Difference between revisions of "User talk:Abliss"

From Exploitee.rs
Jump to navigationJump to search
(Pad strategy.)
 
 
Line 1: Line 1:
Nice work on extending the pad!  What approach are you using?  I enhanced my file-crossreferencer so that in addition to knowing the valid character set of each of the six files, it understands the Intel .hex file format enough to force a colon after a definite \r\n, disallow colon if not on the line after a possible \n, disallow colon within 12 chars of a definite colon, and such.  After that I've been using manual pattern searching to find standard shell script patterns in the possibilities (e.g. "| grep") and then run a manual search of the dictionary file for sequences of options that look like they could be dictionary words.  A lot of brute force, but it's at least revealing the contents of the shell scripts.  The tgz files would require that we figure out the pattern though.
Nice work on extending the pad!  What approach are you using?  I enhanced my file-crossreferencer so that in addition to knowing the valid character set of each of the six files, it understands the Intel .hex file format enough to force a colon after a definite \r\n, disallow colon if not on the line after a possible \n, disallow colon within 12 chars of a definite colon, and such.  After that I've been using manual pattern searching to find standard shell script patterns in the possibilities (e.g. "| grep") and then run a manual search of the dictionary file for sequences of options that look like they could be dictionary words.  A lot of brute force, but it's at least revealing the contents of the shell scripts.  The tgz files would require that we figure out the pattern though.
* I have just been going one character at a time, trying to "intuit" the next character by looking at the shell scripts.  Sometimes I go back and change my earlier answers once I see later bytes, and I periodically manually check the hex file for sanity and checksums.  I posted my perl script on the discussion page.  It's kinda fun actually, but exhausting and slow.  I was toying with the idea of turning it into a MMOG so we could all collaboratively figure out the puzzle, but it's probably not worth it for the ~1kb that we'll be able to do this way.  My hunch is that the pad is just the output of a standard PRNG with a 32-bit seed... perhaps with enough compute time we could brute-force it based one the first hundred bytes or so. --[[User:Abliss|Abliss]] 17:09, 11 February 2011 (CST)

Latest revision as of 23:09, 11 February 2011

Nice work on extending the pad! What approach are you using? I enhanced my file-crossreferencer so that in addition to knowing the valid character set of each of the six files, it understands the Intel .hex file format enough to force a colon after a definite \r\n, disallow colon if not on the line after a possible \n, disallow colon within 12 chars of a definite colon, and such. After that I've been using manual pattern searching to find standard shell script patterns in the possibilities (e.g. "| grep") and then run a manual search of the dictionary file for sequences of options that look like they could be dictionary words. A lot of brute force, but it's at least revealing the contents of the shell scripts. The tgz files would require that we figure out the pattern though.

  • I have just been going one character at a time, trying to "intuit" the next character by looking at the shell scripts. Sometimes I go back and change my earlier answers once I see later bytes, and I periodically manually check the hex file for sanity and checksums. I posted my perl script on the discussion page. It's kinda fun actually, but exhausting and slow. I was toying with the idea of turning it into a MMOG so we could all collaboratively figure out the puzzle, but it's probably not worth it for the ~1kb that we'll be able to do this way. My hunch is that the pad is just the output of a standard PRNG with a 32-bit seed... perhaps with enough compute time we could brute-force it based one the first hundred bytes or so. --Abliss 17:09, 11 February 2011 (CST)