mirror of https://github.com/dirtbags/moth.git
Merge remote branch 'fozzie/master'
This commit is contained in:
commit
309b8572f2
2
Makefile
2
Makefile
|
@ -19,4 +19,4 @@ clean: packages-clean
|
|||
scrub: clean
|
||||
rm -rf $(CACHE)
|
||||
|
||||
include packages/packages.mk
|
||||
-include */*.mk
|
||||
|
|
|
@ -11,48 +11,61 @@ There are 5 tokens hidden in this message. Can you find them all?
|
|||
--eJwryC8uSS0qtqpIzc1P1i3OT86vAABObgfA
|
||||
Content-type: text/plain; charset=UTF-8
|
||||
|
||||
Are you ready for CTF?
|
||||
CTF starts TOMORROW! Do you have sufficient stores of Mountain Dew?
|
||||
|
||||
The teams are in and it looks like this year's CTF is going to be about
|
||||
double the size of last year. I've posted teams at
|
||||
<http://dirtbags.net/ctf>.
|
||||
This is CMU's first ever CTF, so please be ready for a couple of
|
||||
hiccups. Likewise, we expect you to be totally lost for a while, as you
|
||||
get your bearings. While we tried to cover everything in the
|
||||
registration web page, here are some points worth repeating:
|
||||
|
||||
If you came last year, there are some changes in store for you. I've
|
||||
done away with the weird boxes at each table, so there's no need to
|
||||
bring a monitor or keyboard. What you really need to be a sysadmin this
|
||||
year is netcat and nmap. We will *not* provide an Internet connection,
|
||||
so figure out now how you're going to get onto the Internet (you will
|
||||
need it).
|
||||
Your machine really ought to have netcat and nmap, and whatever
|
||||
programming language(s) you prefer. An Ubuntu live CD has, at past
|
||||
contests, not been sufficient. It's also a good idea to make sure your
|
||||
computer works before you show up. Time is precious, don't spend yours
|
||||
installing an operating system.
|
||||
|
||||
We will have a switch at each table with gobs of ports, but you should
|
||||
bring your own network cable. We will *not* provide an Internet
|
||||
connection, so figure out now how you're going to get onto the Internet
|
||||
(you will need it).
|
||||
|
||||
If you have any questions, or would just like to hang out and shoot the
|
||||
breeze, feel free to hop on IRC (server woozle.org, channel #ctf).
|
||||
|
||||
I hope you all have as much fun playing this as I've had building it!
|
||||
We hope you have as much fun playing this as we're going to have
|
||||
watching you work!
|
||||
|
||||
zephyr
|
||||
The Dirtbags
|
||||
|
||||
PS: are you aware of how much data can be hidden in a single email?
|
||||
--eJwryC8uSS0qtqpIzc1P1i3OT86vAABObgfA
|
||||
Content-type: text/html; charset=UTF-8
|
||||
|
||||
<p>Are you ready for CTF?</p>
|
||||
<p>CTF starts TOMORROW! Do you have sufficient stores of Mountain Dew?</p>
|
||||
|
||||
<p>The teams are in and it looks like this year's CTF is going to be
|
||||
about double the size of last year. I've posted teams at
|
||||
<a href="http://dirtbags.net/ctf" class="posters">http://dirtbags.net/ctf</a>.</p>
|
||||
<p>This is CMU's first ever CTF, so please be ready for a couple of
|
||||
hiccups. Likewise, we expect you to be totally lost for a while, as you
|
||||
get your bearings. While we tried to cover everything in the
|
||||
registration web page, here are some points worth repeating:</p>
|
||||
|
||||
<p>If you came last year, there are some changes in store for you. I've
|
||||
done away with the weird boxes at each table, so there's no need to
|
||||
bring a monitor or keyboard. What you really need to be a sysadmin this
|
||||
year is netcat and nmap. We will <i class="xalep">not</i> provide an
|
||||
Internet connection, so figure out now how you're going to get onto the
|
||||
Internet (you will need it).</p>
|
||||
<p>Your machine really ought to have netcat and nmap, and whatever
|
||||
programming language(s) you prefer. An Ubuntu live CD has, at past
|
||||
contests, not been sufficient. It's also a good idea to make sure your
|
||||
computer works before you show up. Time is precious, don't spend yours
|
||||
installing an operating system.</p>
|
||||
|
||||
<p>If you have any questions, or would just like to hang out and shoot
|
||||
the breeze, feel free to
|
||||
<a href="irc://woozle.org/ctf" class="mikex">hop on IRC (server woozle.org, channel #ctf)</a>.</p>
|
||||
<p>We will have a switch at each table with gobs of ports, but you should
|
||||
bring your own network cable. We will *not* provide an Internet
|
||||
connection, so figure out now how you're going to get onto the Internet
|
||||
(you will need it).</p>
|
||||
|
||||
<p>I hope you all have as much fun playing this as I've had building it!</p>
|
||||
<p>If you have any questions, or would just like to hang out and shoot the
|
||||
breeze, feel free to hop on IRC (server woozle.org, channel #ctf).</p>
|
||||
|
||||
<p>zephyr</p>
|
||||
<p>We hope you have as much fun playing this as we're going to have
|
||||
watching you work!</p>
|
||||
|
||||
<p><a href="http://dirtbags.net/#have_you_examined_the_email_closely?">The Dirtbags</a></p>
|
||||
--eJwryC8uSS0qtqpIzc1P1i3OT86vAABObgfA--
|
||||
|
||||
cbfgref:krzbp-fbpbk
|
||||
|
|
|
@ -0,0 +1,71 @@
|
|||
From: The Dirtbags <zephyr@dirtbags.net>
|
||||
To: RECIP
|
||||
Subject: WIN BIG AT CAPTURE THE FLAG!!!
|
||||
Message-ID: <cG9zdGVyczp4YW5hZC1wb2xveA==@dirtbags.net>
|
||||
MIME-Version: 1.0
|
||||
Content-type: multipart/alternative; boundary=eJwryC8uSS0qtqpIzc1P1i3OT86vAABObgfA
|
||||
X-Face: '8$#2%$m/.;29z5"5"/
|
||||
|
||||
There are 5 tokens hidden in this message. Can you find them all?
|
||||
|
||||
--eJwryC8uSS0qtqpIzc1P1i3OT86vAABObgfA
|
||||
Content-type: text/plain; charset=UTF-8
|
||||
|
||||
CTF starts TOMORROW! Do you have sufficient stores of Mountain Dew?
|
||||
|
||||
This is CMU's first ever CTF, so please be ready for a couple of
|
||||
hiccups. Likewise, we expect you to be totally lost for a while, as you
|
||||
get your bearings. While we tried to cover everything in the
|
||||
registration web page, here are some points worth repeating:
|
||||
|
||||
Your machine really ought to have netcat and nmap, and whatever
|
||||
programming language(s) you prefer. An Ubuntu live CD has, at past
|
||||
contests, not been sufficient. It's also a good idea to make sure your
|
||||
computer works before you show up. Time is precious, don't spend yours
|
||||
installing an operating system.
|
||||
|
||||
We will have a switch at each table with gobs of ports, but you should
|
||||
bring your own network cable. We will *not* provide an Internet
|
||||
connection, so figure out now how you're going to get onto the Internet
|
||||
(you will need it).
|
||||
|
||||
If you have any questions, or would just like to hang out and shoot the
|
||||
breeze, feel free to hop on IRC (server woozle.org, channel #ctf).
|
||||
|
||||
We hope you have as much fun playing this as we're going to have
|
||||
watching you work!
|
||||
|
||||
The Dirtbags
|
||||
|
||||
PS: are you aware of how much data can be hidden in a single email?
|
||||
--eJwryC8uSS0qtqpIzc1P1i3OT86vAABObgfA
|
||||
Content-type: text/html; charset=UTF-8
|
||||
|
||||
<p>CTF starts TOMORROW! Do you have sufficient stores of Mountain Dew?</p>
|
||||
|
||||
<p>This is CMU's first ever CTF, so please be ready for a couple of
|
||||
hiccups. Likewise, we expect you to be totally lost for a while, as you
|
||||
get your bearings. While we tried to cover everything in the
|
||||
registration web page, here are some points worth repeating:</p>
|
||||
|
||||
<p>Your machine really ought to have netcat and nmap, and whatever
|
||||
programming language(s) you prefer. An Ubuntu live CD has, at past
|
||||
contests, not been sufficient. It's also a good idea to make sure your
|
||||
computer works before you show up. Time is precious, don't spend yours
|
||||
installing an operating system.</p>
|
||||
|
||||
<p>We will have a switch at each table with gobs of ports, but you should
|
||||
bring your own network cable. We will *not* provide an Internet
|
||||
connection, so figure out now how you're going to get onto the Internet
|
||||
(you will need it).</p>
|
||||
|
||||
<p>If you have any questions, or would just like to hang out and shoot the
|
||||
breeze, feel free to hop on IRC (server woozle.org, channel #ctf).</p>
|
||||
|
||||
<p>We hope you have as much fun playing this as we're going to have
|
||||
watching you work!</p>
|
||||
|
||||
<p><a href="http://dirtbags.net/#have_you_examined_the_email_closely?">The Dirtbags</a></p>
|
||||
--eJwryC8uSS0qtqpIzc1P1i3OT86vAABObgfA--
|
||||
|
||||
cbfgref:krzbp-fbpbk
|
Binary file not shown.
After Width: | Height: | Size: 81 KiB |
Binary file not shown.
Binary file not shown.
After Width: | Height: | Size: 81 KiB |
Binary file not shown.
|
@ -0,0 +1,19 @@
|
|||
char *t = (
|
||||
"Thank you for helping make Capture The Flag a success! We couldn't"
|
||||
"have done it without you."
|
||||
|
||||
"As our way of saying thank you, we humbly offer this image"
|
||||
"proclaiming you to be a cool person. Please feel free to print"
|
||||
"off a copy of this image and post it in your window, over your"
|
||||
"pannier, on your forehead, or wherever else you feel is appropriate."
|
||||
|
||||
"Sincerely,"
|
||||
|
||||
" The Dirtbags"
|
||||
);
|
||||
|
||||
#include <stdio.h>
|
||||
int main(){char*p=t;while(1){int
|
||||
c=getchar();if(EOF==c)break;
|
||||
putchar(c^*p);if(!*++p)p=t;}return
|
||||
0;}
|
Binary file not shown.
