Mission #25

Discussion in 'Missions Center' started by crux, Mar 4, 2016.

  1. Snarkk

    Snarkk Active Agent

    I really need help for this case, that's the hardest I've tried. I'm stuck, not so far from the answer I think but right now I'm becoming a little bit crazy.

    I know it's a rolling XOR-based cypher.

    I first transcript the HEX to binary, then with ASCII tables I transcript my binary to what I assume to be the key.

    For example, the first part of the data is HEX 73 : in binary I have 01110011. So I took the bin before this one and got 01110010 => I choose this one as a key and get 00000001. Which is pure non-sense for me.

    I've tried different orders (n+1 or n-1 for the key), still with absurd results.

    I've tried different transcriptions, BIN, HEX, Unicode... but I never had a nice plaintext box.

    I've used several websites like asciitohex; r12a.github.io/uniview/ ; darkfader.net/toolbox/convert/ but I still don't get it...

    Can I have a huge nudge here or by PM please ? Also I have to notice that english is not my native language.
     
  2. berzerk0

    berzerk0 Active Agent

    @Snarkk, if you're having trouble still, shoot me a PM and I can help you out.
     
  3. Snarkk

    Snarkk Active Agent

    Thanks for your quick answer. I'm already on your own nudges. I'll keep that way a bit more, but if I'm still stuck I'll be glad to talk about this with you.

    EDIT : And it's doooooooooooooooone ! Woah ! The hardest case in my short carreer with the Black Watchmen.

    Many, many thanks to all the agents who shared their nudges about this case. I have few things to add for future desperate agents.

    * outsidebox.png

    * if you're still stuck on what kind of encryption is in front of you, remember that you're starting from a Malware.

    * read carefully previous nudges, the ones from @berzerk0 are very complete

    * take a moment to watch several times @codex-13's schema. It breaks the case for me, but i first had to internalize it.

    *Some letters missing ? Or some agents missing letters ?



    *

    That's all, you REALLY have everything sent by the agency and here to complete the mission, trust me. Good luck to future agents, I need a short pause before mission 26. :)
     
    Last edited: Aug 7, 2017
  4. Rohzek

    Rohzek Active Agent

    This one (25.2) really confused me and my girlfriend as well. We were stuck on it for longer than I'd like to admit, but we eventually got it.

    The post by codex-13 is it 100%, but I figured I'd help a little more than that, as well, if anyone wants it.

    Rather than calculating it by hand, I wrote a short bit of code in Java to do it for me. I'm not going to give you the answer, but if you want to use the code to visualize the calculations, or want to run it yourself, here it is:
    Code:
    public class XOR
    {
        /*
        * Outputs one bitstring at a time
        */
        public static String xorDecrypt(String input, String key) 
        {
            String output = "";
           
            for(int i = 0; i < input.length(); i++) 
            {
                char eval = input.charAt(i), keyval = key.charAt(i);
               
                if(eval == keyval)
                {
                    output += "0";
                }
                else
                {
                    output += "1";
                }
            }       
            return output;
        }
    }
    
    public class Main
    {
        static String[] binary = 
        {
            //Input your bit strings here
        };
        static ArrayList<String> output = new ArrayList<String>();
    
        public static void main(String[] args)
        {     
            for(int i = (binary.length - 1); i > 0; i--)
            {
                output.add(XOR.xorDecrypt(binary[i], binary[i-1]));
            }
           
            output.add(binary[0]);
           
            Collections.reverse(output);
           
            for(String out : output)
            {
                System.out.print(out + " ");
            }
        }
    }
    
    It takes byte strings in, and puts them back out, so you'll need to convert the hex to binary, and then the binary it outputs, back to ascii
     
    codex-13 and raul_ct like this.
  5. raul_ct

    raul_ct Moderator

    Dude, you went to the next level
     
  6. Halokrauser

    Halokrauser Active Agent

    Okay, I'm stuck on 25.2 myself.

    I found the IP address, but the first word I'm confused about. I decrpyted the whole thing, but if et means @, the letters don't fill in. I'm short a couple letters of the answer.
     
  7. berzerk0

    berzerk0 Active Agent

    @Halokrauser - you are very close, the same thing happened to me a few times.

    Spoiler
    You are missing the first letter. This is due to a quirk of the encryption method.
    Make sure you read it carefully from the SANS guide about this version of the malware (it is the first version)

    Esoteric Hint about this encryption method:
    Ouroboros cannot bite his own head.
     
  8. Halokrauser

    Halokrauser Active Agent

    Oh, of course.
    Finally done. Took me almost an hour.
     
  9. Loki Martin Farbaute

    Loki Martin Farbaute Active Agent

    I'm completely lost here even with all the hints, I know that the report is in heexadecimal, converting them makes no sense whatsoever:

    sbtkKyN`SgIxL~PeT

    So I have no idea what to do, a PM or any other help would be appreciated
     
  10. misstriggermortiss

    misstriggermortiss New Agent

    I cannot figure out what to do now. I am throwing in the towel.
     
  11. Rohzek

    Rohzek Active Agent

    What has you stuck?
     
  12. berzerk0

    berzerk0 Active Agent

    @misstriggermortiss at what stage are you stuck?
    If the other hints in this post haven't helped, start a convo with me
     
  13. HapexIndustries

    HapexIndustries New Agent

    Like some others I am totally stumped by decoding the message. If anyone can help please PM me.

    EDIT: Got it with the help of fathamburger on discord, its simpler than it appears, I swear.
     
    Last edited: May 15, 2018
  14. Rohzek

    Rohzek Active Agent

    Hey guys, so last December I posted a hint for 25.2 and now today, I have a bit more of an iteration on the same hint.

    So I asked the mods if they thought it was appropriate, given how effective of a hint it is...
    [​IMG]
    It seems most of the mods agree it's okay.

    So...

    I've took the java code that I wrote in December and polished it up a lot, made it a runnable jar file, and added a GUI. This can both encode and decode using the Rolling XOR technique, and displays the output in both the encrypted and unencrypted/decrypted binary and hex so that you can look at them side by side, and hopefully better understand how the algorithm works, along with codex-13's picture.

    The GUI:
    [​IMG]

    Here's the link to the project page, if you want to see the code, too. And the runnable jar can be found under the releases. It was written with Java 8 in mind, and it seems Java 10 won't work correctly. (a friend of mine couldn't get it to work on Java 10)
     
    codex-13 likes this.
  15. codex-13

    codex-13 Senior Agent

    Your project is SUPER COOL. I think it's awesome. Just a note though, your image links are broken!
     
  16. Rohzek

    Rohzek Active Agent

    Thanks :)
    I see that. I have no idea why imgur decided to drop it. I'll get it changed as soon as I can. (It's currently blocking my change for being "spam-like")
     

Share This Page