Thread: Anyone fancy becoming a spook?

  1. #1
    &TH of undefined behavior Fordy's Avatar
    Join Date
    Aug 2001
    Posts
    5,793

    Anyone fancy becoming a spook?


  2. #2
    Banned
    Join Date
    Aug 2010
    Location
    Ontario Canada
    Posts
    9,547
    Wow... interesting challenge...

  3. #3
    and the hat of int overfl Salem's Avatar
    Join Date
    Aug 2001
    Location
    The edge of the known universe
    Posts
    39,656
    Of course the general incompetence of it all means that the only interesting part of the page you CANNOT copy/paste is the code itself.

    Or maybe that's the challenge - who's dumb enough to retype or scan it to begin with.
    If you dance barefoot on the broken glass of undefined behaviour, you've got to expect the occasional cut.
    If at first you don't succeed, try writing your phone number on the exam paper.

  4. #4
    Registered User
    Join Date
    Oct 2006
    Posts
    3,445
    I never really had any aspirations for that sort of thing - although I do find cryptography fascinating - but I always thought it would be cool to be a professional assassin.

  5. #5
    &TH of undefined behavior Fordy's Avatar
    Join Date
    Aug 2001
    Posts
    5,793
    Quote Originally Posted by Salem View Post
    Of course the general incompetence of it all means that the only interesting part of the page you CANNOT copy/paste is the code itself.

    Or maybe that's the challenge - who's dumb enough to retype or scan it to begin with.
    I wondered that...unless the real code is encoded into the image format...

  6. #6
    and the hat of int overfl Salem's Avatar
    Join Date
    Aug 2001
    Location
    The edge of the known universe
    Posts
    39,656
    Ah, a bit of stenography - maybe

    But the role will be more like Q rather than Bond - surely.
    If you dance barefoot on the broken glass of undefined behaviour, you've got to expect the occasional cut.
    If at first you don't succeed, try writing your phone number on the exam paper.

  7. #7
    'Allo, 'Allo, Allo
    Join Date
    Apr 2008
    Posts
    639
    Oh well, won't be long til we get all the answers. They're bound to leave a phone/laptop/memory stick containing them on a train sooner rather than later. I wonder if leaving sensitive information in public places is part of the training course.

  8. #8
    &TH of undefined behavior Fordy's Avatar
    Join Date
    Aug 2001
    Posts
    5,793
    >>But the role will be more like Q rather than Bond - surely.

    Either way, you wont get to sleep with Eva Green or Gemma Arterton...that's for sure.

    >>Oh well, won't be long til we get all the answers. They're bound to leave a phone/laptop/memory stick containing them on a train sooner rather than later.

    Hehe...How true.

  9. #9
    Banned
    Join Date
    Aug 2010
    Location
    Ontario Canada
    Posts
    9,547
    I suppose we could go all Mission Impossible on them and break into their head offices...

  10. #10
    Unregistered User Yarin's Avatar
    Join Date
    Jul 2007
    Posts
    2,158
    Quote Originally Posted by Fordy View Post
    I wondered that...unless the real code is encoded into the image format...
    That's exactly what I was thinking

  11. #11
    Officially An Architect brewbuck's Avatar
    Join Date
    Mar 2007
    Location
    Portland, OR
    Posts
    7,396
    It's obviously x86 machine code. Here's the disassembly:

    Code:
    00000000  EB04              jmp short 0x6
    00000002  AF                scasd
    00000003  C2BFA3            ret 0xa3bf
    00000006  81EC00010000      sub esp,0x100
    0000000C  31C9              xor ecx,ecx
    0000000E  880C0C            mov [esp+ecx],cl
    00000011  FEC1              inc cl
    00000013  75F9              jnz 0xe
    00000015  31C0              xor eax,eax
    00000017  BAEFBEADDE        mov edx,0xdeadbeef
    0000001C  02040C            add al,[esp+ecx]
    0000001F  00D0              add al,dl
    00000021  C1CA08            ror edx,0x8
    00000024  8A1C0C            mov bl,[esp+ecx]
    00000027  8A3C04            mov bh,[esp+eax]
    0000002A  881C04            mov [esp+eax],bl
    0000002D  883C0C            mov [esp+ecx],bh
    00000030  FEC1              inc cl
    00000032  75E8              jnz 0x1c
    00000034  E95C000000        jmp dword 0x95
    00000039  89E3              mov ebx,esp
    0000003B  81C304000000      add ebx,0x4
    00000041  5C                pop esp
    00000042  58                pop eax
    00000043  3D41414141        cmp eax,0x41414141
    00000048  7543              jnz 0x8d
    0000004A  58                pop eax
    0000004B  3D42424242        cmp eax,0x42424242
    00000050  753B              jnz 0x8d
    00000052  5A                pop edx
    00000053  89D1              mov ecx,edx
    00000055  89E6              mov esi,esp
    00000057  89DF              mov edi,ebx
    00000059  29CF              sub edi,ecx
    0000005B  F3A4              rep movsb
    0000005D  89DE              mov esi,ebx
    0000005F  89D1              mov ecx,edx
    00000061  89DF              mov edi,ebx
    00000063  29CF              sub edi,ecx
    00000065  31C0              xor eax,eax
    00000067  31DB              xor ebx,ebx
    00000069  31D2              xor edx,edx
    0000006B  FEC0              inc al
    0000006D  021C06            add bl,[esi+eax]
    00000070  8A1406            mov dl,[esi+eax]
    00000073  8A341E            mov dh,[esi+ebx]
    00000076  883406            mov [esi+eax],dh
    00000079  88141E            mov [esi+ebx],dl
    0000007C  00F2              add dl,dh
    0000007E  30F6              xor dh,dh
    00000080  8A1C16            mov bl,[esi+edx]
    00000083  8A17              mov dl,[edi]
    00000085  30DA              xor dl,bl
    00000087  8817              mov [edi],dl
    00000089  47                inc edi
    0000008A  49                dec ecx
    0000008B  75DE              jnz 0x6b
    0000008D  31DB              xor ebx,ebx
    0000008F  89D8              mov eax,ebx
    00000091  FEC0              inc al
    00000093  CD80              int 0x80
    00000095  90                nop
    00000096  90                nop
    00000097  E89DFFFFFF        call dword 0x39
    0000009C  41                inc ecx
    0000009D  41                inc ecx
    0000009E  41                inc ecx
    0000009F  41                inc ecx
    It's some kind of code fragment. I mean, it's freaking obvious.

    EDIT: Code was wrong.

    EDIT EDIT: It's invoking int 0x80 which is a Linux system call.
    Last edited by brewbuck; 12-01-2011 at 05:47 PM.
    Code:
    //try
    //{
    	if (a) do { f( b); } while(1);
    	else   do { f(!b); } while(1);
    //}

  12. #12
    Unregistered User Yarin's Avatar
    Join Date
    Jul 2007
    Posts
    2,158
    Quote Originally Posted by brewbuck View Post
    It's some kind of code fragment. I mean, it's freaking obvious.
    Hmm, it wasn't to me. What exactly tipped it off to you?

  13. #13
    Officially An Architect brewbuck's Avatar
    Join Date
    Mar 2007
    Location
    Portland, OR
    Posts
    7,396
    Quote Originally Posted by Yarin View Post
    Hmm, it wasn't to me. What exactly tipped it off to you?
    Instantaneous recognition, the giveaway is that it begins with 'EB 04' which is a short-range branch, contains "CD 80" which is a Linux system call (in this case, eax is set to 1, which means "exit process"), it also has runs of zero bytes in it series of "90 90" which is a NOP sequence, in general it just stinks like code.

    I managed to turn it into an executable and run it, it fills a 256-byte array with the values "0 1 2 3 4 5 ... 255" and then performs some sort of operation on it which produces another set of values. I have not gotten any further. It is DEFINITELY executable code.

    More than likely, it doesn't run precisely on it's own -- the key is those "cmp eax,0x41414141" and "cmp eax,0x42424242" instructions, those comparisons are used to terminate the loop.. The loop terminates right away, but chances are this code needs to be embedded into some larger context to make the right thing happen.

    This function also calls itself recursively, which means it may execute a series of operations on the original sequence of numbers, reducing it gradually to some kind of result. More investigation later.
    Last edited by brewbuck; 12-01-2011 at 06:09 PM.
    Code:
    //try
    //{
    	if (a) do { f( b); } while(1);
    	else   do { f(!b); } while(1);
    //}

  14. #14
    &TH of undefined behavior Fordy's Avatar
    Join Date
    Aug 2001
    Posts
    5,793
    Just to make the point: if anyone cracks it, please don't post the method before the puzzle expires.

  15. #15
    Registered User
    Join Date
    Nov 2011
    Posts
    37
    Quote Originally Posted by Elkvis View Post
    I never really had any aspirations for that sort of thing - although I do find cryptography fascinating - but I always thought it would be cool to be a professional assassin.
    I wish to be the manly version of Nikita, this can be useful..

Popular pages Recent additions subscribe to a feed

Similar Threads

  1. Fancy apps/components
    By Ionsurge in forum C++ Programming
    Replies: 5
    Last Post: 06-27-2003, 09:34 AM
  2. fancy strcpy
    By heat511 in forum C++ Programming
    Replies: 34
    Last Post: 05-01-2002, 04:29 PM
  3. how'd ya'll get them fancy pictures?
    By mithrandir in forum A Brief History of Cprogramming.com
    Replies: 2
    Last Post: 08-28-2001, 08:33 AM