After Width: | Height: | Size: 81 KiB |
|
@ -0,0 +1,371 @@
|
|||
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
|
||||
<!-- Created with Inkscape (http://www.inkscape.org/) -->
|
||||
<svg
|
||||
xmlns:dc="http://purl.org/dc/elements/1.1/"
|
||||
xmlns:cc="http://creativecommons.org/ns#"
|
||||
xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
|
||||
xmlns:svg="http://www.w3.org/2000/svg"
|
||||
xmlns="http://www.w3.org/2000/svg"
|
||||
xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
|
||||
xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
|
||||
width="765"
|
||||
height="990"
|
||||
id="svg6189"
|
||||
sodipodi:version="0.32"
|
||||
inkscape:version="0.46"
|
||||
sodipodi:docname="thanks.svg"
|
||||
inkscape:output_extension="org.inkscape.output.svg.inkscape"
|
||||
version="1.0"
|
||||
inkscape:export-filename="/home/neale/src/ctf/doc/2011-01-CMU/thanks.png"
|
||||
inkscape:export-xdpi="150.14934"
|
||||
inkscape:export-ydpi="150.14934">
|
||||
<defs
|
||||
id="defs6191">
|
||||
<inkscape:perspective
|
||||
sodipodi:type="inkscape:persp3d"
|
||||
inkscape:vp_x="0 : 526.18109 : 1"
|
||||
inkscape:vp_y="0 : 1000 : 0"
|
||||
inkscape:vp_z="744.09448 : 526.18109 : 1"
|
||||
inkscape:persp3d-origin="372.04724 : 350.78739 : 1"
|
||||
id="perspective6197" />
|
||||
</defs>
|
||||
<sodipodi:namedview
|
||||
id="base"
|
||||
pagecolor="#ffffff"
|
||||
bordercolor="#666666"
|
||||
borderopacity="1.0"
|
||||
gridtolerance="10000"
|
||||
guidetolerance="10"
|
||||
objecttolerance="10"
|
||||
inkscape:pageopacity="1"
|
||||
inkscape:pageshadow="2"
|
||||
inkscape:zoom="0.98994949"
|
||||
inkscape:cx="422.51351"
|
||||
inkscape:cy="616.26542"
|
||||
inkscape:document-units="px"
|
||||
inkscape:current-layer="layer1"
|
||||
showgrid="false"
|
||||
inkscape:window-width="700"
|
||||
inkscape:window-height="1006"
|
||||
inkscape:window-x="0"
|
||||
inkscape:window-y="14"
|
||||
inkscape:window-maximized="0" />
|
||||
<metadata
|
||||
id="metadata6194">
|
||||
<rdf:RDF>
|
||||
<cc:Work
|
||||
rdf:about="">
|
||||
<dc:format>image/svg+xml</dc:format>
|
||||
<dc:type
|
||||
rdf:resource="http://purl.org/dc/dcmitype/StillImage" />
|
||||
</cc:Work>
|
||||
</rdf:RDF>
|
||||
</metadata>
|
||||
<g
|
||||
inkscape:label="Layer 1"
|
||||
inkscape:groupmode="layer"
|
||||
id="layer1">
|
||||
<text
|
||||
xml:space="preserve"
|
||||
style="font-size:20px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:start;line-height:125%;writing-mode:lr-tb;text-anchor:start;fill:#000000;fill-opacity:1;stroke:none;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;font-family:Nimbus Mono L;-inkscape-font-specification:Nimbus Mono L"
|
||||
x="180.31223"
|
||||
y="241.71477"
|
||||
id="text6815"
|
||||
sodipodi:linespacing="125%"><tspan
|
||||
sodipodi:role="line"
|
||||
id="tspan6817"
|
||||
x="180.31223"
|
||||
y="241.71477" /></text>
|
||||
<text
|
||||
xml:space="preserve"
|
||||
style="font-size:40px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:start;line-height:100%;writing-mode:lr-tb;text-anchor:start;fill:#000000;fill-opacity:1;stroke:none;font-family:URW Gothic L;-inkscape-font-specification:URW Gothic L"
|
||||
x="166.99641"
|
||||
y="77.913406"
|
||||
id="text2833"
|
||||
sodipodi:linespacing="100%"><tspan
|
||||
sodipodi:role="line"
|
||||
id="tspan2835"
|
||||
x="166.99641"
|
||||
y="77.913406">Capture the Flag 2011</tspan></text>
|
||||
<text
|
||||
xml:space="preserve"
|
||||
style="font-size:20px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:start;line-height:125%;writing-mode:lr-tb;text-anchor:start;fill:#000000;fill-opacity:1;stroke:none;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;font-family:Nimbus Mono L;-inkscape-font-specification:Nimbus Mono L"
|
||||
x="501.03568"
|
||||
y="132.38049"
|
||||
id="text2533"
|
||||
sodipodi:linespacing="125%"><tspan
|
||||
sodipodi:role="line"
|
||||
x="501.03568"
|
||||
y="132.38049"
|
||||
id="tspan2537" /></text>
|
||||
<text
|
||||
sodipodi:linespacing="125%"
|
||||
id="text2545"
|
||||
y="114.27893"
|
||||
x="368.68829"
|
||||
style="font-size:20px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:start;line-height:125%;writing-mode:lr-tb;text-anchor:start;fill:#000000;fill-opacity:1;stroke:none;font-family:URW Gothic L;-inkscape-font-specification:URW Gothic L"
|
||||
xml:space="preserve"><tspan
|
||||
y="114.27893"
|
||||
x="368.68829"
|
||||
sodipodi:role="line"
|
||||
id="tspan2553">at</tspan></text>
|
||||
<g
|
||||
id="g7134"
|
||||
transform="matrix(-1,0,0,1,251.1405,-389.69456)">
|
||||
<path
|
||||
style="fill:#f1e06b;fill-opacity:1;stroke:none"
|
||||
d="m 137.85847,492.90822 c 0,3.4517 0.37818,26.7723 1.09535,30.00926 1.76377,8.88016 7.47321,13.99286 16.04706,15.93879 3.98502,0.74326 8.51783,-15.55472 13.43722,-15.64555 4.91939,-0.0908 10.22535,16.0255 15.75668,16.0255 5.55727,0 10.88704,-16.12546 15.82585,-16.0506 4.9388,0.0749 9.48664,16.35005 13.48001,15.57939 9.04184,-1.50027 13.76948,-7.68418 15.99884,-16.13965 0.67582,-3.14707 1.03162,-26.36915 1.03162,-29.71714 0,-25.57306 -20.75867,-46.328 -46.33632,-46.328 -25.57764,0 -46.33631,20.75494 -46.33631,46.328 z"
|
||||
id="path4877"
|
||||
sodipodi:nodetypes="cccsssccssc"
|
||||
inkscape:connector-curvature="0" />
|
||||
<path
|
||||
style="fill:#ececec;fill-opacity:1;stroke:none"
|
||||
d="m 230.72045,434.68054 -7.07106,-9.19239 0,37.47666 7.07106,0 0,-28.28427 z"
|
||||
id="path4879"
|
||||
sodipodi:nodetypes="ccccc"
|
||||
inkscape:connector-curvature="0" />
|
||||
<path
|
||||
style="fill:#00003f;fill-opacity:1;stroke:none"
|
||||
d="m 232.29339,460.559 -9.25,0 0,57.75 9.25,-3.50001 0,-54.24999 z"
|
||||
id="path4881"
|
||||
sodipodi:nodetypes="ccccc"
|
||||
inkscape:connector-curvature="0" />
|
||||
<path
|
||||
style="fill:#2b1100;fill-opacity:1;stroke:none"
|
||||
d="m 184.18776,446.57997 c 25.57765,0 46.34376,20.7661 46.34375,46.34375 0,3.34859 -0.35543,26.57111 -1.03125,29.71875 -2.22935,8.457 -6.95816,14.62446 -16,16.125 -3.99338,0.77079 -8.56119,-15.48763 -13.5,-15.5625 -4.93881,-0.0749 -10.25524,16.03125 -15.8125,16.03125 -5.53133,0 -10.83062,-16.12209 -15.75,-16.03125 -4.91938,0.0909 -9.45248,16.39964 -13.4375,15.65625 -8.57385,-1.94628 -14.29873,-7.05576 -16.0625,-15.9375 -0.71716,-3.23754 -1.09374,-26.54769 -1.09375,-30 0,-25.57765 20.7661,-46.34374 46.34375,-46.34375 z m -26.5,24.0625 c -8.39444,-10e-6 -18.05691,4.89815 -18.17896,11.91762 -0.1329,7.51837 9.53454,14.26988 17.92896,14.26988 5.93958,10e-6 11.30965,-3.1877 13.8125,-8.15625 2.2337,5.62139 7.46096,9.34375 13.875,9.34375 8.39442,-10e-6 30.84979,-8.1589 30.5766,-14.53977 -0.18827,-4.3975 -21.93218,-11.61648 -30.3266,-11.61648 -5.94605,0 -12.06269,3.92892 -14.5625,8.90625 -2.23266,-5.62356 -6.7094,-10.125 -13.125,-10.125 z"
|
||||
id="path4883"
|
||||
sodipodi:nodetypes="csccsssccsccsscssscc"
|
||||
inkscape:connector-curvature="0" />
|
||||
<path
|
||||
style="fill:#ff0000;fill-rule:evenodd;stroke:none"
|
||||
d="m 240.04339,480.05901 c 0,0 -10.25,-16 -11.25,-9.5 -1,6.5 8,7.5 11.25,9.5 z"
|
||||
id="path4885"
|
||||
inkscape:connector-curvature="0" />
|
||||
<path
|
||||
id="path4887"
|
||||
d="m 244.20661,472.0655 c 0,0 -18.96174,-1.23088 -13.75664,-5.25046 5.2051,-4.01957 10.43404,3.37354 13.75664,5.25046 z"
|
||||
style="fill:#ff0000;fill-rule:evenodd;stroke:none"
|
||||
inkscape:connector-curvature="0" />
|
||||
<path
|
||||
sodipodi:type="arc"
|
||||
style="fill:#ffffff;fill-opacity:1;stroke:none"
|
||||
id="path4889"
|
||||
sodipodi:cx="239.5"
|
||||
sodipodi:cy="417.86218"
|
||||
sodipodi:rx="15.5"
|
||||
sodipodi:ry="15.5"
|
||||
d="m 255,417.86218 c 0,8.56042 -6.93959,15.5 -15.5,15.5 -8.56041,0 -15.5,-6.93958 -15.5,-15.5 0,-8.56041 6.93959,-15.5 15.5,-15.5 8.56041,0 15.5,6.93959 15.5,15.5 z"
|
||||
transform="matrix(-0.7128664,0,0,0.7128664,326.76806,186.37608)" />
|
||||
<path
|
||||
sodipodi:type="arc"
|
||||
style="fill:#000000;fill-opacity:1;stroke:none"
|
||||
id="path4891"
|
||||
sodipodi:cx="239.5"
|
||||
sodipodi:cy="417.86218"
|
||||
sodipodi:rx="15.5"
|
||||
sodipodi:ry="15.5"
|
||||
d="m 255,417.86218 c 0,8.56042 -6.93959,15.5 -15.5,15.5 -8.56041,0 -15.5,-6.93958 -15.5,-15.5 0,-8.56041 6.93959,-15.5 15.5,-15.5 8.56041,0 15.5,6.93959 15.5,15.5 z"
|
||||
transform="matrix(-0.4369181,0,0,0.4369181,257.11412,302.3973)" />
|
||||
<path
|
||||
transform="matrix(-0.7128664,0,0,0.7128664,355.28271,186.37608)"
|
||||
d="m 255,417.86218 c 0,8.56042 -6.93959,15.5 -15.5,15.5 -8.56041,0 -15.5,-6.93958 -15.5,-15.5 0,-8.56041 6.93959,-15.5 15.5,-15.5 8.56041,0 15.5,6.93959 15.5,15.5 z"
|
||||
sodipodi:ry="15.5"
|
||||
sodipodi:rx="15.5"
|
||||
sodipodi:cy="417.86218"
|
||||
sodipodi:cx="239.5"
|
||||
id="path4893"
|
||||
style="fill:#ffffff;fill-opacity:1;stroke:none"
|
||||
sodipodi:type="arc" />
|
||||
<path
|
||||
transform="matrix(-0.4369181,0,0,0.4369181,285.62877,302.3973)"
|
||||
d="m 255,417.86218 c 0,8.56042 -6.93959,15.5 -15.5,15.5 -8.56041,0 -15.5,-6.93958 -15.5,-15.5 0,-8.56041 6.93959,-15.5 15.5,-15.5 8.56041,0 15.5,6.93959 15.5,15.5 z"
|
||||
sodipodi:ry="15.5"
|
||||
sodipodi:rx="15.5"
