Objectives Accomplished:

1. re-installed Ghidra

2. re-downloaded: Wireshark, DB Browser for SQLite, Spark (since they may be used again)

3. reviewed Jacob Elliot's tutorial of solutions for the 2019 Codebreaker challenge 2019

4. reviewed 2019 Codebreaker reverse engineering lecture slides

5. practiced 2 crackme challenges to review how Ghidra works

YINGFEI: 9/3/2020. Two directions from here. (1) Please try the SFS CON tutorial and write a report on that. (2) Try the 2019 tasks following the videos.

Objectives Accomplished:

1. Reviewed SFS CON tutorial (both parts)

a) read through the introductory slides, which was mostly review

b) attempted examples in the Improving Disassembly and Decompilation slides (some completed correctly, but I don't have a great understanding of assembly so not all of it made sense to me)

2. Completed Codebreaker 2019 Task 5

a) decompile python file, notice vulnerability in OAUTH protocol implementation

b) log in to app with emulator and retrieve generated access token through the logcat

c) using Spark, log in as the cell leader (username) and the access token (password)

*make sure to manually set host as chat.terrortime.app and port as 443

d) masquerade as other members and figure out their contacts in the offline users listing to derive the following list:

e) top level organization leader identified as Alessandro

f) log in as Alessandro in Spark

g) send packet with Spark to the server to request chat messages

h) find most recent message and validate JSON to check

i) upload answers to codebreaker website

*see images from this task at google drive linked below

3. Reviewing additional Ghidra tutorials (all videos/tutorials listed in the Ghidra references have been watched)

4. Completed Codebreaker 2019 Task 6a

a) generate custom public key (https://travistidwell.com/jsencrypt/demo/)

b) log in to app with emulator and retrieve generated access token through the logcat

c) using Spark, log in as the top level organization leader (username) and the access token (password)

d) scroll through messages and find original public key (save this for now, you need it in the next task)

e) set the public key to your key by sending the following packet

f) verify that the public key has changed

g) paste your public key into dB file

h) add the x-name for the first member into the dB file

i) apply changes and write to dB

j) run emulator and delete dB file in data/data/com.badguy.... folder then upload new one

k) log in normally

l) send message to a cell leader and record who you've messaged

m) in Spark, send packet to make a get message request

n) find the latest message (it should be the one you've just sent) and validate JSON to check

o) upload answers to codebreaker website

*see google drive below for slides and process photos

Objectives Accomplished:

1. Completed Codebreaker 2019 Task 6b

a) set the top level organization leader's public key back to the original in Spark so they will still be able to send/receive messages

b) generate public key and private to insert into dB file (this is how we will recover the terrorist's messages), alternately just use the pair generated in the previous task

(https://travistidwell.com/jsencrypt/demo/)

c) make list of all members in the organization/ consolidate list from task 5

d) paste public key into dB file

e) add the x-name for the first member into the dB file

f) apply changes and write to dB

g) run emulator and delete dB file in data/data/com.badguy.... folder then upload new one

h) log in normally

i) repeat steps e-h for all members of the organization

j) upload answers to codebreaker website

*see google drive below for slides and process photos

2. Began working on Task 7, but website has now transitioned, and I didn't manage to get very far anyway

3. Registered for 2020 codebreaker challenge, dates/tasks have not yet been released. Read through challenge summary.

• tasks will be released in 2 phases

• story-focus of this year's challenge concerns a fictitious kidnapping

Objectives Accomplished:

1. Went through examples (SFS CON) in the Improving Disassembly and Decompilation

a) I worked through these slides in week 2, but I wanted to go back and see if I could understand more of it this time around — still found the instructions a bit esoteric

2. Watched this tutorial on reverse engineering WannaCry (did not follow along cause I don't have a test computer and I don't want to download that onto my laptop)

a) Pt1: https://www.youtube.com/watch?v=Sv8yu12y5zM

b) Pt2: https://www.youtube.com/watch?v=Q90uZS3taG0

3. Tried these crackmes, most of which were pretty simple

a) https://crackmes.one/crackme/5ed0584b33c5d449d91ae67b (completed)

b) https://crackmes.one/crackme/5c11dcaf33c5d41e58e00578 (completed)

c) https://crackmes.one/crackme/5c95646333c5d46ecd37c960 (attempted)

d) https://crackmes.one/crackme/5cc1117833c5d4419da558dc (attempted)

