Basic Windows Reversing and Attacking Weak Crypto - FLARE-On 2018

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

You should take a look at dnSpy! It is a fork of ILSpy, but it is miles better! You can even edit the decompiled code then recompile it thanks to Roselyn (.NET compiler built in C#), which is built in!

👍︎︎ 2 👤︎︎ u/SilentHammer 📅︎︎ Oct 27 2018 🗫︎ replies

Captions

Flareon is a series of reverse engineering challenges by fire I because they want to find and hire smart individuals interested in reverse engineering So if you need a job just contact me and I sell you the solutions. Just kidding I don't know yet how far I will get as reverse engineering can be quite time-consuming And I believe many challenges are based on Windows, which is not really my world anyway The game is simple analyze the sample find the key each key Looks like an email address and ends with Idi flare - on comm enter the key for each challenge in the flare on CTF app to unlock the next challenge and Oh boy, did I get mad at this browser? Terminal dot slash didn't work l s which is supposed to list files just showed Text and even having moved with CD into a directory you could just move away literally unplayable So, let's look at the first challenge minesweeper championship registration welcome to the fifth annual Flareon challenge the minesweeper World Championship is coming soon, and we found the registration app. You weren't officially invited But if you can figure out what the code is you can probably get in anyway Good luck and here we can download the file when you unpack the 7-zip archive with the password infected You will get a dot jar file. I'm a hundred percent sure that the first challenge will be just the most basic thing ever So I just immediately used JD GUI Which is a java decompiler and right here in the main method you find that the string is compared to the email golden ticket 2018 at Flareon comm so this is our first flag. Let's copy it into the form and submit the flag, correct? Cool. We solved the first challenge. So let's not waste any time move on to the next one ultimate minesweeper You'll Hecht your way into minesweeper championship. Good job. Now. It's time to compete Here's the ultimate minesweeper binary beat it win the championship and we will move you on to greater challenges again We get a 7 sub archive with the binary to download this time. We got an exe file I assume because it's still just a second challenge that it's still super simple. So I immediately opened the disassembly Ida I'm using the version 7 freeware here to analyze the exe but right here when we select how to Load the file Id I saw that the binary seems to be a dotnet? assembly binary and if you would instruct Ida to assume It's just a regular PE compiled binary then it looks empty That's because this is a Dannette binary Like I said, I'm really not that experienced with Windows though Of course over the years you pick up stuff here and there so I know that dotnet programs are not compiled down to regular x86 Intel CPU machine code but it's compiled to an intermediate language and the D compilation of that is super nice with tools like il spy so we can open the binary in their Ultimate minesweeper at first I was just clicking around. I didn't even execute the binary yet I have no clue if we we have to play something But the code doesn't look too large and I was just trying to get a feeling of what is implemented here and of course you quickly see names such as success pop up or fail your pop up and the minefield and so forth and I immediately went for the success pop up What else would I look at so this class has some texts as labels a picture and a text box the initialized component initializes those Components but also things like the text Congratulations who have won the ultimate minesweeper championship and nobody cares. Here's your prize But no flag here. Hmm. Is it maybe displayed as an image? That's the image containing the flag So I was looking for that image resource, but I only found these balloons. Hmm. Also the other pictures do not have a flag But when checking the success pop-up constructor which takes a key as parameter You can see that it's assigned to the textbox 1 and that happens after the other Components were initialized so that key is very likely the flag So where does the key come from with right-click on the method name? We can select analyze which opens up this tree structure below and here we can check where this function is used So it's used inside the squared revealed callback of the main form this method takes a column and a row integer and checks if a bomb was revealed so Sounds like typical minesweeper in case a bomb was revealed We would get the failure pop-up and exit but if that didn't happen Then we see that a number is calculated based on the row and column and then added to a guess a list or array of revealed cells So every time you didn't uncover a bomb the number of the cell which can be calculated by the Rho times V Alec Note limitless come well, so so that variable name is weird The calculation would make sense If it were Rho times the amount of cells per row plus the column this way you just number each cell So the fact that the cells per row values appears to be called me a log node limit seems a bit odd And thus I think it's meant to add a little bit of obfuscation or confusion In any way we add the correct revealed cells to this array and if there are none unrevealed left we create the success Pop-up with the key generated by get key which gets the revealed cells array. So let's check out that method First of all, we sort the array of revealed cells then random is initialized with an integer calculated based on the first second third based on the first three revealed cell numbers and Initializing random like that means this is setting the seed value of the random number generator In case you don't know to the number of generators require a seat Basically an initial value and based on that the random numbers are generated So using the same seed produces the same random values so the crater of this challenge knows exactly which cells are the correct cells and that's the Integer that is calculated here will always be the same So the random number generator will always generate the same numbers At least as long as you reveal the correct cells this randomness can be easily attacked, but I