|
||||
sodipodi:cy="417.86218"
|
||||
sodipodi:cx="239.5"
|
||||
id="path4895"
|
||||
style="fill:#000000;fill-opacity:1;stroke:none"
|
||||
sodipodi:type="arc" />
|
||||
<path
|
||||
sodipodi:type="star"
|
||||
style="fill:#999999;fill-opacity:1;stroke:none"
|
||||
id="path4897"
|
||||
sodipodi:sides="4"
|
||||
sodipodi:cx="458"
|
||||
sodipodi:cy="437.5"
|
||||
sodipodi:r1="7.3527207"
|
||||
sodipodi:r2="2.9098985"
|
||||
sodipodi:arg1="0.95449939"
|
||||
sodipodi:arg2="1.1053447"
|
||||
inkscape:flatsided="false"
|
||||
inkscape:rounded="0"
|
||||
inkscape:randomized="0"
|
||||
d="M 462.25,443.5 459.30604,440.10034 452,441.75 455.39966,438.80604 453.75,431.5 456.69396,434.89966 464,433.25 l -3.39966,2.94396 z"
|
||||
transform="matrix(-1.3125,0,0,1.3125,744.79339,-67.03474)" />
|
||||
<path
|
||||
transform="matrix(-1.3125,0,0,1.3125,759.04339,-63.28474)"
|
||||
d="M 462.25,443.5 459.30604,440.10034 452,441.75 455.39966,438.80604 453.75,431.5 456.69396,434.89966 464,433.25 l -3.39966,2.94396 z"
|
||||
inkscape:randomized="0"
|
||||
inkscape:rounded="0"
|
||||
inkscape:flatsided="false"
|
||||
sodipodi:arg2="1.1053447"
|
||||
sodipodi:arg1="0.95449939"
|
||||
sodipodi:r2="2.9098985"
|
||||
sodipodi:r1="7.3527207"
|
||||
sodipodi:cy="437.5"
|
||||
sodipodi:cx="458"
|
||||
sodipodi:sides="4"
|
||||
id="path4899"
|
||||
style="fill:#999999;fill-opacity:1;stroke:none"
|
||||
sodipodi:type="star" />
|
||||
<path
|
||||
style="fill:#ff0000;fill-opacity:1;stroke:none"
|
||||
d="m 223.29339,463.559 -78,0 c -3.17046,0.93258 -2.20659,2.69202 -2.25,4.25001 l 83.25,0 c 0.40565,-2.11949 -0.74064,-3.46302 -3,-4.25001 z"
|
||||
id="path4901"
|
||||
sodipodi:nodetypes="ccccc"
|
||||
inkscape:connector-curvature="0" />
|
||||
<path
|
||||
sodipodi:type="arc"
|
||||
style="fill:#ff0000;fill-opacity:1;stroke:none"
|
||||
id="path4903"
|
||||
sodipodi:cx="393.125"
|
||||
sodipodi:cy="404.125"
|
||||
sodipodi:rx="3.625"
|
||||
sodipodi:ry="3.625"
|
||||
d="m 396.75,404.125 c 0,2.00203 -1.62297,3.625 -3.625,3.625 -2.00203,0 -3.625,-1.62297 -3.625,-3.625 0,-2.00203 1.62297,-3.625 3.625,-3.625 2.00203,0 3.625,1.62297 3.625,3.625 z"
|
||||
transform="matrix(-1,0,0,1,621.04339,64.05901)" />
|
||||
</g>
|
||||
<g
|
||||
style="display:inline"
|
||||
id="g4943"
|
||||
transform="matrix(-1,0,0,1,843.8505,-582.82052)">
|
||||
<path
|
||||
style="fill:#c87137;fill-opacity:1;stroke:none"
|
||||
d="m 201.92989,686.02586 c 0,3.45232 -0.37818,26.77711 -1.09535,30.01465 -1.76377,8.88175 -7.47321,13.99537 -16.04706,15.94165 -3.98502,0.7434 -8.51783,-15.55751 -13.43722,-15.64836 -4.91939,-0.0909 -10.22535,16.02838 -15.75668,16.02838 -5.55727,0 -10.88704,-16.12835 -15.82585,-16.05348 -4.9388,0.0749 -9.48664,16.35298 -13.48001,15.58219 -9.04184,-1.50054 -13.76948,-7.68556 -15.99884,-16.14255 -0.67582,-3.14764 -1.03162,-26.37389 -1.03162,-29.72248 0,-25.57764 20.75867,-46.33631 46.33632,-46.33631 25.57764,0 46.33631,20.75867 46.33631,46.33631 z"
|
||||
id="path4984"
|
||||
sodipodi:nodetypes="cccsssccssc"
|
||||
inkscape:connector-curvature="0" />
|
||||
<path
|
||||
sodipodi:type="arc"
|
||||
style="fill:#ffffff;fill-opacity:1;stroke:none"
|
||||
id="path4990"
|
||||
sodipodi:cx="239.5"
|
||||
sodipodi:cy="417.86218"
|
||||
sodipodi:rx="15.5"
|
||||
sodipodi:ry="15.5"
|
||||
d="m 255,417.86218 c 0,8.56042 -6.93959,15.5 -15.5,15.5 -8.56041,0 -15.5,-6.93958 -15.5,-15.5 0,-8.56041 6.93959,-15.5 15.5,-15.5 8.56041,0 15.5,6.93959 15.5,15.5 z"
|
||||
transform="matrix(0.7128664,0,0,0.7128664,13.0203,379.94798)" />
|
||||
<path
|
||||
sodipodi:type="arc"
|
||||
style="fill:#000000;fill-opacity:1;stroke:none"
|
||||
id="path4994"
|
||||
sodipodi:cx="239.5"
|
||||
sodipodi:cy="417.86218"
|
||||
sodipodi:rx="15.5"
|
||||
sodipodi:ry="15.5"
|
||||
d="m 255,417.86218 c 0,8.56042 -6.93959,15.5 -15.5,15.5 -8.56041,0 -15.5,-6.93958 -15.5,-15.5 0,-8.56041 6.93959,-15.5 15.5,-15.5 8.56041,0 15.5,6.93959 15.5,15.5 z"
|
||||
transform="matrix(0.4369181,0,0,0.4369181,82.67424,495.9692)" />
|
||||
<path
|
||||
sodipodi:nodetypes="ccccc"
|
||||
id="path5016"
|
||||
d="m 108.94063,703.44381 c 36.73049,-13.59995 57.10773,-33.92799 77.78175,-53.03301 1.34475,0.59979 2.58937,1.29971 3.0052,2.82842 -17.38021,17.73274 -33.8719,35.40994 -80.61017,54.97756 -0.88087,-1.59099 -1.17527,-3.18198 -0.17678,-4.77297 z"
|
||||
style="fill:#000000;fill-rule:evenodd;stroke:none"
|
||||
inkscape:connector-curvature="0" />
|
||||
<path
|
||||
transform="matrix(0.7128664,0,0,0.7128664,-15.49436,379.94799)"
|
||||
d="m 255,417.86218 c 0,8.56042 -6.93959,15.5 -15.5,15.5 -8.56041,0 -15.5,-6.93958 -15.5,-15.5 0,-8.56041 6.93959,-15.5 15.5,-15.5 8.56041,0 15.5,6.93959 15.5,15.5 z"
|
||||
sodipodi:ry="15.5"
|
||||
sodipodi:rx="15.5"
|
||||
sodipodi:cy="417.86218"
|
||||
sodipodi:cx="239.5"
|
||||
id="path4998"
|
||||
style="fill:#000000;fill-opacity:1;stroke:none"
|
||||
sodipodi:type="arc" />
|
||||
<path
|
||||
sodipodi:nodetypes="ccc"
|
||||
id="path5113"
|
||||
d="m 106.72549,679.42961 c 22.22463,1.2651 46.14752,-16.22323 73.25,-35.25 -36.70369,-24.71655 -71.84396,3.72381 -73.25,35.25 z"
|
||||
style="fill:#ff0000;fill-rule:evenodd;stroke:none"
|
||||
inkscape:connector-curvature="0" />
|
||||
<path
|
||||
style="fill:#ffffff;fill-opacity:1;stroke:none"
|
||||
d="m 156.816,637.60365 c -0.87698,0.52431 -0.38045,1.56698 0.70794,2.29091 0.22072,0.0113 0.42813,-0.0591 0.61955,-0.12649 -0.12119,0.51926 -0.0245,0.65733 -0.12589,1.34469 0.69038,-0.28011 1.03335,-0.38346 1.65877,-0.447 -0.0242,-0.44056 0.0747,-0.41629 0.0295,-0.77857 0.17059,0.0734 0.34244,0.1002 0.54309,0.11053 1.99911,-0.25925 1.80233,-1.94029 0.10992,-2.50733 -0.5253,-0.0271 -0.95276,0.17838 -1.22711,0.53081 -0.42218,-0.32817 -0.97252,-0.47515 -1.46596,-0.68525 -0.35763,0.0559 -0.64742,0.14672 -0.84979,0.2677 z m -6.14725,5.73487 c -0.37399,0.21336 -0.69744,0.65885 -0.89555,1.27806 0.0182,0.52568 0.2623,0.95061 0.63703,1.19365 -0.29405,0.45994 -0.41123,0.99537 -0.55968,1.5157 0.42758,1.94583 2.12459,1.62368 2.55185,-0.0758 -0.008,-0.2209 -0.0659,-0.42051 -0.14951,-0.60541 0.26979,0.0389 0.25994,0.0294 0.57502,0.0592 -0.0109,-0.58848 -0.0116,-1.01099 0.40065,-1.67165 -0.58739,0.0798 -0.58026,-0.0318 -1.03706,0.0657 0.0584,-0.1763 0.12638,-0.37945 0.11943,-0.58023 -0.28847,-1.24498 -1.01886,-1.53481 -1.64218,-1.17923 z m 5.76684,-1.03366 c -2.52622,1.5494 -3.88115,3.95319 -3.01454,5.36616 0.62902,1.02559 2.26554,1.2489 4.07428,0.70154 0.0731,0.13714 0.13365,0.26957 0.21706,0.40556 1.26052,2.05524 3.22705,3.15408 4.38313,2.44503 1.15607,-0.70903 1.06807,-2.96003 -0.19247,-5.01527 -0.10188,-0.1661 -0.20935,-0.31634 -0.31958,-0.46941 1.13505,-1.29811 1.59166,-2.72631 1.00178,-3.68808 -0.8666,-1.41298 -3.62344,-1.29493 -6.14966,0.25447 z m 2.52175,1.11507 c 0.36859,-0.22607 0.84489,-0.12071 1.06316,0.23517 0.21828,0.35588 0.0963,0.8282 -0.27232,1.05426 -0.36859,0.22607 -0.84489,0.12071 -1.06316,-0.23517 -0.21828,-0.35589 -0.0963,-0.82819 0.27232,-1.05426 z m -2.36335,1.82974 c 0.36858,-0.22606 0.84489,-0.12071 1.06316,0.23518 0.21827,0.35588 0.0963,0.82819 -0.27232,1.05426 -0.3686,0.22607 -0.84489,0.12071 -1.06317,-0.23517 -0.21828,-0.35589 -0.0963,-0.8282 0.27233,-1.05427 z m 8.25513,-2.40136 c -0.37398,0.21337 -0.72046,0.67299 -0.91858,1.29219 0.008,0.23888 0.0674,0.43261 0.16364,0.62845 -0.47373,-0.0824 -0.60782,-0.13149 -1.25259,-0.18237 -0.20698,0.39334 -0.36966,0.68123 -0.70766,1.06777 0.20762,0.23027 0.23261,0.48259 0.39173,0.74203 0.99043,-0.137 1.38437,-0.18922 1.9931,-0.36685 -0.18607,0.2624 -0.32734,0.61974 -0.31469,0.98519 0.44276,1.92192 2.13171,1.64662 2.55185,-0.0758 -0.0257,-0.74255 -0.52143,-1.34903 -1.15342,-1.41563 0.57363,-0.34962 0.65866,-0.85655 0.86577,-1.48161 -0.28848,-1.24496 -0.99582,-1.54892 -1.61915,-1.19335 z m -7.59356,6.11494 c -0.29825,0.95526 0.24993,1.96301 0.41475,3.10446 -0.24544,-0.20794 -0.58808,-0.34716 -0.95326,-0.36597 -1.977,0.27045 -1.753,1.96099 -0.0958,2.53036 0.74201,0.0382 1.35143,-0.43739 1.4721,-1.06132 0.31689,0.6031 0.80868,0.76707 1.42298,1.02849 1.99911,-0.25928 1.81122,-1.97744 0.11883,-2.54448 -0.2387,-0.0123 -0.46742,0.0155 -0.67082,0.0946 0.0921,-0.34839 -0.0156,-0.47975 0.0651,-0.92717 -0.54877,-0.4473 -0.72766,-0.72142 -1.16754,-1.43864 -0.0834,-0.13598 -0.53324,-0.28316 -0.60634,-0.42029 z m 1.72353,0.0203 2.48678,-1.5252 0.33893,0.55261 -2.48677,1.5252 -0.33894,-0.55261 z"
|
||||
id="path2901"
|
||||
inkscape:connector-curvature="0" />
|
||||
<path
|
||||
sodipodi:nodetypes="csc"
|
||||
id="path5119"
|
||||
d="m 83.78439,674.18891 c 0,0 23.48188,-6.45517 19.95191,5.47353 -2.14258,7.24037 -17.77342,-3.3647 -19.95191,-5.47353 z"
|
||||
style="fill:#ff0000;fill-rule:evenodd;stroke:none"
|
||||
inkscape:connector-curvature="0" />
|
||||
<path
|
||||
style="fill:#ff0000;fill-rule:evenodd;stroke:none"
|
||||
d="m 86.84178,697.26453 c 0,0 15.95112,-23.66444 21.78836,-10.63431 3.54304,7.90892 -18.27368,10.77951 -21.78836,10.63431 z"
|
||||
id="path5121"
|
||||
sodipodi:nodetypes="csc"
|
||||
inkscape:connector-curvature="0" />
|
||||
<path
|
||||
transform="matrix(1.4125247,0,0,1.4125247,-112.90968,268.08805)"