* a lot of the crackmes won't run on MAC OS so my options are a little limited, I've been kind of just poking around in Ghidra for the executables that won't run and trying to make sense of them without checking

Objectives Accomplished:

1. Installed Oracle VM and Ubuntu

a) macOS Catalina does not like Virtualbox, I had to search through various forums for hours to get my computer to install Linux.

b) what ended up working was launching the program via the mac Terminal prefaced with the sudo command.

c) VM file for SFS didn't seem to have anything that's not already in Ghidra's docs/GhidraClass/ExcerciseFiles

YINGFEI: you can try VMware Workstation or VMware Player. UH students can ask for free licenses. Go to this link https://www.hawaii.edu/sitelic/vmware/vmware.html

2. Codebreaker Website says it will launch the challenge in 5-6 days (next week Thursday)

3. Took another look at the 2nd part of Jack Ward's tutorial on crackmes, particularly the solution to the 8th crackme

4. Attempted this crackme (https://crackmes.one/crackme/5c95646333c5d46ecd37c960), but I think Ghidra is decompiling poorly.

5. Did this crackme (https://crackmes.one/crackme/5ed3cd9a33c5d449d91ae6b1)

a) Not super hard, but a little more involved than some of the ones I was doing earlier

b) program uses the gettimeofday command to read a seconds and microseconds value from the linux shell

c) the following pseudocode illustrates how a password is generated:

micromath = microseconds/1000 + seconds*1000

cross = sum digits in microseconds

password = micromath % (microseconds*cross)

d) I wrote a c program that replicates the password generating scheme described above, of course a different password is generated every time the program is run.

e) attempted to pipe the output of my password generating program into the crackme executable, but I think either I'm doing something wrong or it needs to be entered manually

f) checked myself against the solution, and it looks like I solved the crackme correctly

Objectives Accomplished:

1. Completed Task 1

a) determine username and encrypted file

b) going through the directories there is a path: home/JadenGraytwig596 which has documents, downloads, etc. so the username is JadenGraytwig596

c) there is only one file that is clearly encrypted, which is labeled passwords

2. Working on Task 2

a) not sure how to decrypt the password file, information reads: application/octet-stream; charset=binary

b) from password hints file it looks like the keychain might be what is used to unlock the file

c) keychain = pet's name + pet's birthday

d) the pet's name is Birdie, from the introduction to the blog

e) the birthday is probably January 10th, given that there is a photo of the cat's birthday and the photo's metadata shows that it was taken on the 10th of January 2019

e) the password is probably something like "birdiejan10" however nothing I've tried has worked yet

3. Started on Task 4

a) used the JSON accelerometer data to generate a velocity and displacement graph in MATLAB

b) we can see that the car travels as follows:

1 block, stops

2 blocks, stops

1 block, turn, 1 block, stops

1 block, stops

1 block, stops

2 blocks, stops

1 block, stops

1 block, stops

c) we also know that the kidnappers headed to the east and from the velocity/displacement charts that they must not have traveled more than 11 blocks and more than 10 in any given direction.

d) comparing this to the city map we can figure out which paths are possible, its kind of complicated though since the lights change every 30s.

Objectives Accomplished:

1. Task 2 Completed

a) from last week, password is pet name + birthday

b) name = birdie, birthday = january 10th

c) after testing different versions, the correct password was: Birdie0110

*see attached files in google drive

2. Task 4 Completed

a) using the data vector from the JSON file I created a MATLAB file that integrated the data and plotted it to give an acceleration, velocity, and displacement chart and then determined what the car was doing at each step (from last week). I drew lines about every 30s to show where the lights changed and notated T (true) for the 1st light arrangement and F (false) for the 2nd in order to keep track.

b) I traced the car's path along the map based the stop lights and what was logical, (e.g. if the light is green you wouldn't stop unless you were planning to turn, therefore if only one block is traveled within a certain time interval it is because the car has either hit a stop light and can't go forward, or is planning to turn, but can't)

c) determined the last intersection to be G,14

*see attached files in google drive for visuals

3. Task 3 completed

a) openssl seems like it may be what was used to encrypt the file, esp since the system is probably from a linux OS

b) changing the file to a txt file and running: $openssl enc -aes-256-cbc -d -in testlock.txt -out testout.txt
returns bad magic number which means that the decryption failed however the command was appropriate

c) adding the modifier -a to the command yields an error that the file couldn't be read, which is the standard error if you running some openssl command wrong, since the error does not show up in the other case, we can assume that the decryption is first base64 decoded. It also shows that since there is no error in the other case this protocol may work with a different cipher.

