Solving the 2016 NSA Codebreaker Challenge – Task 3

For Task 3 the server component (that the client from Task 2 would communicate with) is provided, along with an encrypted key. The goal of the task is to decrypt the key.

Task 3 – Disarm Capability, Part 1
Thanks to your hard work we were able to eventually geolocate the device and work with military partners to retrieve the system for further analysis. It turned out to be a test system that one of the IED developers had been using in lieu of a live device. We provided the system to a team of software reverse engineers and their preliminary assessment is that we have a fully functional copy of the IED software, a key file, and a dummy driver that emulates the various IED states. Analysts believe that this key file contains the information needed to authenticate to a real IED (somewhere in the field) and send commands to it. Presumably this test system was used to validate the software and key file before it was deployed to an actual IED. Since the key file appears to be encrypted, we are going to need your help to figure out a way to decrypt it. This should enable us to disarm the fielded IED that uses this key, though we will still need to figure out exactly how it is being used for authentication (next task). The goal of this task is for you to obtain the decrypted contents of the key file.

Having the client and server communicate is fairly straightforward. The server is started with the encrypted key file and waits until a client connects.

server starting up

By default, the client tries to connect to a server running on the localhost. It then waits for your input, but that’s for a later task.

client connecting

The encrypted key file, 559018485.key.enc in my case (each user’s problems were slightly different), is a 256 byte file. A quick peek at its contents revealed very little.

The encrypted key

Since this key must be decrypted to be used, the obvious place to start looking was the server executable. Taking an educated guess, I opened the file in a hex editor and searched for “==”. RSA private keys are base64 encoded and their length often dictates they end with the double equal sign for padding. Turns out this was correct.

found a key

This was also really easily found using IDA.

almost too easy
the entire key in IDA

The key in all its glory:

-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEAybhaURwzV74sQlxNInRVIHRgc45MZBoN6uBVeclxWxNX8vHk
Kt5Wic2pp55+iXyTN8lFnl5lA5TrrkogGkgc4wQcYfGMcJQ+0c26lCJoolPhUqmp
jWYGsSlfu0tvI6AcWDK44JSCKsSGrjBXGw5zhXiSX3aFsveWUrp1UJR9G7pmoUK2
noBLU3govRHvGBw3Y/fxa6O+qiU6M1O6Qe5uLnYq626mcqo8JtUXnfBplwRXW1nZ
SqC6ob5zTqIZRN0o5a4I46/HOaAwEhWJdR2ZRFtiudfaHEEpKsxxgdBfBtX6loM2
Veqc8z2EKxyKG7Oa16JWSZGaAv/9wzoAP8oWzwIDAQABAoIBAFOn47TdmCFcWeiP
dOHEEwWpndJughnFgF4W+PvP4fXeWMwFKxXoLUVrCF/eaCXGhxtMmlWqWgQZP4CB
dzzPCUPQkaDA1vhdUowZ4LXMa05esQRiHlHorP/N48i96PKCVR7ysh9ZF357EEuu
+oDbBmek8Dcs5ReqfCoE7+AiJJxZfVoitf4sAKLXp8vFLhWKvwAAbXU53v7X9FpF
6gDcB6AyJFCu0jvr3l1YOh/oGvZD/J+KrEeqG7zU0wMCP123GlZnXzbzVA8aX38f
yNgHSk1JD7A2ZjqH6BNssBGKoFKBNkOTVatFTXzYzFpo+afm+Q42RUr6k8QGe8qv
Zl1Qy8ECgYEA9mYibavs+dvFIKcJtICAPxxlTyqSmpE0IjFn9bw6eBQ7uWORPPXF
Idy8AzGbhHb2R8Jf0dzU/SQjc09nNg7hx+Na+5ynp52J9cXM/NR+Acw1UmzEt2s7
aaz9L7csVwjgo+PiWipU0FSKmr5ghb3YijvRSq1E8Y5oV9sbvm3HD2ECgYEA0ZSK
WfzaB1wslnD99D56f7fhoH7+eGtZcghSyl09DQRP+HgwuWbCXNLRsqlnCY33VXaH
SbnvicVy1rScJ4cJqsibeBFFrUIv/hii2/52yQlK6UQY+wdRgk/KWFRD4gqfNpJJ
g9edXXR9TmKr/DhmU2NMnkzes92aVY+Ml1t4xC8CgYEAglowFpMg8GJK3GZiJQLi
VgEAu6wLGQh+ayR2GjO1Pvd9TSuWl4hx/OMY+BuTabXBvt7e8FiCuVUYCBXWxWuE
GMp3xKrwqyUV6lb1hkAoVW0iPHPcciihqttgqpCePYEtzqZthkPk0L4ZAZp71+VC
nIbex0H5Ok2bd/crq0fKSqECgYEAve0N3/TrpOXcJk2pZrFEFAAQwYC0nW4zNcrj
NC6AyA4TZsmM5keAddw7Wtx32snDzbhHbAHLWSANLROpu4x9rz5y3cFRUmz7zxqG
ZDVbcl4we+pRdRQxwpUKezeJ+QvFMxAo/QjlvC537BQxZbW6zXDcm0xwObHmTglz
0Cp969MCgYBAAe2O7li+npOF1BFJt4AeMu5AQGJOzJVScjhsJ0j65FflTh7INHrc
KiBH2U/TxFJrPDkzZPNpQbDzFv/kZzp1E4X02UZ68lkOVsVlac3jaUGYDt3rDhCm
C/GGMYe7H3Zy5Ygtczxl/tmXm1jHSPAnsEnjjOqS4uxButoWLWsZDw==
-----END RSA PRIVATE KEY-----

I was also able to easily find the public key in IDA when examining the client executable.

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAybhaURwzV74sQlxNInRV
IHRgc45MZBoN6uBVeclxWxNX8vHkKt5Wic2pp55+iXyTN8lFnl5lA5TrrkogGkgc
4wQcYfGMcJQ+0c26lCJoolPhUqmpjWYGsSlfu0tvI6AcWDK44JSCKsSGrjBXGw5z
hXiSX3aFsveWUrp1UJR9G7pmoUK2noBLU3govRHvGBw3Y/fxa6O+qiU6M1O6Qe5u
LnYq626mcqo8JtUXnfBplwRXW1nZSqC6ob5zTqIZRN0o5a4I46/HOaAwEhWJdR2Z
RFtiudfaHEEpKsxxgdBfBtX6loM2Veqc8z2EKxyKG7Oa16JWSZGaAv/9wzoAP8oW
zwIDAQAB
-----END PUBLIC KEY-----

After saving the private key to a file, it could then be used to decrypt the encoded key file:

openssl rsautl -decrypt -in 559018485.key.enc -out 559018485.key -inkey private.key

The decrypted key file’s contents:

otpauth://totp/559018485?secret=Z5ELZYDJ2ZSTXMXCEIQLETFWS25AGZVWOGTEDUEOWB4JFALL5RAQ

Update: The writeup on Task 4 has been posted.

This entry was posted in Crypto, Infosec, Puzzles and tagged , , , , , , , , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *