Cryptography is the form of communicating with someone in the presence of a third party and making sure that no one other than the reciever can understand the message sent.
You can encrypt your data using many ciphers, like Caesar cipher(which is basically making A=N, B=O β¦ Z=M ie. Rotation by 13 characters), or any rotation by x
values called ROT x
cipher. There are more advanced ciphers like Vigenre Cipher etc. But the major issue with these ciphers are that they can mostly be decrypted using entropy analysis. There are many tools online which could help you decode them too. So using Key based encryption is a better alternative compared to these.
A method used to encrypt data is by using One Time Pad. This is cryptographically the strongest way to encrypt a message. But it comes with its own set of issues.
Suppose you have a message. What you do is XOR the message, with a key of the same length, called a pad and the result is your encrypted message.
In other words, for encrypted message c, c = m β pad
, where m is the message to be sent.
Now, if you XOR both sides with the pad, you get c β pad = (m β pad) β pad
.
Now, because of associativity and the properties that A β A = 0
and m β 0 = m
, we get
c β pad = m
This is the way to decrypt the ciphertext β just xor the cipher
This is amazing when you want to encrypt a single message with a hidden pad.
Reason?
Because if I just gave you the encrypted message 010, you wouldnβt be able to say anything about the system. The maximum you could see is that the length of the pad is 3 β but each of the 23 possibilities you get for the pad are equally likely and give a unique result when you XOR with the encrypted message. That means you canβt guess anything more about the original message than this, because of the results you get are all equally likely to occur.
But this doesnβt work so well when you try using a pad with more than one message.
If you encrypted 2 messages m1 and m2 with the same pad k, then you would get
c1 = m1 β k and c2 = m2 β k
as the result.
What we can do now is XOR these two results to get this-
c1 β c2 = (m1 β k) β (m2 β k)
Applying associativity and commutativity of XOR gives us
(m1 β m2) β (k β k) = (m1 β m2) β 0 = m1 β m2
So the XOR of the encrypted messages is the XOR of the original messages. And so we now have the XOR of the original messages.
How does that help us? Check out an example explained neatly here - https://crypto.stackexchange.com/questions/33673/many-time-pad-attack-xor
This attack is called as Many Time Pad attack. There are more sophisticated algorithms for encrypting messages like RSA, AES etc. which you will be introduced to you in various CTF challenges.
Googling on vulnerabilities in a given crypto system and frequently getting updated with recently released papers would help you in a long way in solving Crypto challenges.
With inputs from Hemanth Chitti
There are a few basic commands, tools, concepts you need to get comfortable with to begin with forensic challenges.
This is an amazing link summarizing on common forensic techniques and probably might be of some help to you.
We all love C
, don't we?
Here's what we do on command line to generate an executable named haxx
This is what we do traditionally. Let's figure out the password variable.
After generating the executable haxx
, we would then use a command called ltrace
. Read about ltrace over here. Then enter any random string and you are then greeted with this output.
Basically it traces through execution. And what it shows is the comparison between our input and password, revealing the password to someone.
Another simple method to find out the string 4_cr4zy_p455w0rd
is to run the command strings
over the executable haxx
. This method is not specific to a C
executable, strings
is basically used to check for all the readable strings in a given file by removing all the unreadable characters.
strings haxx
You will be shown various function names and libraries used, with these strings in between.
So that is not a safe way to do a password checking. To avoid this, it is better to hash the passwords and then you could use it for comparision.
With Inputs from Kartik Sama
We all know that all the stuff that we store digitally is nothing but just a set of 0's and 1's. Most of the readers might be familiar of the concept of Least Significant Bit(LSB) and Most Significant Bit(MSB). Well using this can we hide anything?
Yes, we can very well hide stuff. Imagine, we have an image. How could we think of hiding some data in this image? Using the LSB's we can obviously hide the data.
We know that an image is made up of pixels arranged in the form of a matrix. And each pixel consists of a tuple of 3 channels: Red[R], Green[G] and Blue[B], and each channel has values between 0 to 255, where (0,0,0) means black and (255, 255, 255) means white. Varying the values of R,G,B we can get many combinations.
Imagine there is a pixel which is black ie. (255,255,255). Now lets try hiding a simple 3-bit message string 100
in this pixel. Let this be a
255 when converted to binary is 1111111
. Let this be b
Now the LSB in our example is the rightmost bit. We now replace the LSB of this Red binary string with the first bit in the message binary ie. 1 and hence our new binary value for the Red channel still remains 1111111
.
Doing the same for Blue and Green channels would give us 1111110
and 1111110
respectively.
Hence our updated pixel value is (255,254,254)
https://www.color-hex.com/color/fffefe Check this link out to see how (255,254,254) looks. Does it vary much from (255,255,255). No right?
You might wonder, why are we doing it on LSB and not on any other bits. The answer is simple, the change in the pixel color will be vast. For suppose let's consider the previous example and try hiding the characters in the MSB of the pixel stream.
We have 1111111, 0111111, 0111111 then our pixel tuple becomes (255,31,31) which almost looks like a shade of red. See the drastic amount of change we had?
Here is a comparision of the output of the data that we hid using LSB method and MSB method respectively in the pixel
So, why is the drastic change undesirable? Imagine if there is a drastic change on the remaining pixels in the image, it would tamper the image and it will obviously give out the idea that the image has some hidden data in it.
We spare you the burden of reading through more code. But this is the entire concept behind hiding data in an image. This is a very well researched field called as Steganography. And the method we have discussed over here is called as LSB Steganography. Read up on it, if you are interested.
There are many tools available to crack and assist in decoding these types of stego systems like zsteg, stylesuxx web tool and Forensically
Forensics also has many other types of challenges like Packet Capture analysis, Memory Forensics etc.
Local File Inclusion(LFI): Here are some links to get you familiar with LFI type vulnerabilities
With Inputs from Ruturaj Mohite
We have some socket based challenges that talk over TCP(nothing new), and you could connect to them as a client using netcat. I thought it would be better if I inform about this, so that you all might be prepared about it beforehand. Here are some good documentations/tutorials in helping you understand about them.
http://netcat.sourceforge.net/
https://realpython.com/python-sockets/
https://docs.python.org/3/library/socket.html
Incase you find socket module in python frustrating to use, you could alternatively use pwntools library.
Here is the documentation on how to connect to sockets using pwntools