d) openssl ciphers are, aes-256-cbc seems most likely, but it was not successful:

e) downloaded gnupg and tried to decrypt using that, which was successful, I guess that is what was used (specifically a AES256 CFB encryption)

f) decrypted file is a SQL file so I opened it in the DBbrowser.

g) passwords themselves are still encrypted, looks like: "<~6>UdU6>:INBk8tU1GLR=0fT~>"

h) I noticed that every entry begins with "<~" and ends with "~>" so after much googling I determined that this is encoded using ASCII85 because that is how that scheme is wrapped

i) using https://www.dcode.fr/ascii-85-encoding I am now able to decode the passwords, one of which is the login for the app, and the other is the password

h) what each password goes to is not clear, however when I open the dB in textedit I can see entries for stepinator, house alarm, login, music, work server, blog, bank, and email and by cross referencing this with the password hints file we can determine what goes with what

j) I was able to identify the stepinator account

*see photos and references in google drive

Continuing Task 5:

1. Determined that the log file will end up be formatted as a GPS NMEA 0183 file (there is a part of the code that mentions NMEA0183)

2. the go language is used to encrypt the file with an AES encryption which is done in the crypto/aes.NewCipher function. See https://golang.org/pkg/crypto/aes/#NewCipher for more documentation, see https://golang.org/src/crypto/cipher/example_test.go for an example.

3. The key is generated in the main.generate_key function and the file is encrypted through the aes.NewCipher function which presumably takes this key as the input, these tasks are run via the main.setup_cipher function which calls both of these other functions

4. Looking at the function call it looks like there are 10 inputs that have an undefined length (but it looks like most are passed chars, so 8-bit), param8 and param9 are both given as 1 bytes, and then the remaining are explicitly given as 8 bytes. However, I know that this isn't possible, so Ghidra must have messed up somewhere. I'm guessing the final key will end up being around 128 bits, but it's hard to tell because it's not clear how large some the inputs are, oit's als kind of weird that Ghidra gives the function a 17 parameter input. Assuming that 15 of the inputs are char-type and two are int-type that would give 128 bits total, which seems the most logical given the amount of char casts in the call.

5. Another folder mentions aes cbc encryption so I believe that we will need to use the AES 128 CBC format to decrypt the file, but I'm still not certain if I have the key length right.

6. I started trying to determine the input values to the newcipher function and I am making slow progress, there is a flow override that I'm not sure how to fix which I think is impacting Ghidra's ability to analyze the function a bunch of the numbers can't be traced, they just kind of appear out of nothing because the Ghidra can't figure out where they are coming from.

7. I'm pretty confused as to what is going on with the function's input, there's a lot going on and Ghidra is definitely not giving me correct data types for everything. There is also something that looks like an arithmetic shift to me, but maybe it's some other Ghidra notation.

*see uploaded images for reference

Continuing Task 5:

1. Not a lot of progress made, a lot of trying things out and then making the file worse

2. Tried to fix the overflow error by disabling the Non-Returning Function -Discoverable analyzer and re-analyzing, which does help to clean up the code considerably, however it also calls the relevant functions with no input arguments, which isn't very helpful

3. Tried using the FixupNoReturn Script in Ghidra to repair non-returning functions, which worked in some areas, but did not help to resolve the issues with the main.start.logging not being linked to anywhere

4. Tried using auto-override and "clear flow & repair" to fix issues, this runs but often causes the same issues as in the 2nd approach

5. Tried to fix the function signature for main.generate.key to better match the input values given in main.setup.cipher, this ended up making the whole thing much worse and I ended up going back to an earlier save of the file

6. A number of the key inputs are repeated or are taken from a shared variable; I have narrowed important variables in the main.setup.cipher function to be local_b8 and local_f0, which are used multiple times in the key, but I have been unable to determine their values

7. Below is a summary of notes on the key and what I think some of the values may be:

8. Found a note in the note.go.buildid which looked like it might be relevant (see below), looked it up and it is not relevant

