Monday, January 7, 2013

SANS Holiday Challenge 2012 Zone 3 Writeup

Zone 3

Using the URLs obtained in the previous post, we can access Zone 3 for both Heat and Snow Miser. Let's see if we can obtain the URLs for Zone 4.


Heat Miser

Connecting to Zone 3 for Heat Miser, we are presented with the following:


In the description for this Zone, we are given a link to Zone 4 (that was easy!). For consistency, we'll consider this the end of the zone, and pick back up in the next post since we will technically be aiming to retrieve the link for Zone 5. We have a bit of work to do for Snow Miser, anyways.

Snow Miser

Connecting to Zone 3 for Snow Miser, we are presented with the following:


This challenge required a bit of thinking. In the Zone description, we are told that "those of you with access to Zone 4 should have received an encryption key. This key can be used to decrypt the URL for Zone 4." So, right off the bat, we know that we need to acquire or enumerate an encryption key.

We are also told that we can "verify [our] key" by encrypting the original Zone 4 URL with our key, and seeing if we retrieve the appropriate ciphertext. If so, we can decrypt the other given ciphertext to retrieve the new Zone 4 URL.

With that being said, how do we retrieve the encryption key? Or do we even need the key? A hint was given in the challenge description questions. The description asks "On Snow Miser's Zone 3 page, why is using the same key multiple times a bad idea?" This question tells us for sure that the same key was used to encrypt both the original and new Zone 4 URLs. So, we are given one plaintext URL, and two ciphertexts.

Having these three elements allows us to perform a Stream Cipher Attack. Let's take a look at how this attack pertains to our situation. In this situation, we are looking for the new URL N. Our given information is as follows:

  • "Old" plaintext URL for Zone 4, O
  • Ciphertext of old URL Co, which is O xor K
  • Ciphertext of new URL Cn, which is N xor K
One of the main properties of the xor operation is that it is symmetrical. This means that the same key can be used to encrypt or decrypt a message. Also, as the article explains, the xor operation is commutative. Therefore, we can perform the Stream Cipher Attack by computing (Co xor Cn) to get (O xor N). Then, we can compute (O xor N) xor O to get our desired N. This will be our new URL. Here is the Python implementation of this:

 >>> cipher1 = '20d916c6c29ee53c30ea1effc63b1c72147eb86b998a25c0cf1bf66939e8621b3132d83abb1683df619238'  
 >>> cipher2 = '20d916c6c29ee54343e81ff1b14c1372650cbf19998f51b5c51bf66f49ec62184034a94fc9198fa9179849'  
 >>> plaintext1 = 'zone-4-F7677DA8-3D77-11E2-BB65-E4BF6188709B'  
 >>> plaintext2 = ''  
 >>> key = []  
 >>> for i in range(0,len(cipher1),2):  
 ...   key.append(int(cipher1[i:i+2],16) ^ int(cipher2[i:i+2],16))  
 ...  
 >>> for i in range(0,len(plaintext1)):  
 ...   plaintext2 = plaintext2 + chr(ord(plaintext1[i]) ^ key[i])  
 ...  
 >>> plaintext2  
 'zone-4-9D469367-B60E-4E08-BDF1-FED7CC74AF33'  

We can use this URL to gain access to Zone 4.

The Stream Cipher Attack may be a bit to understand on the surface. Let me know if you have any questions or comments below.

As always, please don't hesitate to leave comments or suggestions below. Solve this Zone a different way? Let me know!

- Jordan

2 comments:

  1. Do you have anymore details on how to do this? This stumped me really good on the challenge. I kept trying to dig through the social media stuff for clues, but couldn't find anything.

    I noted the same things you did: the first parts of the ciphertext for the new and old URLs were identical, and the question asking why key re-use is a terrible idea. Unfortunately, I wasn't able to identify it as a stream cipher or derive how to attack/reverse it.

    Do you have any references for attacking/identifying stream ciphers?

    ReplyDelete
    Replies
    1. Thanks for the comment, and great question! I knew that XOR was a symmetrical algorithm (and likely the one in use), but I wasn't too familiar with performing a Stream Cipher Attack. So, I knew that we would be able to use XOR to derive the new URL, but wasn't quite sure how - as in, not exactly sure how all the pieces fit together.

      The first thing I did was Google 'XOR reuse key', which showed the first result as the Wikipedia link to Stream Cipher Attacks. From here, I could see the algebra used to perform the attack, and then created the actual exploit in Python. Hope this answered any questions!

      Delete