SI485H: Stack Based Binary Exploits and Defenses (F15)
Home Policy Calendar Resources

Lab 01: git'em done

Table of Contents

Submission Instructions

Submission instructions for labs can be found on the resource pages. In paticular, you should view this subsection: Creating a new branch and submitting

Part 1: Knife, Spoon, Fork (1 point)

Description

  • You will perform basic git commands to fork/clone/push

Preliminaries

  • This assignment can be completed on any machine
  • gitlab repository: 
    http://saddleback.academy.usna.edu/aviv/lab-1.1

Instructions

  • Fork and clone the assignment repository
  • Update a json file: fill-me-in.json
  • Create a new json file called current-temp.json that has the following fields: 
    Location : current location (type string)
Timestamp : seconds since epoch (type number) 
GPS : gps coordinates of weather readong (type string)
temp : temperature in celsiusm (type number)
  • Submit all work to gitlab

Submission Requirements

  • fill-me-in.json : json you fill in
  • current-temp.json : new json you create

Part 2: Crack the secret message (3 point)

Description

  • You will write a c program to brute force an encrypted message

Preliminaries

  • This assignment can be completed on any machine but will require access to a course VM running on saddleback at port 2222 
    ssh -p 2222 [email protected]
  • gitlab repository: 
    http://saddleback.academy.usna.edu/aviv/lab-1.2

Instructions

  • fork and clone the assignment repository
  • ssh into the course VM from a machine with a registered public key in gitlab. 
    ssh -p 2222 [email protected]
  • On the VM Execute the following binary to retrieve your secret encrypted message: 
    ~aviv/lab/01.2/get_secret
  • The output is an string hex of an encrypte secret message that was encrypted with the following code: 
    //Encryption Routine
unsigned short iv =  0xcafe;
for(i=0; i < len ; i+=2){
  unsigned short * seg = (unsigned short *) &buffer[i];
  *seg = *seg ^ key ^ iv;
  iv = *seg;
}
  • Your task is to crack the encryption by determining the key and decrypting the message
  • You must do this by creating a C-program named: cracker.c
  • You must also provide a Makefile to compile your program
  • Once you have cracked the message fill in the json file called solution.json with the following fields: 
    key : two byte hex string for key (type string formated like "\xca\xfe")
msg : the decrypted message (type string)

Submission Requirements

  • Makefile : Makefile to compile cracker.c
  • cracker.c : cracker.c code for cracking the inpput
  • solution.json : json file with secret information

Hints

  • Why not brute force … only two byte keys?
  • How can you check if message is in ASCII? Have you checked out an ASCII table recently? http://www.asciitable.com/

Part 3: Write an Encryption Routine (2 points)

Description

  • Using the key cracked from the previous part, write an encryption routine to encrypt a new message

Preliminaries

  • This assignment can be completed on any machine
  • gitlab repository: 
    http://saddleback.academy.usna.edu/aviv/lab-1.3

Instructions

  • Fork and clone the repository
  • Write a c-program named encyrpt.c that will encrypt a message using the following routine (in pseudo code) 
    key := command_line_argument[1]  ; must be at most a 2-byte number
IV  := command_line_argument[2]  ; must be at most a 2-byte number
msg := command_line_argument[3]  

cipher_text := [] ; /empty list/

if len(msg) % 2 == 1: ; len(msg) should include entire message, with NULL bytes
   msg = msg|'\0'     ; round message length up to nearest 2-byte

i := 0
while i < len(msg){   ; len(msg) should include entire message, with NULL bytes
                      ; e.g., strlen(msg)+1
   m1 := msg[i]
   m2 := msg[i+1]

   plain_block = m2|m1    ; single bytes concatenated to form 2-byte block
                          ; note the order of byte is reversed

   cipher_block := plain_block ^ key ^ IV  ; encrypt with xor

   cipher_text := cipher_text|cipher_block ; concatenate cipher_block 
                                          ; on the cipher_text

   IV := cipher_block
   i := i+2
}

output to stdout: cipher_text as hex encoded string
  • Complete the json file solution.json with the following fields all of which you can choose, but the encrypted message should be based on the output of your program: 
    key : hex encoding of a key  (type string)
IV  : hex encoding of an IV (type string)
msg : plain text message  (type string)
enc : encrypted message (type string)
  • You are required to submit a Makefile to compile your program
  • You will also find a compiled executable decrypt that you can use to test your output. Here's the -h output fo that program: 
    user@si485H-base:1.3$ ./decrypt -h
USAGE: ./decrypt key iv msg msg_len

key     : hex value for the key, e.g  "0xffff"
IV      : hex value for the IV, e.g., "0xffff"
msg     : the message to be decrypted
msg_len : the length of the message (in case it contains NULL)

Sample Usage

  • Here's what your output for encrypt should look like: 
    aviv@si485H-saddleback:1.3$ ./encrypt "0xffff" "0xbbbb" "Hello World!"
key: 0xffff IV:0xbbbb
msg: "Hello World!"
msg_len: 14
\x21\xc\xb2\x9f\x6d\xf\xfd\xa7\x6e\x2a\xb0\xb1\x4f\x4e
  • Here's that message decyrpted with the provided decrypt function 
    user@si485H-base:1.3$ ./decrypt "0xffff" "0xbbbb" $(printf "\x21\xc\xb2\x9f\x6d\xf\xfd\xa7\x6e\x2a\xb0\xb1\x4f\x4e") 14
key: 0xffff IV:0xbbbb
msg: "\x21\xc\xb2\x9f\x6d\xf\xfd\xa7\x6e\x2a\xb0\xb1\x4f\x4e"
msg_len: 14
Hello World!

Submission Requirements

  • Makefile : Makefile to compile encrypt.c
  • encrypt.c : source code for encryption routine
  • submission.json : submission information as json

Hints

  • pointer casting can really help, say casting a short * to char *.
  • Remember your bit-wise operators:
    • & : bit-wise and
    • | : bit-wise or
    • ^ : bit-wise xor
    • << : left shift
    • >> : right shift