9. Went through data and label files to try and find clues, was not successful

10. found clarifying information in crypto/aes.newcipher about how the 17 parameters are generating a new cipher

11. I might move on to the next task next week because I don't feel like I'm really making progress on this right now

Objectives Accomplished:

1. This week: Busy working on poster, project sign up, zoom link, and the two outreach videos

2. Last week I started researching Hamming codes to start on task 6, which I still need to learn more about

Objectives Accomplished:

1. Read about Hamming Codes from these articles

http://users.cs.fiu.edu/~downeyt/cop3402/hamming.html

https://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.734.9474&rep=rep1&type=pdf

https://www.gaussianwaves.com/2008/05/hamming-codes-how-it-works/#:~:text=Hamming%20codes%20can%20be%20implemented,Hamming%20code%20is%20described%20next

https://web.stanford.edu/class/ee387/handouts/notes04.pdf

https://ocw.mit.edu/courses/electrical-engineering-and-computer-science/6-02-introduction-to-eecs-ii-digital-communication-systems-fall-2012/lecture-slides/MIT6_02F12_lec05.pdf

https://peer.asee.org/using-the-matlab-communications-toolbox-to-look-at-cyclic-coding.pdf

https://orion.math.iastate.edu/linglong/Math690F04/HammingCodes.pdf

https://en.wikipedia.org/wiki/Hamming_code

https://en.wikipedia.org/wiki/Hamming(7,4)

and IEEE-754 ...

https://en.wikipedia.org/wiki/Half-precision_floating-point_format

2. Managed to save binary to MATLAB (.mat file), which one would think would be easy however it was a massive pain. I tried to convert the file into a binary representation and then import into MATLAB, but the file was so large that MATLAB had a difficult time processing it. I ended up doing some research and I found a different way to import the original signal.ham file and then flipped the bits (little endian) once imported and checked myself by comparing it to the first binary file. After a lot of trial and error I ended up with an arrary stored in a .mat file that was the entire sequence, separated in sections of 1 byte sections *see drive for files

3. Found this documentation on reading video from binary file, may be useful later

https://www.mathworks.com/help/vision/ref/vision.binaryfilereader-system-object.html

4. Right now, I am focusing on trying to get a correct parity-check matrix, however I have not been successful so far

a) I am operating under the assumption that the final matrix will be in systematic form, which may or may not be correct

b) I have written a MATLAB code to generate an automatic parity check matrix and provide an output in JSON format so I can just paste that into the codebreaker site and see if I'm correct.

c) Codebreaker website not working, not sure if it's just my computer, but I haven't been able to check anything

d) Once the site is working for me I'll try the default 16-bit hamming code H matrix that is generated by MATLAB's hammgen function in systematic form, if that isn't correct then I'll try variations on the 7,4 again

https://www.mathworks.com/help/comm/ref/hammgen.html

e) looking at the binary it is difficult to tell what the hamming code size is, not sure if there are any ways to tell what the length should be based on patterns in the binary

Objectives Accomplished:

1. Started working on report

2. looked at https://www.mathworks.com/help/vision/ref/videoviewer.html#f446207, but I'm not sure how to get it to work with a data stream and I was not able to find a tutorial

a) using the data I have below I tried to run it but all I am getting is a straight black line

3. Continued to look at the IEEE 754 binary16 values in little-endian format

4. Wrote code in MATLAB to convert the file binary to the floats described in the challenge, this what I've spent most of my time on.

a) this took a long time for me to figure out however I think I have it correct now...

b) I ended up writing a test binary file of 2 bytes using an example in the wikipedia article and manually arranging the bytes to be 16bit LE

c) I used this test file to develop a program to read the binary file provided and convert it to floats

d) The code extracts the binary from the file and converts every 16 bits to a float using the IEEE 754 half precision format

e.g. 0 01110 1111111111, from the LHS: bit 0 is the sign bit, bits 1-5 are the exponent (e), and bits 6-15 are the mantissa (m)

the float is then calculated as ±1 * 2^(e-15) * (1+m/1024) so for these 16 bits the float is ~0.99951172

e) checking my results against the wikipedia example I was able to verify my program

d) I used the program to extract the first 32317 numbers in the data sequence

5. the next step will be to try to determine the hamming code used to decode the signal, none of the parity check matrices I have tried on the codebreaker website have been sucessfull so far

Objectives Accomplished: