|
Title: [Article]-Daemon - A Contest Revealed Post by: don on December 29, 2008, 11:46:54 PM Although many contributed to this contest and eventual tutorial, it's final form could not have happened without Ryan Linn. He's done some fantastic work as of late, and is well on his way to his own EH-Net column.
Hope you find this educational and fun. Permanent link: [Article]-Daemon - A Contest Revealed (http://www.ethicalhacker.net/content/view/225/8/) Quote Winner Announcement and Full Tutorial (http://www.ethicalhacker.net/images/stories/vitals/news/daemon_duttoncover.jpg) (http://www.ethicalhacker.net/content/view/125/2/) Thanks to all who participated in Daemon: A Contest. Before we get to the winners as well as the tutorial on how to solve the challenge, EH-Net would like to once again thank Daemon author, Daniel Suarez, and all those involved in making this contest happen. It’s amazing how a few crazy ideas can all come together into something fun and educational while at the same time spreading the word of this truly unique work of fiction. What started as a little game to hide a secret message turned into another classic teaching vehicle for EH-Net readers. The image is a twist on the usual steganographic content. Øyvind Østlund and Adam Wardon crafted some C# source code to hide data in an image of the author which is also invisible to the Daemon’s bots. What’s in the message still is up to you to find, but three talented people found the message and took the action it recommended. Because of that, EH-Net members jason, blackazarro and ozpj have won signed, pre-release copies of Daemon, Hard Cover Edition. And now, with the coding expertise of regular EH-Net contributor, Ryan Linn, we will show you how it can be done using a couple tutorial files and all free tools. Please let us know if you find any issues with the sample files or instructions. We're here to help. Don Title: Re: [Article]-Daemon - A Contest Revealed Post by: jason on December 30, 2008, 08:32:57 AM Nice tutorial. Also note that you can shortcut the process considerably by using the decrypt tool here
http://www.tools4noobs.com/online_tools/decrypt/ Title: Re: [Article]-Daemon - A Contest Revealed Post by: nebu10uz on December 30, 2008, 08:52:48 AM In order to solve this challenge I knew based on the author's website and the clues left behind that you needed to code or program (well not necessarily) to decrypt the Daemon's message. However, I'm a busy guy and I didn't have a lot of time on my hands to learn and code in C#, therefore, since I've been coding in Python lately I spoke with my team and we decided to use this language.
Analyzing the decrypted message, we came to realize that the DES encryption was encoded in base64 so we started searching for Python libraries that could help us decrypting the message. Here's a couple of references we found: http://twhiteman.netfirms.com/des.html http://snippets.dzone.com/posts/show/4072 And so we ended up with a few lines of Python code to solve the challenge: Code: import base64 import pyDes import sys key = "Gragg's Key" IV = "\x12\x34\x56\x78\x90\xAB\xCD\xEF" data = open(sys.argv[1], "r") b64Mesg = data.read() desMesg = base64.decodestring(b64Mesg) k = des(key, CBC, IV, pad=None, padmode=None) print "Decypted Daemon Message:\n" Message = k.decrypt(desMesg) print Message It's a dirty script but it worked. This is the reason I love Python, it's easy and there's a whole lot of documentation, tutorials and libraries out there on the Net. Also, not wanting to reinvent the wheel and for a quicker solution, you can go to the website that jason mentioned above. Make sure to add a checkmark on the base64 box and supply the decrypted message and hit the submit button. Title: Re: [Article]-Daemon - A Contest Revealed Post by: nebu10uz on December 30, 2008, 09:48:36 AM Forgot to mention, thanx Don and Dan for an awesome hacking challenge and upcoming book. Can't wait to grab it and compare it with the self published title.
And Ryan, nice write-up on the tutorial. Going to study the perl script and incorporated it to my existing python script. Also, fyi, Daemon's sequel, FreedomTM is coming in 2010 as posted in Daemon's (http://www.thedaemon.com/) website. Title: Re: [Article]-Daemon - A Contest Revealed Post by: jason on December 30, 2008, 10:23:05 AM Also if you use the site that I mentioned above, and you're running noscript, you'll likely run into some odd issues. Contrary to common sense, you need to not let noscript run any of the scripts on the page in order to get more than the first sentence decrypted.
Title: Re: [Article]-Daemon - A Contest Revealed Post by: jason on January 18, 2009, 04:40:04 PM My signed copy arrived in the mail yesterday. Very cool!
Title: Re: [Article]-Daemon - A Contest Revealed Post by: nebu10uz on January 18, 2009, 09:03:29 PM Cool man!! I haven't received mine yet. So I'm still waiting. Anyways, I'm a big fan of the book and last week I went to Borders and purchased a copy to help boost the sell. And besides, I'll leave the signed copy untouch.
Title: Re: [Article]-Daemon - A Contest Revealed Post by: nebu10uz on February 03, 2009, 08:49:51 AM Yes! Just received my signed book. Thanks again. Title: Re: [Article]-Daemon - A Contest Revealed Post by: kurosen1 on March 20, 2009, 01:04:05 PM Sorry to reopen such an old topic, but I just read the book and loved it. I went to find the official site for more info and that's when I found the code. I did some searching and found this site and the tutorial. I tried the tutorial but didn't get any output from the exe I compiled (not even an error message). I then tried using jason's method and got the results in the attachment below. I discovered it was a repeating message and just deleted eveything from (and including) the first |-BEGIN-| to (and including) the first |-END-|
I've also included a zip of the exe I made. Any help would be greatly appreciated as I've been wracking my brains out over this one. Thanks Title: Re: [Article]-Daemon - A Contest Revealed Post by: Hoffmann on June 21, 2010, 09:31:09 AM I know, it's been a while but I'm still so tired and enthusiastic, I have to post my dirty bash solution:
Code: #!/bin/bash SendTo="Hoffmann.P@gmx.net" MessageFile=".lastMessageFromDanielSuarez" lastMessageFromDanielSuarez=$(cat $MessageFile 2>/dev/null || echo 0); thisMessage=$(lynx -dump -width 110 http://thedaemon.com/aboutauthor.html | grep -v ^$ | grep SetRegexFlagToSearchWhenDateChangedFromValue | cut -d '~' -f 2 | date -d - +%s) test $thisMessage -gt $lastMessageFromDanielSuarez && lynx -dump -width 110 http://thedaemon.com/aboutauthor.html | grep -v ^$ | grep -m1 -A1000 SetRegexFlagToSearchWhenDateChangedFromValue | tr -d '\n ' | cut -d '|' -f 3 | base64 -d | openssl des-cbc -d -K $(echo -n "$Gregg's Key$" | hexdump -e '1/1 "%x"') -iv '1234567890abcdef' -nosalt | mail -a "Content-Type: text/plain; charset=utf-8" -s "New Message from Daniel Suarez" $SendTo && echo $thisMessage > $MessageFile
Powered by SMF 1.1.16 |
SMF © 2011, Simple Machines
Joomla Bridge by JoomlaHacks.com |