[index+1:index+1+length])
index += length+1
total_len += length+1
 
# Ensure that all data was actually parsed
assert total_len == len(data)
 
print "Found %d packets: " % len(packets)
for p in packets:
print " ",
for c in p:
print hex(ord(c)),
print
print
 
numbers = [[ord(c) for c in p] for p in packets]
#print "Values: ",
#pprint(numbers)
#print
 
# Sum all byte values for each packet
sums = [sum(row) for row in numbers]
print "Sums: " + repr(sums)
print
 
s = "".join([chr(c/2) for c in sums])
print "Divide by 2 and then convert to ASCII: "
print s
print
 
print "Simple subsitution: "
# "Dro Zkccgybn sc" to "The Password is"
from_txt = "\":dro zkccgybn sc"
to_txt = "\":the password is"
assert len(from_txt) == len(to_txt)
 
for c in s.lower():
idx = from_txt.find(c)
if idx != -1:
sys.stdout.write(to_txt[idx])
else:
sys.stdout.write(".")
print
</nowiki>
<pre>
0x2f 0x5 0xb 0x1
Sums: [136, 228, 222, 64, 180, 214, 198, 198, 206, 242, 196, 220, 64, 230, 198, 116, 64, 68, 136, 228, 222, 64, 156, 214, 64, 140, 230, 240, 218, 230, 64, 154, 242, 220, 222, 68, 64]
Divide by 2 and then convert to ASCII:
 
Dro Zkccgybn sc: "Dro Nk Fsxms Myno"
 
Simple subsitution:
the password is: "the da .i..i .ode"
</pre>
431
edits