|
||||
d="m 158.5,292 c 0,2.20914 -1.79086,4 -4,4 -2.20914,0 -4,-1.79086 -4,-4 0,-2.20914 1.79086,-4 4,-4 2.20914,0 4,1.79086 4,4 z"
|
||||
sodipodi:ry="4"
|
||||
sodipodi:rx="4"
|
||||
sodipodi:cy="292"
|
||||
sodipodi:cx="154.5"
|
||||
id="path5123"
|
||||
style="fill:#ff0000;fill-opacity:1;stroke:none"
|
||||
sodipodi:type="arc" />
|
||||
</g>
|
||||
<text
|
||||
xml:space="preserve"
|
||||
style="font-size:40px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:start;line-height:125%;writing-mode:lr-tb;text-anchor:start;fill:#000000;fill-opacity:1;stroke:none;font-family:URW Gothic L;-inkscape-font-specification:URW Gothic L"
|
||||
x="116.03641"
|
||||
y="157.71547"
|
||||
id="text2549"
|
||||
sodipodi:linespacing="125%"><tspan
|
||||
sodipodi:role="line"
|
||||
id="tspan2551"
|
||||
x="116.03641"
|
||||
y="157.71547">Central Michigan University</tspan></text>
|
||||
<text
|
||||
sodipodi:linespacing="125%"
|
||||
id="text2577"
|
||||
y="213.27388"
|
||||
x="379.68344"
|
||||
style="font-size:20px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;line-height:125%;writing-mode:lr-tb;text-anchor:middle;fill:#000000;fill-opacity:1;stroke:none;font-family:URW Gothic L;-inkscape-font-specification:URW Gothic L"
|
||||
xml:space="preserve"><tspan
|
||||
y="213.27388"
|
||||
x="379.68344"
|
||||
id="tspan2579"
|
||||
sodipodi:role="line">happened with my help</tspan><tspan
|
||||
y="238.27388"
|
||||
x="379.68344"
|
||||
sodipodi:role="line"
|
||||
id="tspan2688">because I am a cool person!</tspan></text>
|
||||
<g
|
||||
id="g2682"
|
||||
transform="matrix(0.65682,0,0,0.65682,56.884352,76.892052)">
|
||||
<g
|
||||
style="display:inline"
|
||||
id="g2779"
|
||||
transform="matrix(0.3735863,0,0,0.3735863,13.30028,7.3746232)">
|
||||
<path
|
||||
sodipodi:nodetypes="csssccccccsccssscsscczczczcccccccsscscccccccccscscccc"
|
||||
id="path2781"
|
||||
d="M 127.1141,465.5924 C 91.814047,465.5924 66.89506,504.2459 69.859396,529.82972 C 71.761234,546.24359 81.651632,548.75843 96.01098,575.0839 C 104.71039,591.03284 111.56039,612.77438 100.19257,619.35575 C 88.824765,625.93711 53.531251,643.88779 53.53125,643.88779 L 53.53125,731.25 L 228.8265,731.25 C 228.8265,731.25 230.62049,725.86487 229.42387,714.49706 C 243.87007,715.26906 254.19943,715.68227 269.51412,713.28904 C 290.82939,704.65951 302.41803,697.91484 316.18872,691.15976 C 319.30006,687.58786 324.5538,662.43638 323.35717,651.66689 C 322.17857,641.0595 321.01036,622.90838 315.83029,608.07206 C 315.83112,607.62561 315.81244,607.17371 315.77719,606.71802 C 317.90386,598.92728 318.64423,595.20653 320.96769,587.65525 C 323.36091,579.87727 313.19812,579.87221 315.59134,573.88916 C 317.98457,567.9061 319.77015,572.09667 321.56506,555.3441 C 323.35997,538.59153 316.6504,536.93715 312.59122,530.81206 C 313.93239,525.70068 314.54999,522.63654 307.07568,516.5878 C 303.81694,513.9506 301.55946,512.46778 297.4356,512.23126 C 293.31173,511.99474 287.68977,511.89966 279.91179,511.30135 C 279.95788,511.237 279.68945,518.04719 279.8219,518.15083 C 279.59187,518.15083 272.97826,508.24505 268.82685,511.94803 C 264.86347,515.4833 273.24628,527.8739 273.24627,527.59611 C 273.51087,527.66524 264.87102,526.81018 264.1245,530.81206 C 263.39332,534.73169 269.93358,536.10993 269.84182,536.20168 C 269.75006,535.92516 263.79217,535.24252 263.99859,539.96567 C 264.22106,545.05637 272.74333,545.38736 272.74334,545.5438 C 268.67573,555.71281 254.50626,589.03774 244.98208,611.57664 C 247.97361,618.15801 274.90373,620.56376 274.90373,620.56376 C 274.90373,620.56376 277.7599,637.70722 270.70886,644.48516 C 261.13596,645.96638 226.25358,641.8655 203.09971,630.13497 C 183.35561,625.94684 173.54242,629.40149 162.4121,627.13484 C 163.71562,615.17348 164.21749,608.58979 164.21749,608.58979 C 164.21749,608.58979 179.77569,606.19506 179.77569,584.05775 C 179.77569,561.92042 189.27078,560.03657 186.94414,548.16237 C 185.05685,538.53041 181.53399,532.45339 189.1876,524.09495 C 194.98993,515.09543 195.91779,501.48946 187.54152,491.91656 C 175.82743,478.52903 162.41416,465.5924 127.1141,465.5924 z M 283.08108,515.50608 C 282.97494,515.60488 286.88702,515.90504 291.28498,516.19638 C 291.7627,519.41501 296.839,523.95317 299.88712,526.41806 C 299.62647,527.00514 299.35852,527.56957 299.09062,528.13052 L 283.43987,527.85176 C 283.52084,527.66348 282.88447,515.7395 283.08108,515.50608 z M 276.34425,546.61907 C 277.89568,547.38545 280.81962,547.77463 283.05453,548.37477 C 280.15284,549.11714 277.60828,549.09234 277.30649,551.49475 C 276.88402,554.8578 283.91375,557.05322 290.12324,558.85588 C 288.4593,559.44397 285.41576,560.84837 285.28168,562.4898 C 284.86781,567.55673 295.35853,569.71644 304.68278,571.55997 C 305.89074,579.19986 307.54144,589.21622 308.90079,597.08044 C 285.0055,594.98587 270.36389,593.61307 255.48253,597.49196 C 261.78844,582.55106 269.46993,562.86918 276.34425,546.61907 z"
|
||||
style="fill:#000000;fill-opacity:1;fill-rule:evenodd;stroke:none;stroke-width:5;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1" />
|
||||
</g>
|
||||
<text
|
||||
transform="matrix(0.570786,-0.8210989,0.8210989,0.570786,0,0)"
|
||||
sodipodi:linespacing="125%"
|
||||
id="text2678"
|
||||
y="199.4783"
|
||||
x="-109.05233"
|
||||
style="font-size:20px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:start;line-height:125%;writing-mode:lr-tb;text-anchor:start;fill:#000000;fill-opacity:1;stroke:none;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;font-family:URW Palladio L;-inkscape-font-specification:URW Palladio L"
|
||||
xml:space="preserve"><tspan
|
||||
y="199.4783"
|
||||
x="-109.05233"
|
||||
id="tspan2680"
|
||||
sodipodi:role="line">right on!</tspan></text>
|
||||
</g>
|
||||
</g>
|
||||
</svg>
|
After Width: | Height: | Size: 24 KiB |
|
@ -0,0 +1,15 @@
|
|||
TF3 Categories
|
||||
==============
|
||||
|
||||
Last year we ran:
|
||||
|
||||
bletchley, compaq, crypto, forensics, hackme, hispaniola, net-re,
|
||||
sequence, skynet, survey, webapp, tanks, badmath, kevin
|
||||
|
||||
|
||||
This year we have:
|
||||
|
||||
basemath, bletchley, codebreaking, compaq, crypto, forensics,
|
||||
hackme, logger, net-re, octopus, printf, pwnables, sequence, skynet,
|
||||
steg, tanks, webapp
|
||||
|
|
@ -0,0 +1 @@
|
|||
andrew.hay@afit.edu
|
|
@ -0,0 +1,176 @@
|
|||
LANL CTF Token-Based Categories
|
||||
===============================
|
||||
|
||||
LANL's CTF contest allows for easy addition of new modules which can use
|
||||
"tokens". A token is a character string worth one point in the contest.
|
||||
A point may only be claimed once per team, but multiple teams can claim
|
||||
the same token and each will get a point. Tokens look like this:
|
||||
|
||||
example:xylep-donut-nanox
|
||||
|
||||
Tokens are issued by the token server using the tokencli program at the
|
||||
end of this document. They can also be issued before the beginning of a
|
||||
contest. If your category allows it, it will be much easier for you to
|
||||
simply request a number of tokens before the contest begins, and
|
||||
hard-code them into your category.
|
||||
|
||||
You will want to arrange that participants get a token after having
|
||||
completed some sort of task. In existing categories, tokens are
|
||||
frequently what lie beneath some trail of hacking. For instance, one
|
||||
program provides a token when the proper printf formatting string is
|
||||
provided. Another embeds five tokens into log messages using different
|
||||
encodings.
|
||||
|
||||
Any machine that you connect to our network will get a wired connection
|
||||
and should claim a static IP address on the 10.0.2.0/24 network. While
|
||||
it's unlikely you'll conflict with anyone else, be prepared to
|
||||
reconfigure it with a new IP on the morning of the event.
|
||||
|
||||
If you plan to request tokens, please do so at least 2 weeks before the
|
||||
start of the event. I will need to know what you'd like your category
|
||||
to be called, and how many tokens you'd like. It's not a problem if you
|
||||
don't use all the tokens you request.
|
||||
|
||||
Remember that this is a security contest, and contestants will be far
|
||||
more engaged with your category if they have to do real work to get the
|
||||
tokens. For example, a vendor might be tempted to leave tokens lying
|
||||
around in configuration boxes to reward people who explore its rich
|
||||
configurability, but this would probably result in people clicking
|
||||
through the UI as quickly as possible looking only for tokens. Far
|
||||
better would be to have the tokens lying under the products
|
||||
functionality somewhere, forcing contestants to interact with the
|
||||
product like they would in their day to day work after having purchased
|
||||
it. A Snort category, for instance, would do well to have tokens within
|
||||
packet captures which triggered alarms.
|
||||
|
||||
I can't stress that last point enough: constestants have been known to
|
||||
spend over 2 hours on a single problem. Don't be afraid to really
|
||||
challenge them.
