Of the thousand or so people who took part in the 2016 NSA Codebreaker Challenge, only 15 solved Task 6. I wasn’t one of them, but I figured I’d write-up what I found anyways. This will be two parts, because it’s a little lengthy. The goal was to create a script file, which contained a number of commands for the client executable to execute and hopefully trigger the bomb while it was disarmed. Task 6’s lengthy description: Continue reading →
Task 5 was more complex than the previous tasks, especially since there was no clearly defined way to solve it. I spent more time than I’d like to admit going down a bottomless rabbit hole, before adjusting tactics and fairly quickly discovering the solution. The gist of this task is that the keygen to generate the keys used in the previous two tasks has been discovered and we now need to figure out how to use it to generate keys for all IEDs.
Task 5 – Disarm Capability, Part 3
Great job! We used the code you provided to remotely disarm the IED, which was later found along a route frequented by military transport vehicles. These actions undoubtedly saved the lives of many service members. After disarming the IED, forward-deployed forensic analysts were able to recover several deleted files from the device. The most promising one appears to be the key generator program used to produce device specific keys like the one you recovered in Task 3 and used to generate a one-time code for the IED disarm command in Task 4. If you can find a weakness in how these keys are generated, then we could exploit this to generate valid one-time codes for any IED and remotely disarm it.
Analysts just alerted us of 2 additional IEDs within a few miles radius of military forces. The serial numbers are provided below. We need you to provide valid one-time codes for each one ASAP so we can disarm the devices.
UPDATE: Recent intelligence suggests that the terrorists are using Linux to generate the keys.
Serial Number of Device 1: 1379564839
Serial Number of Device 2: 31376699
The fourth task was probably the most straightforward to complete.
Task 4 – Disarm Capability, Part 2
Perfect! Now that we have the key file we can work on a disarm capability. Several intelligence reports suggest that terrorists use a secure token (i.e., small hardware device) for generating unique one-time codes for authenticating to the IED when sending commands. We believe these codes change over time and are only valid for a certain time window and for specific device serial numbers. Based on previous signatures you provided, we have located the armed IED that is using the same version of software and key serial number from Task 3 and we need to disarm it ASAP. We do not have the secure token that corresponds to the device, but we still need to be able to authenticate to it with the correct code in order to disarm it. Your objective for this task is to figure out how to generate valid one-time codes and provide one that we can use to disarm the IED. The decrypted key file you provided earlier should help with this part.
For Task 3 the server component (that the client from Task 2 would communicate with) is provided, along with an encrypted key. The goal of the task is to decrypt the key.
Task 3 – Disarm Capability, Part 1
Thanks to your hard work we were able to eventually geolocate the device and work with military partners to retrieve the system for further analysis. It turned out to be a test system that one of the IED developers had been using in lieu of a live device. We provided the system to a team of software reverse engineers and their preliminary assessment is that we have a fully functional copy of the IED software, a key file, and a dummy driver that emulates the various IED states. Analysts believe that this key file contains the information needed to authenticate to a real IED (somewhere in the field) and send commands to it. Presumably this test system was used to validate the software and key file before it was deployed to an actual IED. Since the key file appears to be encrypted, we are going to need your help to figure out a way to decrypt it. This should enable us to disarm the fielded IED that uses this key, though we will still need to figure out exactly how it is being used for authentication (next task). The goal of this task is for you to obtain the decrypted contents of the key file.
The second task contained some network traffic (in a pcap file) and a request to find the IP address of the undetonated IED by finding a string in the traffic.
Task 2 – Information Gathering and Triage, Part 2
Great work! Based on the signatures you provided, we were able to collect network communications that we believe contains traffic to an IED that is about to be detonated. Unfortunately, there appears to be a lot of unrelated network traffic in the collected data since other programs use the same port. Using the provided packet capture file (PCAP), we need your help to create more specific signatures for identifying network communications with the IED. This would be a huge first step in detecting when an IED has been armed, for example, which would allow us to alert troops in the region around where the signal was collected. For this task, your goals are to identify the version string sent by the client software when initiating a connection to the IED and to determine the IP address of the undetonated IED from the packet capture.
UPDATE: Intelligence suggests that the version strings are 11 characters long and look something like x.x-xxxxxxx
The first task was pretty straightforward. A client binary was provided, and some information about it was requested.
Task 1 – Information Gathering and Triage, Part 1
A military organization captured a laptop of a known explosives expert within a terrorist organization. Further analysis revealed that the laptop contained a debug version of the remote client interface that the individual used to communicate with the IEDs. To help detect other client programs in use, we are cataloging binary signatures and basic network signatures for every version of the IED software we find. To support these efforts, your task is to compute the SHA256 hash of the client binary and identify the source and destination TCP ports that it uses when connecting to an IED.
2016 was the 4th year the NSA ran its Codebreaker Challenge. It’s targeted at US college students, but anyone with a .edu email address at their disposal can join in the fun. Each year they have a series of challenges based on a unique scenario. This year the challenges revolved around remotely controlled IEDs.
Terrorists have recently developed a new type of remotely controlled Improvised Explosive Device (IED), making it harder for the U.S. Armed Forces to detect and ultimately prevent roadside bomb attacks against troops deployed overseas. The National Security Agency (NSA), in accordance with its support to military operations mission, has been asked to develop capabilities for use against this new threat. This will consist of six tasks of increasing difficulty, with the ultimate goals of being able to disarm the IEDs remotely and permanently render them inoperable without the risk of civilian casualties.
In the history of cryptography, the Nihilist cipher is a manually operated symmetric encryption cipher originally used by Russian Nihilists in the 1880s to organize terrorism against the tsarist regime.
AMSCO is an incomplete columnar transposition cipher. A bit to unpack there, but basically that means that you’re putting the message into columns and those columns may not have equal lengths. It was invented by an A.M. Scott in the 19th century, but strangely there is almost nothing online about him.
The AMSCO cipher has two main components. The first is the plain text you wish to encrypt. The second is the numeric key. The key can be a max length of 9 and must contain the numbers 1-n, with n being the length of the key. 1234 and 4132 would both be valid keys, but 1245 would not.