explained it in a second Let's quickly finish that code first so here a big byte array is initialized with Seemingly random data and then a second byte array is filled with random bytes from the random number generator after That we find the loop that is XOR ring both these errors together and despite encoded as ASCII is returned So that X or decryption should reveal the key So basically we have here an encrypted flag and the key is dynamically Generated through absolutely random number generator that requires the correct seed and the correct seed requires the correct revealed cells But there is a weakness First of all, the seed definitely is a 32-bit integer and 32-bit integers are not that huge They go from minus 2 billion to 2 billion So only four billion options that are possible here Which means we can just brute-force all four billion options until we decrypt this byte array to the flag which we know ends with at flare uncom but we can even optimize the brute force further because we know that the seed is calculated based on the 3 revealed cells which are also sorted right before This means the first cell must be the smallest number the second cell must be larger than that and the third even larger So these are already good constraints and on top of that based on the Calculation we have seen before we can try to find what the maximum amount for a cell even is this via a log node limit number appears to be 30 and also the minefield is initialized with the size and This one is also the via log note limit So that means that the maximum number of four row and column is like 30 or 31 29, you know I'm computer science is complicated I'm not exactly sure if the first cell here started with zero or one in the callback handle of the clique Whatever. It doesn't make the brute force worse, but now we have even more constraints This means we can now just copy and paste the gate key function and wrap it into some loops to try out all possible numbers for first second and third cell and Here's the code we have three loops each loop is responsible for one cell so a is the first be the second and C the third possible revealed cell and the max value for each of them is 30 times 30 that's the minesweeper grid size and also because the revealed cells are sorted we know that B must be larger than a Always so we can always start B being one larger than a and the same is true for C C being at least one larger Than B so that brute force checking if the decrypted byte string contains Flareon comm takes maybe five minutes super quick easy peasy but then I was surprised when the brute force reached the end and Didn't find anything what the heck that doesn't make any sense that really confused me so at some point I even just brute force all possible 4 billion integer values for the seed and Still didn't find it. That was so weird So I went back into the D compiler and try to find what the correct cells are So I looked a bit around and found this two dimensional areas or the minesweeper grid called mines Present its boolean true or false so that probably tells us if there is a mine or not And with the analyze feature we can again look for where this is you let's see where the get method is used So where it reads this value and there is this garbage collect area, which also has mines present bool True or false and that one is used by Allocate memory which gets passed in a minefield and that one has two loops going from zero to be allowed note limit Which we know is the grid size 30 So just because these names like allocate memory Garbage collect via a log node limit blahblah means something. It's really confusing to read the code They refer to very different concepts in computer science, but the names are fooling us We know that the two dimensional array Variable garbage collect also has mine present and this flag can be true or false and is assigned to it so this loop goes over the whole 30 times 30 grid and decides based on this obscure if statement using Div a lock tab if a particular cell has a mine or not and that weird function takes R and C which is just row and column obviously and that's a calculation on it and Flipping the bits and then checks if that result is contained in via lock types So it's just to throw us off and obfuscate the cells that have and don't have a mind But we don't get fooled We also don't really have to invert those we a lock types and figure out the row and column We can just copy and paste the whole code again Make sure that we get all the important numbers and then we simply print when we what said False so when the mind is not present when we run that we find three cells Where there shouldn't be a mind and now we can execute the game Here this and count the cells on rows and find the cells 1 2 & 3 and we win Here's the flag cheaters always win at flareon calm, but I'm still confused Why our brute force didn't work, but now that we know the exact 3 cells that are correct we can test our code we can just hard code a B and C based on the rows and columns we got and Otherwise the code is the same C the random number generator generate the XOR K XOR device I Get it. I'm so dumb Okay, so I had this whole ending prepared where I showed that even hard-coding the seed in a loop didn't really work and it was Alternating the flag and garbage and I didn't fight my bag when I did the challenge I also didn't find it when I prepared the script for the video It didn't see it When I edited this part only now in my second round of editing where I draw my overlays it clicked I'm so dumb. The encrypted flag array too is initialized once and the XOR operation is Modifying those bytes. So in the next loop round, we now have garbage in that array, too And it's not the encrypted flag anymore Thus my brute-force failed by initializing array two in each loop. It works

Info

Channel: LiveOverflow

Views: 201,589

Rating: undefined out of 5

Keywords: Live Overflow, liveoverflow, hacking tutorial, how to hack, exploit tutorial, ilspy, dnspy, ida pro, flare-on, flareon, flareon2018, fire eye, reverse engineering, reversing, windows, .net, dotnet, c#, ultimate minesweeper, ultimateminesweeper.exe, ctf, capture the flag, reverse-engineering, crypto, random, seed, random seed, keygen, key verification, valloc, obfuscation, xor encryption

Id: B41GbyB7H5U

Channel Id: undefined

Length: 13min 17sec (797 seconds)

Published: Fri Oct 26 2018