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
/* tokencli.c - LANL CTF token client
|
||||
Author: Neale Pickett <neale@lanl.gov>
|
||||
|
||||
This program requires an arc4 implementation, email me if you can't find
|
||||
one you like.
|
||||
|
||||
This also requires a shared 128-bit key. I need the key before you can
|
||||
start requesting tokens from the server :)
|
||||
|
||||
|
||||
This software has been authored by an employee or employees of Los
|
||||
Alamos National Security, LLC, operator of the Los Alamos National
|
||||
Laboratory (LANL) under Contract No. DE-AC52-06NA25396 with the
|
||||
U.S. Department of Energy. The U.S. Government has rights to use,
|
||||
reproduce, and distribute this software. The public may copy,
|
||||
distribute, prepare derivative works and publicly display this software
|
||||
without charge, provided that this Notice and any statement of
|
||||
authorship are reproduced on all copies. Neither the Government nor
|
||||
LANS makes any warranty, express or implied, or assumes any liability or
|
||||
responsibility for the use of this software. If software is modified to
|
||||
produce derivative works, such modified software should be clearly
|
||||
marked, so as not to confuse it with the version available from LANL.
|
||||
*/
|
||||
|
||||
|
||||
#include <sys/types.h>
|
||||
#include <sys/stat.h>
|
||||
#include <fcntl.h>
|
||||
#include <string.h>
|
||||
#include <unistd.h>
|
||||
#include <sysexits.h>
|
||||
#include <stdio.h>
|
||||
#include "arc4.h"
|
||||
|
||||
/* I don't feel compelled to put all the TCP client code in here
|
||||
* when it's so simple to run this with netcat or ucspi. Plus, using
|
||||
* stdin and stdout makes it simpler to test.
|
||||
*/
|
||||
|
||||
int
|
||||
read_key(char *filename, uint8_t *key, size_t *keylen)
|
||||
{
|
||||
int fd = open(filename, O_RDONLY);
|
||||
int len;
|
||||
|
||||
if (-1 == fd) {
|
||||
perror("open");
|
||||
return EX_NOINPUT;
|
||||
}
|
||||
|
||||
len = read(fd, key, *keylen);
|
||||
if (-1 == len) {
|
||||
perror("read");
|
||||
return EX_NOINPUT;
|
||||
}
|
||||
*keylen = (size_t)len;
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
int
|
||||
main(int argc, char *argv[]) {
|
||||
uint8_t skey[200];
|
||||
size_t skeylen = sizeof(skey);
|
||||
char token[200];
|
||||
size_t tokenlen;
|
||||
int ret;
|
||||
|
||||
if (argc != 3) {
|
||||
fprintf(stderr, "Usage: %s SERVICE SERVICEKEY 3>TOKENFILE\n", argv[0]);
|
||||
fprintf(stderr, "\n");
|
||||
fprintf(stderr, "SERVICEKEY is a filename.\n");
|
||||
fprintf(stderr, "Server chatter happens over stdin and stdout.\n");
|
||||
fprintf(stderr, "Tokens are written to file descriptor 3.\n");
|
||||
fprintf(stderr, "\n");
|
||||
fprintf(stderr, "To run with netcat:\n");
|
||||
fprintf(stderr, " nc 10.0.0.2 1 -e tokencli cat cat.key 3> tokenfile\n");
|
||||
return EX_USAGE;
|
||||
}
|
||||
|
||||
/* read in keys */
|
||||
ret = read_key(argv[2], skey, &skeylen);
|
||||
if (0 != ret) return ret;
|
||||
|
||||
/* write service name */
|
||||
write(1, argv[1], strlen(argv[1]));
|
||||
|
||||
/* read nonce, send back encrypted version */
|
||||
{
|
||||
uint8_t nonce[80];
|
||||
int noncelen;
|
||||
|
||||
noncelen = read(0, nonce, sizeof(nonce));
|
||||
if (0 >= noncelen) {
|
||||
perror("read");
|
||||
return EX_IOERR;
|
||||
}
|
||||
arc4_crypt_buffer(skey, skeylen, nonce, (size_t)noncelen);
|
||||
write(1, nonce, (size_t)noncelen);
|
||||
}
|
||||
|
||||
/* read token */
|
||||
{
|
||||
int len;
|
||||
|
||||
len = read(0, token, sizeof(token));
|
||||
if (0 >= len) {
|
||||
perror("read");
|
||||
return EX_IOERR;
|
||||
}
|
||||
tokenlen = (size_t)len;
|
||||
}
|
||||
|
||||
/* decrypt it */
|
||||
arc4_crypt_buffer(skey, skeylen, (uint8_t *)token, tokenlen);
|
||||
|
||||
/* write it to fd 3 */
|
||||
write(3, token, tokenlen);
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
|
@ -0,0 +1,163 @@
|
|||
How to create puzzle categories
|
||||
===============================
|
||||
|
||||
The contest has multiple "puzzle" categories. Each category contains a
|
||||
collection of thematically-related puzzles with increasing point
|
||||
values. This document will guide you through the process of creating a
|
||||
new category. It's up to you to make challenging puzzles, though :)
|
||||
|
||||
Since Unix commands are plain text, I'll be using the Unix commands to
|
||||
illustrate steps. These are simple commands that should be easy to
|
||||
translate to a GUI.
|
||||
|
||||
|
||||
Step 1: Establish a progression
|
||||
-------------------------------
|
||||
|
||||
Before you do anything else, you should sit down with a pen and paper,
|
||||
and plan out how you'd like contestants to progress through your
|
||||
category. This contest framework is set up to encourage a linear
|
||||
progression through puzzles, while still allowing contestants to skip
|
||||
over things they get stuck on.
|
||||
|
||||
The net-re category, for instance, features full tutorial pages with
|
||||
simple "end of chapter" type questions for point values 1-8. Point
|
||||
values 10-99 apply the skills learned in the tutorial against
|
||||
increasingly challenging problems, point values 100-999 increasingly
|
||||
approach real-world challenges which use the skills, and point values
|
||||
1000+ are either culled or inspired by actual net-re tasks performed by
|
||||
experts in the field.
|
||||
|
||||
The crypto category uses the previous answers key as part of the
|
||||
solution process for each point value.
|
||||
|
||||
Ideally, your category will work standalone for novices, while allowing
|
||||
experts to quickly answer the training questions and progress to real
|
||||
challenges. Remember that some events don't have a class portion, and
|
||||
even the ones that do have students who prefer to spend the contest time
|
||||
reviewing the exact same problems they did in the class.
|
||||
|
||||
Remember, it's easy to make incredibly challenging puzzles, and you will
|
||||
probably have a lot of ideas about how to do this. What's harder is to
|
||||
make simple puzzles that teach. It can be helpful to imagine a student
|
||||
with a basic skill set. Write your first puzzle for this student to
|
||||
introduce them to the topic and get them thinking about things you
|
||||
believe are important. Guide that student through your tutorial
|
||||
puzzles, until they emerge ready to tackle some non-tutorial problems.
|
||||
As they gain confidence, keep them on their toes with new challenges.
|
||||
Remember to only introduce one new concept for each puzzle!
|
||||
|
||||
Past a certain point, feel free to throw in the killer tricky puzzles
|
||||
you're just dying to create!
|
||||
|
||||
|
||||
|
||||
Step 2: Establish point values
|
||||
------------------------------
|
||||
|
||||
Each of your steps needs a point value. Each point value must be
|
||||
unique: you may not have two 5-point puzzles.
|
||||
|
||||
Point values should roughly reflect how difficult a problem is to solve.
|
||||
It's not terribly important that a 200-point puzzle be ten times harder
|
||||
than a 20-point puzzle, but it is crucial that a 25-point puzzle be
|
||||
roughly as difficult as a 20-point puzzle. Poorly-weighted puzzles has
|
||||
been the main reason students lose interest.
|
||||
|
||||
|
||||
|
||||
Step 3: Set up your puzzle structure
|
||||
------------------------------------
|
||||
|
||||
The best way to get puzzles to me is in a zip file of an entire
|
||||
directory. Let's say you are going to create a "sandwich" category.
|
||||
Your first step will be to make a "sandwich" directory somewhere.
|
||||
|
||||
$ mkdir sandwich
|
||||
$ cd sandwich
|
||||
$
|
||||
|
||||
Within your category directory, create subdirectories for each point
|
||||
value puzzle. In the "sandwich" category we have only 5, 10, and
|
||||
100-point puzzles.
|
||||
|
||||
$ mkdir 5 10 100
|
||||
$
|
||||
|
||||
|
||||
Step 4: Write puzzles
|
||||
---------------------
|
||||
|
||||
Now that your skeleton is set up, you can begin to fill it in. In each
|
||||
point-value subdirectory, there can be three special files, and as many
|
||||
downloadable files as you like, in addition to CGI and any downloadable
|
||||
but non-listed files you would like.
|
||||
|
||||
Special files are:
|
||||
|
||||
* index.mdwn: a plain text file formatted with
|
||||
[markdown](http://daringfireball.net/projects/markdown/), displayed
|
||||
before the list of normal files in the puzzle directory.
|
||||
* key: a plain text file with acceptable answers, one per line. Answers
|
||||
are matched exactly (ie. they are case-sensitive).
|
||||
* summary: a single line explaining to contest organizers what's going
|
||||
on in this puzzle.
|
||||
|
||||
All remaining files, except those with filenames beginning with a comma
|
||||
(","), are listed on the puzzle page for download.
|
||||
|
||||
Any file ending with ".cgi" will be run as CGI. You can search the web
|
||||
for how to write a CGI. Available languages are Python, Lua, and Bourne
|
||||
Shell.
|
||||
|
||||
Let's make our 5-point sandwich question!
|
||||
|
||||
$ cd 5
|
||||
$ cat <<EOD >index.mdwn
|
||||
> Welcome to the Sandwich category!
|
||||
> In this category you will learn how to make a tasty sandwich.
|
||||
> The key ingredients in a sandwich are: bread, spread, and filling.
|
||||
> When making a sandwich, you need to first put down one slice of bread,
|
||||
> then apply any spreads, and finally add filling. Popular fillings
|
||||
> include cheese, sprouts, and cold cuts. When you are done, apply
|
||||
> another slice of bread on top, and optionally tie it together with
|
||||
> a fancy toothpick.
|
||||
>
|
||||
> Now that you know the basics of sandwich-making, it's time for a
|
||||
> question! How many slices of bread are in a sandwich?
|
||||
> EOD
|
||||
$ cat <<EOD >key
|
||||
> 2
|
||||
> TWO
|
||||
> two
|
||||
> EOD
|
||||
$ echo "How many slices of bread in a sandwich" > summary
|
||||
$
|
||||
|
||||
If you wanted to provide a PDF of various sandwiches, this would be the
|
||||
time to add that too:
|
||||
|
||||
$ cp /tmp/sandwich-types.pdf .
|
||||
$
|
||||
|
||||
In a real category, you might provide an executable, hard drive image,
|
||||
or some other kind of blob.
|
||||
|
||||
No additional work is needed to have `sandwich-types.pdf` show up as a
|
||||
download on the puzzle page.
|
||||
|
||||
|
||||
|
||||
Step 5: Package it up
|
||||
---------------------
|
||||
|
||||
After you've flushed out all your point-value directories, it's time to
|
||||
wrap it up and send it in. Clean out any backup or temporary files you
|
||||
or your editor might have written in the directories, and zip the sucker
|
||||
up.
|
||||
|
||||
$ cd ../..
|
||||
$ zip -r sandwich.zip sandwich/
|
||||
$
|
||||
|
||||
Now mail the zip file in, and you're all done!
