Brits only I guess...
Crack GCHQ's code and become the next James Bond • The Register
Brits only I guess...
Crack GCHQ's code and become the next James Bond • The Register
Wow... interesting challenge...
Of course the general incompetence of it all means that the only interesting part of the page you CANNOT copy/paste is the code itself.
Or maybe that's the challenge - who's dumb enough to retype or scan it to begin with.
If you dance barefoot on the broken glass of undefined behaviour, you've got to expect the occasional cut.
If at first you don't succeed, try writing your phone number on the exam paper.
I never really had any aspirations for that sort of thing - although I do find cryptography fascinating - but I always thought it would be cool to be a professional assassin.
Ah, a bit of stenography - maybe
But the role will be more like Q rather than Bond - surely.
If you dance barefoot on the broken glass of undefined behaviour, you've got to expect the occasional cut.
If at first you don't succeed, try writing your phone number on the exam paper.
Oh well, won't be long til we get all the answers. They're bound to leave a phone/laptop/memory stick containing them on a train sooner rather than later. I wonder if leaving sensitive information in public places is part of the training course.
>>But the role will be more like Q rather than Bond - surely.
Either way, you wont get to sleep with Eva Green or Gemma Arterton...that's for sure.
>>Oh well, won't be long til we get all the answers. They're bound to leave a phone/laptop/memory stick containing them on a train sooner rather than later.
Hehe...How true.
I suppose we could go all Mission Impossible on them and break into their head offices...
It's obviously x86 machine code. Here's the disassembly:
It's some kind of code fragment. I mean, it's freaking obvious.Code:00000000 EB04 jmp short 0x6 00000002 AF scasd 00000003 C2BFA3 ret 0xa3bf 00000006 81EC00010000 sub esp,0x100 0000000C 31C9 xor ecx,ecx 0000000E 880C0C mov [esp+ecx],cl 00000011 FEC1 inc cl 00000013 75F9 jnz 0xe 00000015 31C0 xor eax,eax 00000017 BAEFBEADDE mov edx,0xdeadbeef 0000001C 02040C add al,[esp+ecx] 0000001F 00D0 add al,dl 00000021 C1CA08 ror edx,0x8 00000024 8A1C0C mov bl,[esp+ecx] 00000027 8A3C04 mov bh,[esp+eax] 0000002A 881C04 mov [esp+eax],bl 0000002D 883C0C mov [esp+ecx],bh 00000030 FEC1 inc cl 00000032 75E8 jnz 0x1c 00000034 E95C000000 jmp dword 0x95 00000039 89E3 mov ebx,esp 0000003B 81C304000000 add ebx,0x4 00000041 5C pop esp 00000042 58 pop eax 00000043 3D41414141 cmp eax,0x41414141 00000048 7543 jnz 0x8d 0000004A 58 pop eax 0000004B 3D42424242 cmp eax,0x42424242 00000050 753B jnz 0x8d 00000052 5A pop edx 00000053 89D1 mov ecx,edx 00000055 89E6 mov esi,esp 00000057 89DF mov edi,ebx 00000059 29CF sub edi,ecx 0000005B F3A4 rep movsb 0000005D 89DE mov esi,ebx 0000005F 89D1 mov ecx,edx 00000061 89DF mov edi,ebx 00000063 29CF sub edi,ecx 00000065 31C0 xor eax,eax 00000067 31DB xor ebx,ebx 00000069 31D2 xor edx,edx 0000006B FEC0 inc al 0000006D 021C06 add bl,[esi+eax] 00000070 8A1406 mov dl,[esi+eax] 00000073 8A341E mov dh,[esi+ebx] 00000076 883406 mov [esi+eax],dh 00000079 88141E mov [esi+ebx],dl 0000007C 00F2 add dl,dh 0000007E 30F6 xor dh,dh 00000080 8A1C16 mov bl,[esi+edx] 00000083 8A17 mov dl,[edi] 00000085 30DA xor dl,bl 00000087 8817 mov [edi],dl 00000089 47 inc edi 0000008A 49 dec ecx 0000008B 75DE jnz 0x6b 0000008D 31DB xor ebx,ebx 0000008F 89D8 mov eax,ebx 00000091 FEC0 inc al 00000093 CD80 int 0x80 00000095 90 nop 00000096 90 nop 00000097 E89DFFFFFF call dword 0x39 0000009C 41 inc ecx 0000009D 41 inc ecx 0000009E 41 inc ecx 0000009F 41 inc ecx
EDIT: Code was wrong.
EDIT EDIT: It's invoking int 0x80 which is a Linux system call.
Last edited by brewbuck; 12-01-2011 at 05:47 PM.
Code://try //{ if (a) do { f( b); } while(1); else do { f(!b); } while(1); //}
Instantaneous recognition, the giveaway is that it begins with 'EB 04' which is a short-range branch, contains "CD 80" which is a Linux system call (in this case, eax is set to 1, which means "exit process"), it also has runs of zero bytes in it series of "90 90" which is a NOP sequence, in general it just stinks like code.
I managed to turn it into an executable and run it, it fills a 256-byte array with the values "0 1 2 3 4 5 ... 255" and then performs some sort of operation on it which produces another set of values. I have not gotten any further. It is DEFINITELY executable code.
More than likely, it doesn't run precisely on it's own -- the key is those "cmp eax,0x41414141" and "cmp eax,0x42424242" instructions, those comparisons are used to terminate the loop.. The loop terminates right away, but chances are this code needs to be embedded into some larger context to make the right thing happen.
This function also calls itself recursively, which means it may execute a series of operations on the original sequence of numbers, reducing it gradually to some kind of result. More investigation later.
Last edited by brewbuck; 12-01-2011 at 06:09 PM.
Code://try //{ if (a) do { f( b); } while(1); else do { f(!b); } while(1); //}
Just to make the point: if anyone cracks it, please don't post the method before the puzzle expires.