Use this thread to discuss Mission 25 of Season 2. Feel free to post theories, clues, hints, or anything else, as long as you DO NOT POST THE ANSWER. Spoiler tags are your friend!
Stuck on 25.2 Spoiler Trying to find the decryption key. I've looked up everything related to zeus or cryptolocker encryption but I'm not sure how to use it. A hint, rather than the solution, please.
Spoiler Most of the information you're finding is likely on the most recent iteration of this Trojan. The SIGIL malware is based on an older version.
Spoiler Nope. I've allowed for that and have been reading up on all variations of Zeus made before 2013 all day. Still no closer to finding the xor decryption key. It's possible I'm over-complicating things again though and the answer is far simpler. LOL
Spoiler youre on the right track with XOR decryption, but you might want to put a word in front of it Spoiler also, you already have the key
Stuck here too, think I am struggling with the password needed, not seeing it for the trees EDIT Got some help on IRC, many thanks. I am still none the wiser at finding the key Edit Finally got it, had some help finding the right decoder and it was not to far away from my original thoughts. Couldn't have done it with out the help on IRC though, thanks
Would you mind to give one more hint on Spoiler youre on the right track with XOR decryption, but you might want to put a word in front of it ?
Spoiler There are different types of XOR encryptions. For instance, during RUBYDRAGON we used a repeating pad XOR.
I could still use a hand on 25.2 here. I think I've gotten as far as research can get me. I know the type of encryption it's using (including "the word" mentioned by Zaelong). I simply don't have the cryptography chops to decrypt it. If someone could give me a harder nudge, or even the straight up answer at this point (in a PM so no spoilers on the thread), I would greatly appreciate it.
it usually helps if you try to google the [encryption method] and 'decipher'. Spoiler i used this: http://www.darkfader.net/toolbox/convert/
I'm still stuck on this one, part 2. Spoiler I can't find the key. I've got the code & know what type of xor encryption they've used, but am I supposed to run it through all of the iterations the key could be? update: got it. whoa, that a-ha moment :O
Okay... I am seriously going crazy with part 2... I think I have the encryption, and I have the key, but I can not find a place that can reliably decrypt the text... can anyone help me, even talk me through it at this point...
@w01fsban3; in the spoiler tag from my previous post, you can get a link to a working decoder, if it doesnt work your either doing it wrong or not using the right key Spoiler unless youre refering to the missing first letter... I never figured out how to compensate for that one...
I'll be honest, @zaelong, I have no clue what to do and it is pissing me off... if you could give more concrete hints, or even just a riddle that will lead me towards the answer, that would be very much appreciated.
im terribly sorry for not reacting in the IRC... and just giving a riddle to get to the answer isnt really possible on this mission... so ill try from the beginning: Spoiler: method of encryption you should have noticed this is an XOR-encryption which usually needs a key to decode Spoiler: method of encryption p2 i used this site http://www.darkfader.net/toolbox/convert/ Spoiler: keyphrase you might get some help in this guide about zeus: http://www.few.vu.nl/~da.andriesse/papers/zeus-tech-report-2013.pdf and look for security Spoiler: keyphrase p2 its a stradling/rolling encryption: if abcdefg is the phrase, bcdefg is the key.
As I mentioned during our conversations, I think this is the mission I found most unclear and difficult to solve. It is relatively easy to find the malware and the "type of encryption". However, I had a lot of troubles finding a good explanation on how to apply the encryption method, or a converter.
Finally got it... the bastard. For those of you still stuck Spoiler the second word is an IP Address (HUGE SPOILER AHEAD DO NOT LOOK IF YOU DON'T WANT SPOILERS) Spoiler S