|
|
@ -23,7 +23,7 @@ arc4_init(struct arc4_ctx *ctx, uint8_t const *key, size_t keylen)
|
|||
}
|
||||
|
||||
uint8_t
|
||||
arc4_pad(struct arc4_ctx *ctx)
|
||||
arc4_out(struct arc4_ctx *ctx)
|
||||
{
|
||||
ctx->i = (ctx->i + 1) % 256;
|
||||
ctx->j = (ctx->j + ctx->S[ctx->i]) % 256;
|
||||
|
@ -33,17 +33,17 @@ arc4_pad(struct arc4_ctx *ctx)
|
|||
|
||||
void
|
||||
arc4_crypt(struct arc4_ctx *ctx,
|
||||
uint8_t *obuf, uint8_t const *ibuf, size_t buflen)
|
||||
uint8_t *obuf, const uint8_t *ibuf, size_t buflen)
|
||||
{
|
||||
size_t k;
|
||||
|
||||
for (k = 0; k < buflen; k += 1) {
|
||||
obuf[k] = ibuf[k] ^ arc4_pad(ctx);
|
||||
obuf[k] = ibuf[k] ^ arc4_out(ctx);
|
||||
}
|
||||
}
|
||||
|
||||
void
|
||||
arc4_crypt_buffer(uint8_t const *key, size_t keylen,
|
||||
arc4_crypt_buffer(const uint8_t *key, size_t keylen,
|
||||
uint8_t *buf, size_t buflen)
|
||||
{
|
||||
struct arc4_ctx ctx;
|
||||
|
@ -51,3 +51,64 @@ arc4_crypt_buffer(uint8_t const *key, size_t keylen,
|
|||
arc4_init(&ctx, key, keylen);
|
||||
arc4_crypt(&ctx, buf, buf, buflen);
|
||||
}
|
||||
|
||||
|
||||
#ifdef ARC4_MAIN
|
||||
|
||||
#include <stdio.h>
|
||||
#include <sysexits.h>
|
||||
#include <string.h>
|
||||
|
||||
int
|
||||
main(int argc, char *argv[])
|
||||
{
|
||||
struct arc4_ctx ctx;
|
||||
|
||||
/* Read key and initialize context */
|
||||
{
|
||||
uint8_t key[256];
|
||||
size_t keylen = 0;
|
||||
char *ekey = getenv("KEY");
|
||||
FILE *f;
|
||||
|
||||
if (argc == 2) {
|
||||
if (! (f = fopen(argv[1], "r"))) {
|
||||
perror(argv[0]);
|
||||
}
|
||||
} else {
|
||||
f = fdopen(3, "r");
|
||||
}
|
||||
|
||||
if (f) {
|
||||
keylen = fread(key, 1, sizeof(key), f);
|
||||
fclose(f);
|
||||
} else if (ekey) {
|
||||
keylen = strlen(ekey);
|
||||
if (keylen > sizeof(key)) {
|
||||
keylen = sizeof(key);
|
||||
}
|
||||
memcpy(key, ekey, keylen);
|
||||
}
|
||||
|
||||
if (0 == keylen) {
|
||||
fprintf(stderr, "Usage: %s [KEYFILE] <PLAINTEXT\n", argv[0]);
|
||||
fprintf(stderr, "\n");
|
||||
fprintf(stderr, "You can also pass in the key on fd 3 or in\n");
|
||||
fprintf(stderr, "$KEY; omit KEYFILE in this case.\n");
|
||||
return EX_IOERR;
|
||||
}
|
||||
arc4_init(&ctx, key, (size_t)keylen);
|
||||
}
|
||||
|
||||
/* Encrypt */
|
||||
while (1) {
|
||||
int c = getchar();
|
||||
|
||||
if (EOF == c) break;
|
||||
putchar(c ^ arc4_out(&ctx));
|
||||
}
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
#endif /* ARC4_MAIN */
|
||||
|
|
|
@ -10,11 +10,10 @@ struct arc4_ctx {
|
|||
uint8_t j;
|
||||
};
|
||||
|
||||
void arc4_init(struct arc4_ctx *ctx, uint8_t const *key, size_t keylen);
|
||||
uint8_t arc4_pad(struct arc4_ctx *ctx);
|
||||
void arc4_init(struct arc4_ctx *ctx, const uint8_t *key, size_t keylen);
|
||||
uint8_t arc4_out(struct arc4_ctx *ctx);
|
||||
void arc4_crypt(struct arc4_ctx *ctx,
|
||||
uint8_t *obuf, uint8_t const *ibuf, size_t buflen);
|
||||
void arc4_crypt_buffer(uint8_t const *key, size_t keylen,
|
||||
uint8_t *obuf, const uint8_t *ibuf, size_t buflen);
|
||||
void arc4_crypt_buffer(const uint8_t *key, size_t keylen,
|
||||
uint8_t *buf, size_t buflen);
|
||||
|
||||
#endif
|
||||
|
|
156
include/isaac.c
156
include/isaac.c
|
@ -1,156 +0,0 @@
|
|||
/*
|
||||
------------------------------------------------------------------------------
|
||||
rand.c: By Bob Jenkins. My random number generator, ISAAC. Public Domain.
|
||||
MODIFIED:
|
||||
960327: Creation (addition of randinit, really)
|
||||
970719: use context, not global variables, for internal state
|
||||
980324: added main (ifdef'ed out), also rearranged randinit()
|
||||
010626: Note that this is public domain
|
||||
------------------------------------------------------------------------------
|
||||
*/
|
||||
#include <stdint.h>
|
||||
#include "rand.h"
|
||||
|
||||
#define ind(mm,x) (*(uint32_t *)((uint8_t *)(mm) + ((x) & ((RANDSIZ-1)<<2))))
|
||||
#define rngstep(mix,a,b,mm,m,m2,r,x) \
|
||||
{ \
|
||||
x = *m; \
|
||||
a = (a^(mix)) + *(m2++); \
|
||||
*(m++) = y = ind(mm,x) + a + b; \
|
||||
*(r++) = b = ind(mm,y>>RANDSIZL) + x; \
|
||||
}
|
||||
|
||||
void isaac(struct randctx *ctx)
|
||||
{
|
||||
register uint32_t a, b, x, y, *m, *mm, *m2, *r, *mend;
|
||||
mm = ctx->randmem;
|
||||
r = ctx->randrsl;
|
||||
a = ctx->randa;
|
||||
b = ctx->randb + (++ctx->randc);
|
||||
for (m = mm, mend = m2 = m + (RANDSIZ / 2); m < mend;) {
|
||||
rngstep(a << 13, a, b, mm, m, m2, r, x);
|
||||
rngstep(a >> 6, a, b, mm, m, m2, r, x);
|
||||
rngstep(a << 2, a, b, mm, m, m2, r, x);
|
||||
rngstep(a >> 16, a, b, mm, m, m2, r, x);
|
||||
}
|
||||
for (m2 = mm; m2 < mend;) {
|
||||
rngstep(a << 13, a, b, mm, m, m2, r, x);
|
||||
rngstep(a >> 6, a, b, mm, m, m2, r, x);
|
||||
rngstep(a << 2, a, b, mm, m, m2, r, x);
|
||||
rngstep(a >> 16, a, b, mm, m, m2, r, x);
|
||||
}
|
||||
ctx->randb = b;
|
||||
ctx->randa = a;
|
||||
}
|
||||
|
||||
|
||||
#define mix(a,b,c,d,e,f,g,h) \
|
||||
{ \
|
||||
a^=b<<11; d+=a; b+=c; \
|
||||
b^=c>>2; e+=b; c+=d; \
|
||||
c^=d<<8; f+=c; d+=e; \
|
||||
d^=e>>16; g+=d; e+=f; \
|
||||
e^=f<<10; h+=e; f+=g; \
|
||||
f^=g>>4; a+=f; g+=h; \
|
||||
g^=h<<8; b+=g; h+=a; \
|
||||
h^=a>>9; c+=h; a+=b; \
|
||||
}
|
||||
|
||||
/* if (flag==TRUE), then use the contents of randrsl[] to initialize mm[]. */
|
||||
void randinit(struct randctx *ctx, uint_fast8_t flag)
|
||||
{
|
||||
uint_fast32_t i;
|
||||
uint32_t a, b, c, d, e, f, g, h;
|
||||
uint32_t *m, *r;
|
||||
ctx->randa = ctx->randb = ctx->randc = 0;
|
||||
m = ctx->randmem;
|
||||
r = ctx->randrsl;
|
||||
a = b = c = d = e = f = g = h = 0x9e3779b9; /* the golden ratio */
|
||||
|
||||
for (i = 0; i < 4; ++i) { /* scramble it */
|
||||
mix(a, b, c, d, e, f, g, h);
|
||||
}
|
||||
|
||||
if (flag) {
|
||||
/* initialize using the contents of r[] as the seed */
|
||||
for (i = 0; i < RANDSIZ; i += 8) {
|
||||
a += r[i];
|
||||
b += r[i + 1];
|
||||
c += r[i + 2];
|
||||
d += r[i + 3];
|
||||
e += r[i + 4];
|
||||
f += r[i + 5];
|
||||
g += r[i + 6];
|
||||
h += r[i + 7];
|
||||
mix(a, b, c, d, e, f, g, h);
|
||||
m[i] = a;
|
||||
m[i + 1] = b;
|
||||
m[i + 2] = c;
|
||||
m[i + 3] = d;
|
||||
m[i + 4] = e;
|
||||
m[i + 5] = f;
|
||||
m[i + 6] = g;
|
||||
m[i + 7] = h;
|
||||
}
|
||||
/* do a second pass to make all of the seed affect all of m */
|
||||
for (i = 0; i < RANDSIZ; i += 8) {
|
||||
a += m[i];
|
||||
b += m[i + 1];
|
||||
c += m[i + 2];
|
||||
d += m[i + 3];
|
||||
e += m[i + 4];
|
||||
f += m[i + 5];
|
||||
g += m[i + 6];
|
||||
h += m[i + 7];
|
||||
mix(a, b, c, d, e, f, g, h);
|
||||
m[i] = a;
|
||||
m[i + 1] = b;
|
||||
m[i + 2] = c;
|
||||
m[i + 3] = d;
|
||||
m[i + 4] = e;
|
||||
m[i + 5] = f;
|
||||
m[i + 6] = g;
|
||||
m[i + 7] = h;
|
||||
}
|
||||
} else {
|
||||
/* fill in m[] with messy stuff */
|
||||
for (i = 0; i < RANDSIZ; i += 8) {
|
||||
mix(a, b, c, d, e, f, g, h);
|
||||
m[i] = a;
|
||||
m[i + 1] = b;
|
||||
m[i + 2] = c;
|
||||
m[i + 3] = d;
|
||||
m[i + 4] = e;
|
||||
m[i + 5] = f;
|
||||
m[i + 6] = g;
|
||||
m[i + 7] = h;
|
||||
}
|
||||
}
|
||||
|
||||
isaac(ctx); /* fill in the first set of results */
|
||||
ctx->randcnt = RANDSIZ; /* prepare to use the first set of results */
|
||||
}
|
||||
|
||||
|
||||
#ifdef NEVER
|
||||
|
||||
#include <stdio.h>
|
||||
|
||||
int main()
|
||||
{
|
||||
uint32_t i, j;
|
||||
struct randctx ctx;
|
||||
ctx.randa = ctx.randb = ctx.randc = (uint32_t) 0;
|
||||
for (i = 0; i < 256; ++i)
|
||||
ctx.randrsl[i] = (uint32_t) 0;
|
||||
randinit(&ctx, 1);
|
||||
for (i = 0; i < 2; ++i) {
|
||||
isaac(&ctx);
|
||||
for (j = 0; j < 256; ++j) {
|
||||
printf("%.8x", ctx.randrsl[j]);
|
||||
if ((j & 7) == 7)
|
||||
printf("\n");
|
||||
}
|
||||
}
|
||||
}
|
||||
#endif
|
|
@ -1,55 +0,0 @@
|
|||
/*
|
||||
------------------------------------------------------------------------------
|
||||
rand.h: definitions for a random number generator
|
||||
By Bob Jenkins, 1996, Public Domain
|
||||
MODIFIED:
|
||||
960327: Creation (addition of randinit, really)
|
||||
970719: use context, not global variables, for internal state
|
||||
980324: renamed seed to flag
|
||||
980605: recommend RANDSIZL=4 for noncryptography.
|
||||
010626: note this is public domain
|
||||
101005: update to C99 (neale@lanl.gov)
|
||||
------------------------------------------------------------------------------
|
||||
*/
|
||||
|
||||
#ifndef __ISAAC_H__
|
||||
#define __ISAAC_H__
|
||||
|
||||
#include <stdint.h>
|
||||
|
||||
#define RANDSIZL (8)
|
||||
#define RANDSIZ (1<<RANDSIZL)
|
||||
|
||||
/* context of random number generator */
|
||||
struct randctx {
|
||||
uint32_t randcnt;
|
||||
uint32_t randrsl[RANDSIZ];
|
||||
uint32_t randmem[RANDSIZ];
|
||||
uint32_t randa;
|
||||
uint32_t randb;
|
||||
uint32_t randc;
|
||||
};
|
||||
|
||||
/*
|
||||
------------------------------------------------------------------------------
|
||||
If (flag==TRUE), then use the contents of randrsl[0..RANDSIZ-1] as the seed.
