Solving the 2016 NSA Codebreaker Challenge – Task 4

The fourth task was probably the most straightforward to complete.

Task 4 – Disarm Capability, Part 2
Perfect! Now that we have the key file we can work on a disarm capability. Several intelligence reports suggest that terrorists use a secure token (i.e., small hardware device) for generating unique one-time codes for authenticating to the IED when sending commands. We believe these codes change over time and are only valid for a certain time window and for specific device serial numbers. Based on previous signatures you provided, we have located the armed IED that is using the same version of software and key serial number from Task 3 and we need to disarm it ASAP. We do not have the secure token that corresponds to the device, but we still need to be able to authenticate to it with the correct code in order to disarm it. Your objective for this task is to figure out how to generate valid one-time codes and provide one that we can use to disarm the IED. The decrypted key file you provided earlier should help with this part.

The key file we decrypted from Task 3 is for generating time-based one-time passwords.

otpauth://totp/559018485?secret=Z5ELZYDJ2ZSTXMXCEIQLETFWS25AGZVWOGTEDUEOWB4JFALL5RAQ

Using the codes it generates allows the client (from Task 2) to communicate with the server (from Task 3). Without these codes, the client can’t do anything.

bad totp token

Two ways to generate these tokens. A simple way is to install oathtool in Linux.

sudo apt install oathtool

With that code you can now issue commands to the server.

success

These codes are only good for a certain time window. Another way to generate them is in code. Using the authenticator module in Node also makes this pretty simple.

var authenticator = require('authenticator');
var formattedKey = "Z5ELZYDJ2ZSTXMXCEIQLETFWS25AGZVWOGTEDUEOWB4JFALL5RAQ";
var formattedToken = authenticator.generateToken(formattedKey);
console.log(formattedToken);

And with these proper OTP codes we can disarm the bombs.

almost as exciting as the hurt locker

Update: The writeup on Task 5 has been posted.

This entry was posted in Crypto, Infosec, Puzzles and tagged , , , , , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *