반응형
27번 문제
문제 :
번역 : NSA에서 IRC 서버로부터 마피아 조직원들 간에 채팅을 가로챘다. 수사관들은 해당 메시지에 어떤 비밀이 숨어져 있다고 확신했지만, 어떤 단서도 찾지 못했다. 당신의 임무는 NSA 수사관을 도와 이 메시지의 비밀을 밝히는 것이다.
해당 문제에서 down 링크를 누르면 message.txt 파일이 열린다.
Pruss is my name. I am a member of russian mafia group. we communacate via a secure channel with secure password like.. $A$"4kruss password has to be long and it should contain alphabet, number, etc. I added 'russ' at the end because my name is Pruss. and this is our password convention. we must add 'russ' to end.. because it is our code name and we are very bad russian. we use secure communication since FBI monitors our communications on the Internet. we can't use password like DDDDDHHHHHHPDDDDDruss. because these passwords can be easily broken by FBI hackers. even if the password is long enough,(something like @@@@@@@@@@@@@@@@@@@@russ) it is not secure because there is only one repeated character '@'. anyway, using secure password is important... Pruss is actually not only my name, it is also code name of our mafia. we use similar names. one of my friend's name is Druss. Druss is my best friend and a professional killer. but he is not good at security. one day Druss used a password DDDDruss I told him this is very bad and weak password. the FBI will break it very easily. so he changed his password into HHHHHHHHHHHHHHHHHHHHHHHHHHruss. I told him even if password is long, it is weak if there is no combination with number and symbol... he said 'ok Pruss, this time I'll make a very long and secure password which contains number and symbol as well!' and he made '11111DDDDD@@@@@@@@@@PDDDDD@@@@@@@@@@PDDDDDHHHHHHHHHHHHHHHHHHHHruss'!! and asked me if this is secure enough. I told him it is secure, but it is long to remember. he said 'thank you Pruss you always teach me computer security' anyway this was small talk and I will tell you something about mafia life. Druss likes to listen to music, such as rock, pop and jazz... even though he is a tough killer he has sensitive heart.. Druss likes to dressed up with very black jacket with black jean, he thinks it is a cool fashion, but I don't like it.. Druss has high IQ, he is a member of group called MENSA(group of people who has IQ over 150) so, he is very very smart. Druss has a girl friend, her name is Hruss. Hruss is also my friend too. she is very very pretty, and also a killer(!). Druss likes Hruss a lot, they are in love with each other. it is common case that mafia members hooks up together. mafia@russia.ru is our server. we have lot of data regarding our crimes in our server so FBI hackers are trying to hack mafia@russia.ru but we don't have to worry since we are using secure password(we discussed this) as I told earlier. anyway.. Pruss sounds somewhat like 'Press' so, Press is my nick name it is somewhat juvenile but I think it is pretty funny too Druss always makes fun of me by using my nick name 'Press' sometimes I got angry but I don't express my feeling because Druss is a professional killer I don't want to get shot. it is possible to get shot by mafia friends. it happened once. Druss shot a friend many years ago, he was also a mafia member. they had a quarrel and it turned into very big fight so Druss shot other friend... after that incident, I always say something nicely to him. in fact the secure password which Druss have created earlier I felt it was very stupid password. however I told him very nicely. who makes password like '@@PDDDDDPDDDDDHPDDDDD@@@@@PDDDDDPDDDDD@@@PDDDDDruss'? no body will ever think that this is a password. to me, a secure password will be say something like... kNz3i!Bs4jP
해당 내용을 읽어 보아도 비밀번호라는 이야기를 할 뿐 특별한 내용이 없다.
해당 문제는 'System' 카테고리에 있으며, 제목이 'Can you speak x86' 이라는 것을 통해서
이 문제를 해결하기 위해서는 x86언어인 '어셈블리어'를 이용해야 한다는 힌트를 얻을 수 있다.
그 이후 다른 블로그들에서 힌트를 얻어서 불었는데,
우선 해당 메시지를 복사한 후에 HxD에 붙여 넣고,
Hex 값을 복사해서 x86 디버거에 붙여 넣기 해서 분석해야 합니다.
x86 디버거로는 Ollydbg, x32dbg 같은 프로그램을 이용하면 됩니다.
x32dbg를 통해 분석을 하려고 하는데,
옛날에 몇 번써보고 자주 쓰지 않아서 사용방법을 잘 몰라서 헤맸다.
1. 우선 32bit exe 파일을 실행한 다음
2. 복사한 해당 HEX 값을 붙여 넣기 한다. 붙여넣기는 EIP에 있는 시작주소에 넣거나 아무곳에 붙여넣기 한 다음에 EIP를 해당주소로 바꿔준다. 그러면 신기하게, 어셈블리어가 생성된다!
3. 그리고 첫 번째에 bp를 걸고(F2) 나서 실행한다. (F8)
4. 그러면 EAX 값이 바뀌면서 PUSH EAX를 하면서 값이 저장한다.
* 이때 [덤프에서 따라가기]를 선택해야 값을 볼 수 있다.
그 결과 위와 같이 키값이 생성된다.
해당 값을 입력하면
성공!
반응형