|
||||
------------------------------------------------------------------------------
|
||||
*/
|
||||
void randinit(struct randctx *ctx, uint_fast8_t flag);
|
||||
|
||||
void isaac(struct randctx *ctx);
|
||||
|
||||
/*
|
||||
------------------------------------------------------------------------------
|
||||
Call rand(/o_ randctx *r _o/) to retrieve a single 32-bit random value
|
||||
------------------------------------------------------------------------------
|
||||
*/
|
||||
#define rand32(r) \
|
||||
(!(r)->randcnt-- ? \
|
||||
(isaac(r), (r)->randcnt=RANDSIZ-1, (r)->randrsl[(r)->randcnt]) : \
|
||||
(r)->randrsl[(r)->randcnt])
|
||||
|
||||
#endif /* RAND */
|
||||
|
||||
|
||||
#endif /* __ISAAC_H__ */
|
|
@ -0,0 +1,280 @@
|
|||
/*
|
||||
* This code implements the MD5 message-digest algorithm.
|
||||
* The algorithm is due to Ron Rivest. This code was
|
||||
* written by Colin Plumb in 1993, no copyright is claimed.
|
||||
* This code is in the public domain; do with it what you wish.
|
||||
*
|
||||
* Equivalent code is available from RSA Data Security, Inc.
|
||||
* This code has been tested against that, and is equivalent,
|
||||
* except that you don't need to include two pages of legalese
|
||||
* with every copy.
|
||||
*
|
||||
* To compute the message digest of a chunk of bytes, declare an
|
||||
* MD5Context structure, pass it to MD5Init, call MD5Update as
|
||||
* needed on buffers full of bytes, and then call MD5Final, which
|
||||
* will fill a supplied 16-byte array with the digest.
|
||||
*/
|
||||
|
||||
/* Brutally hacked by John Walker back from ANSI C to K&R (no
|
||||
prototypes) to maintain the tradition that Netfone will compile
|
||||
with Sun's original "cc". */
|
||||
|
||||
#include <memory.h> /* for memcpy() */
|
||||
#include <stdint.h>
|
||||
#include <stdio.h>
|
||||
#include "md5.h"
|
||||
|
||||
void md5_transform(uint32_t buf[4], uint32_t in[16]);
|
||||
|
||||
#ifndef HIGHFIRST
|
||||
#define byteReverse(buf, len) /* Nothing */
|
||||
#else
|
||||
/*
|
||||
* Note: this code is harmless on little-endian machines.
|
||||
*/
|
||||
static void byteReverse(uint8_t *buf, size_t words)
|
||||
{
|
||||
uint32_t t;
|
||||
do {
|
||||
t = (uint32_t) ((unsigned) buf[3] << 8 | buf[2]) << 16 |
|
||||
((unsigned) buf[1] << 8 | buf[0]);
|
||||
*(uint32_t *) buf = t;
|
||||
buf += 4;
|
||||
} while (--words);
|
||||
}
|
||||
#endif
|
||||
|
||||
|
||||
/*
|
||||
* Start MD5 accumulation. Set bit count to 0 and buffer to mysterious
|
||||
* initialization constants.
|
||||
*/
|
||||
void md5_init(struct md5_context *ctx)
|
||||
{
|
||||
ctx->buf[0] = 0x67452301;
|
||||
ctx->buf[1] = 0xefcdab89;
|
||||
ctx->buf[2] = 0x98badcfe;
|
||||
ctx->buf[3] = 0x10325476;
|
||||
|
||||
ctx->bits[0] = 0;
|
||||
ctx->bits[1] = 0;
|
||||
}
|
||||
|
||||
/*
|
||||
* Update context to reflect the concatenation of another buffer full
|
||||
* of bytes.
|
||||
*/
|
||||
void md5_update(struct md5_context *ctx,
|
||||
const uint8_t *buf,
|
||||
size_t len)
|
||||
{
|
||||
uint32_t t;
|
||||
|
||||
/* Update bitcount */
|
||||
|
||||
t = ctx->bits[0];
|
||||
if ((ctx->bits[0] = t + ((uint32_t) len << 3)) < t)
|
||||
ctx->bits[1]++; /* Carry from low to high */
|
||||
ctx->bits[1] += len >> 29;
|
||||
|
||||
t = (t >> 3) & 0x3f; /* Bytes already in shsInfo->data */
|
||||
|
||||
/* Handle any leading odd-sized chunks */
|
||||
|
||||
if (t) {
|
||||
unsigned char *p = (unsigned char *) ctx->in + t;
|
||||
|
||||
t = 64 - t;
|
||||
if (len < t) {
|
||||
memcpy(p, buf, len);
|
||||
return;
|
||||
}
|
||||
memcpy(p, buf, t);
|
||||
byteReverse(ctx->in, 16);
|
||||
md5_transform(ctx->buf, (uint32_t *) ctx->in);
|
||||
buf += t;
|
||||
len -= t;
|
||||
}
|
||||
/* Process data in 64-byte chunks */
|
||||
|
||||
while (len >= 64) {
|
||||
memcpy(ctx->in, buf, 64);
|
||||
byteReverse(ctx->in, 16);
|
||||
md5_transform(ctx->buf, (uint32_t *) ctx->in);
|
||||
buf += 64;
|
||||
len -= 64;
|
||||
}
|
||||
|
||||
/* Handle any remaining bytes of data. */
|
||||
|
||||
memcpy(ctx->in, buf, len);
|
||||
}
|
||||
|
||||
/*
|
||||
* Final wrapup - pad to 64-byte boundary with the bit pattern
|
||||
* 1 0* (64-bit count of bits processed, MSB-first)
|
||||
*/
|
||||
void md5_final(struct md5_context *ctx, uint8_t *digest)
|
||||
{
|
||||
unsigned int count;
|
||||
uint8_t *p;
|
||||
|
||||
/* Compute number of bytes mod 64 */
|
||||
count = (ctx->bits[0] >> 3) & 0x3F;
|
||||
|
||||
/* Set the first char of padding to 0x80. This is safe since there is
|
||||
always at least one byte free */
|
||||
p = ctx->in + count;
|
||||
*p++ = 0x80;
|
||||
|
||||
/* Bytes of padding needed to make 64 bytes */
|
||||
count = 64 - 1 - count;
|
||||
|
||||
/* Pad out to 56 mod 64 */
|
||||
if (count < 8) {
|
||||
/* Two lots of padding: Pad the first block to 64 bytes */
|
||||
memset(p, 0, count);
|
||||
byteReverse(ctx->in, 16);
|
||||
md5_transform(ctx->buf, (uint32_t *) ctx->in);
|
||||
|
||||
/* Now fill the next block with 56 bytes */
|
||||
memset(ctx->in, 0, 56);
|
||||
} else {
|
||||
/* Pad block to 56 bytes */
|
||||
memset(p, 0, count - 8);
|
||||
}
|
||||
byteReverse(ctx->in, 14);
|
||||
|
||||
/* Append length in bits and transform */
|
||||
((uint32_t *) ctx->in)[14] = ctx->bits[0];
|
||||
((uint32_t *) ctx->in)[15] = ctx->bits[1];
|
||||
|
||||
md5_transform(ctx->buf, (uint32_t *) ctx->in);
|
||||
byteReverse((unsigned char *) ctx->buf, 4);
|
||||
memcpy(digest, ctx->buf, 16);
|
||||
memset(ctx, 0, sizeof(ctx)); /* In case it's sensitive */
|
||||
}
|
||||
|
||||
|
||||
/* The four core functions - F1 is optimized somewhat */
|
||||
|
||||
/* #define F1(x, y, z) (x & y | ~x & z) */
|
||||
#define F1(x, y, z) (z ^ (x & (y ^ z)))
|
||||
#define F2(x, y, z) F1(z, x, y)
|
||||
#define F3(x, y, z) (x ^ y ^ z)
|
||||
#define F4(x, y, z) (y ^ (x | ~z))
|
||||
|
||||
/* This is the central step in the MD5 algorithm. */
|
||||
#define md5_step(f, w, x, y, z, data, s) \
|
||||
( w += f(x, y, z) + data, w = w<<s | w>>(32-s), w += x )
|
||||
|
||||
/*
|
||||
* The core of the MD5 algorithm, this alters an existing MD5 hash to
|
||||
* reflect the addition of 16 longwords of new data. MD5Update blocks
|
||||
* the data and converts bytes into longwords for this routine.
|
||||
*/
|
||||
void md5_transform(uint32_t buf[4], uint32_t in[16])
|
||||
{
|
||||
register uint32_t a, b, c, d;
|
||||
|
||||
a = buf[0];
|
||||
b = buf[1];
|
||||
c = buf[2];
|
||||
d = buf[3];
|
||||
|
||||
md5_step(F1, a, b, c, d, in[0] + 0xd76aa478, 7);
|
||||
md5_step(F1, d, a, b, c, in[1] + 0xe8c7b756, 12);
|
||||
md5_step(F1, c, d, a, b, in[2] + 0x242070db, 17);
|
||||
md5_step(F1, b, c, d, a, in[3] + 0xc1bdceee, 22);
|
||||
md5_step(F1, a, b, c, d, in[4] + 0xf57c0faf, 7);
|
||||
md5_step(F1, d, a, b, c, in[5] + 0x4787c62a, 12);
|
||||
md5_step(F1, c, d, a, b, in[6] + 0xa8304613, 17);
|
||||
md5_step(F1, b, c, d, a, in[7] + 0xfd469501, 22);
|
||||
md5_step(F1, a, b, c, d, in[8] + 0x698098d8, 7);
|
||||
md5_step(F1, d, a, b, c, in[9] + 0x8b44f7af, 12);
|
||||
md5_step(F1, c, d, a, b, in[10] + 0xffff5bb1, 17);
|
||||
md5_step(F1, b, c, d, a, in[11] + 0x895cd7be, 22);
|
||||
md5_step(F1, a, b, c, d, in[12] + 0x6b901122, 7);
|
||||
md5_step(F1, d, a, b, c, in[13] + 0xfd987193, 12);
|
||||
md5_step(F1, c, d, a, b, in[14] + 0xa679438e, 17);
|
||||
md5_step(F1, b, c, d, a, in[15] + 0x49b40821, 22);
|
||||
|
||||
md5_step(F2, a, b, c, d, in[1] + 0xf61e2562, 5);
|
||||
md5_step(F2, d, a, b, c, in[6] + 0xc040b340, 9);
|
||||
md5_step(F2, c, d, a, b, in[11] + 0x265e5a51, 14);
|
||||
md5_step(F2, b, c, d, a, in[0] + 0xe9b6c7aa, 20);
|
||||
md5_step(F2, a, b, c, d, in[5] + 0xd62f105d, 5);
|
||||
md5_step(F2, d, a, b, c, in[10] + 0x02441453, 9);
|
||||
md5_step(F2, c, d, a, b, in[15] + 0xd8a1e681, 14);
|
||||
md5_step(F2, b, c, d, a, in[4] + 0xe7d3fbc8, 20);
|
||||
md5_step(F2, a, b, c, d, in[9] + 0x21e1cde6, 5);
|
||||
md5_step(F2, d, a, b, c, in[14] + 0xc33707d6, 9);
|
||||
md5_step(F2, c, d, a, b, in[3] + 0xf4d50d87, 14);
|
||||
md5_step(F2, b, c, d, a, in[8] + 0x455a14ed, 20);
|
||||
md5_step(F2, a, b, c, d, in[13] + 0xa9e3e905, 5);
|
||||
md5_step(F2, d, a, b, c, in[2] + 0xfcefa3f8, 9);
|
||||
md5_step(F2, c, d, a, b, in[7] + 0x676f02d9, 14);
|
||||
md5_step(F2, b, c, d, a, in[12] + 0x8d2a4c8a, 20);
|
||||
|
||||
md5_step(F3, a, b, c, d, in[5] + 0xfffa3942, 4);
|
||||
md5_step(F3, d, a, b, c, in[8] + 0x8771f681, 11);
|
||||
md5_step(F3, c, d, a, b, in[11] + 0x6d9d6122, 16);
|
||||
md5_step(F3, b, c, d, a, in[14] + 0xfde5380c, 23);
|
||||
md5_step(F3, a, b, c, d, in[1] + 0xa4beea44, 4);
|
||||
md5_step(F3, d, a, b, c, in[4] + 0x4bdecfa9, 11);
|
||||
md5_step(F3, c, d, a, b, in[7] + 0xf6bb4b60, 16);
|
||||
md5_step(F3, b, c, d, a, in[10] + 0xbebfbc70, 23);
|
||||
md5_step(F3, a, b, c, d, in[13] + 0x289b7ec6, 4);
|
||||
md5_step(F3, d, a, b, c, in[0] + 0xeaa127fa, 11);
|
||||
md5_step(F3, c, d, a, b, in[3] + 0xd4ef3085, 16);
|
||||
md5_step(F3, b, c, d, a, in[6] + 0x04881d05, 23);
|
||||
md5_step(F3, a, b, c, d, in[9] + 0xd9d4d039, 4);
|
||||
md5_step(F3, d, a, b, c, in[12] + 0xe6db99e5, 11);
|
||||
md5_step(F3, c, d, a, b, in[15] + 0x1fa27cf8, 16);
|
||||
md5_step(F3, b, c, d, a, in[2] + 0xc4ac5665, 23);
|
||||
|
||||
md5_step(F4, a, b, c, d, in[0] + 0xf4292244, 6);
|
||||
md5_step(F4, d, a, b, c, in[7] + 0x432aff97, 10);
|
||||
md5_step(F4, c, d, a, b, in[14] + 0xab9423a7, 15);
|
||||
md5_step(F4, b, c, d, a, in[5] + 0xfc93a039, 21);
|
||||
md5_step(F4, a, b, c, d, in[12] + 0x655b59c3, 6);
|
||||
md5_step(F4, d, a, b, c, in[3] + 0x8f0ccc92, 10);
|
||||
md5_step(F4, c, d, a, b, in[10] + 0xffeff47d, 15);
|
||||
md5_step(F4, b, c, d, a, in[1] + 0x85845dd1, 21);
|
||||
md5_step(F4, a, b, c, d, in[8] + 0x6fa87e4f, 6);
|
||||
md5_step(F4, d, a, b, c, in[15] + 0xfe2ce6e0, 10);
|
||||
md5_step(F4, c, d, a, b, in[6] + 0xa3014314, 15);
|
||||
md5_step(F4, b, c, d, a, in[13] + 0x4e0811a1, 21);
|
||||
md5_step(F4, a, b, c, d, in[4] + 0xf7537e82, 6);
|
||||
md5_step(F4, d, a, b, c, in[11] + 0xbd3af235, 10);
|
||||
md5_step(F4, c, d, a, b, in[2] + 0x2ad7d2bb, 15);
|
||||
md5_step(F4, b, c, d, a, in[9] + 0xeb86d391, 21);
|
||||
|
||||
buf[0] += a;
|
||||
buf[1] += b;
|
||||
buf[2] += c;
|
||||
buf[3] += d;
|
||||
}
|
||||
|
||||
void
|
||||
md5_digest(const uint8_t *buf, size_t buflen, uint8_t *digest)
|
||||
{
|
||||
struct md5_context ctx;
|
||||
|
||||
md5_init(&ctx);
|
||||
md5_update(&ctx, buf, buflen);
|
||||
md5_final(&ctx, digest);
|
||||
}
|
||||
|
||||
void
|
||||
md5_hexdigest(const uint8_t *buf, size_t buflen, char *hexdigest)
|
||||
{
|
||||
uint8_t digest[MD5_DIGEST_LEN];
|
||||
int i;
|
||||
|
||||
md5_digest(buf, buflen, digest);
|
||||
|
||||
for (i = 0; i < MD5_DIGEST_LEN; i += 1) {
|
||||
sprintf(hexdigest + (i*2), "%02x", digest[i]);
|
||||
}
|
||||
}
|
|
@ -0,0 +1,42 @@
|
|||
#ifndef MD5_H
|
||||
#define MD5_H
|
||||
|
||||
#include <stdint.h>
|
||||
|
||||
/* The following tests optimise behaviour on little-endian
|
||||
machines, where there is no need to reverse the byte order
|
||||
of 32 bit words in the MD5 computation. By default,
|
||||
HIGHFIRST is defined, which indicates we're running on a
|
||||
big-endian (most significant byte first) machine, on which
|
||||
the byteReverse function in md5.c must be invoked. However,
|
||||
byteReverse is coded in such a way that it is an identity
|
||||
function when run on a little-endian machine, so calling it
|
||||
on such a platform causes no harm apart from wasting time.
|
||||
If the platform is known to be little-endian, we speed
|
||||
things up by undefining HIGHFIRST, which defines
|
||||
byteReverse as a null macro. Doing things in this manner
|
||||
insures we work on new platforms regardless of their byte
|
||||
order. */
|
||||
|
||||
#define HIGHFIRST
|
||||
|
||||
#ifdef __i386__
|
||||
#undef HIGHFIRST
|
||||
#endif
|
||||
|
||||
#define MD5_DIGEST_LEN 16
|
||||
#define MD5_HEXDIGEST_LEN (MD5_DIGEST_LEN * 2)
|
||||
|
||||
struct md5_context {
|
||||
uint32_t buf[4];
|
||||
uint32_t bits[2];
|
||||
uint8_t in[64];
|
||||
};
|
||||
|
||||
void md5_init(struct md5_context *ctx);
|
||||
void md5_update(struct md5_context *ctx, const uint8_t *buf, size_t len);
|
||||
void md5_final(struct md5_context *ctx, uint8_t *digest);
|
||||
void md5_digest(const uint8_t *buf, size_t buflen, uint8_t *digest);
|
||||
void md5_hexdigest(const uint8_t *buf, size_t buflen, char *hexdigest);
|
||||
|
||||
#endif /* !MD5_H */
|
|
@ -0,0 +1,65 @@
|
|||
#include <sys/types.h>
|
||||
#include <sys/stat.h>
|
||||
#include <fcntl.h>
|
||||
#include <stddef.h>
|
||||
#include <stdint.h>
|
||||
#include <time.h>
|
||||
#include "arc4.h"
|
||||
|
||||
/*
|
||||
*
|
||||
* Random numbers
|
||||
*
|
||||
*/
|
||||
|
||||
void
|
||||
urandom(uint8_t *buf, size_t buflen)
|
||||
{
|
||||
static int initialized = 0;
|
||||
static struct arc4_ctx ctx;
|
||||
|
||||
if (! initialized) {
|
||||
int fd = open("/dev/urandom", O_RDONLY);
|
||||
|
||||
if (-1 == fd) {
|
||||
struct {
|
||||
time_t time;
|
||||
pid_t pid;
|
||||
} bits;
|
||||
|
||||
bits.time = time(NULL);
|
||||
bits.pid = getpid();
|
||||
arc4_init(&ctx, (uint8_t *)&bits, sizeof(bits));
|
||||
} else {
|
||||
uint8_t key[256];
|
||||
|
||||
read(fd, key, sizeof(key));
|
||||
close(fd);
|
||||
arc4_init(&ctx, key, sizeof(key));
|
||||
}
|
||||
|
||||
initialized = 1;
|
||||
}
|
||||
|
||||
while (buflen--) {
|
||||
*(buf++) = arc4_out(&ctx);
|
||||
}
|
||||
}
|
||||
|
||||
int32_t
|
||||
rand32()
|
||||
{
|
||||
int32_t ret;
|
||||
|
||||
urandom((uint8_t *)&ret, sizeof(ret));
|
||||
return ret;
|
||||
}
|
||||
|
||||
uint32_t
|
||||
randu32()
|
||||
{
|
||||
uint32_t ret;
|
||||
|
||||
urandom((uint8_t *)&ret, sizeof(ret));
|
||||
return ret;
|
||||
}
|
|
@ -0,0 +1,11 @@
|
|||
#ifndef __RAND_H__
|
||||
#define __RAND_H__
|
||||
|
||||
#include <stdint.h>
|
||||
#include <stddef.h>
|
||||
|
||||
void urandom(void *buf, size_t buflen);
|
||||
int32_t rand32();
|
||||
uint32_t randu32();
|
||||
|
||||
#endif /* __RAND_H__ */
|
|
@ -0,0 +1,46 @@
|
|||
#include <stdio.h>
|
||||
#include <stdint.h>
|
||||
#include "rand.h"
|
||||
#include "md5.h"
|
||||
#include "token.h"
|
||||
|
||||
int
|
||||
main()
|
||||
{
|
||||
int i;
|
||||
uint8_t zeroes[64] = {0};
|
||||
uint8_t digest[MD5_DIGEST_LEN];
|
||||
|
||||
for (i = 0; i < 10; i += 1) {
|
||||
printf("%d ", randu32() % 10);
|
||||
}
|
||||
|
||||
printf("\n4ae71336e44bf9bf79d2752e234818a5\n");
|
||||
|
||||
md5_digest(zeroes, 16, digest);
|
||||
for (i = 0; i < sizeof(digest); i += 1) {
|
||||
printf("%02x", digest[i]);
|
||||
}
|
||||
printf("\n");
|
||||
|
||||
{
|
||||
char hd[MD5_HEXDIGEST_LEN + 1] = {0};
|
||||
|
||||
md5_hexdigest(zeroes, 16, hd);
|
||||
printf("%s\n", hd);
|
||||
}
|
||||
|
||||
{
|
||||
ssize_t len;
|
||||
char token[TOKEN_MAX];
|
||||
|
||||
len = read_token("foo", 0, 4, token, sizeof(token));
|
||||
if (-1 != len) {
|
||||
printf("rut roh\n");
|
||||
} else {
|
||||
printf("Good.\n");
|
||||
}
|
||||
}
|
||||
|
||||
return 0;
|
||||
}
|
|
@ -12,13 +12,18 @@
|
|||
#define CTF_BASE "/var/lib/ctf"
|
||||
#endif
|
||||
|
||||
/*
|
||||
*
|
||||
* ARC-4 stuff
|
||||
*
|
||||
*/
|
||||
|
||||
struct arc4_ctx {
|
||||
uint8_t S[256];
|
||||
uint8_t i;
|
||||
uint8_t j;
|
||||
};
|
||||
|
||||
|
||||
#define swap(a, b) do {int _swap=a; a=b, b=_swap;} while (0)
|
||||
|
||||
void
|
||||
|
@ -39,29 +44,28 @@ arc4_init(struct arc4_ctx *ctx, uint8_t const *key, size_t keylen)
|
|||
ctx->j = 0;
|
||||
}
|
||||
|
||||
uint8_t
|
||||
arc4_out(struct arc4_ctx *ctx)
|
||||
{
|
||||
ctx->i = (ctx->i + 1) % 256;
|
||||
ctx->j = (ctx->j + ctx->S[ctx->i]) % 256;
|
||||
swap(ctx->S[ctx->i], ctx->S[ctx->j]);
|
||||
return ctx->S[(ctx->S[ctx->i] + ctx->S[ctx->j]) % 256];
|
||||
}
|
||||
|
||||
void
|
||||
arc4_crypt(struct arc4_ctx *ctx,
|
||||
uint8_t *obuf, uint8_t const *ibuf, size_t buflen)
|
||||
uint8_t *obuf, const uint8_t *ibuf, size_t buflen)
|
||||
{
|
||||
int i = ctx->i;
|
||||
int j = ctx->j;
|
||||
size_t k;
|
||||
|
||||
for (k = 0; k < buflen; k += 1) {
|
||||
uint8_t mask;
|
||||
|
||||
i = (i + 1) % 256;
|
||||
j = (j + ctx->S[i]) % 256;
|
||||
swap(ctx->S[i], ctx->S[j]);
|
||||
mask = ctx->S[(ctx->S[i] + ctx->S[j]) % 256];
|
||||
obuf[k] = ibuf[k] ^ mask;
|
||||
obuf[k] = ibuf[k] ^ arc4_out(ctx);
|
||||
}
|
||||
ctx->i = i;
|
||||
ctx->j = j;
|
||||
}
|
||||
|
||||
void
|
||||
arc4_crypt_buffer(uint8_t const *key, size_t keylen,
|
||||
arc4_crypt_buffer(const uint8_t *key, size_t keylen,
|
||||
uint8_t *buf, size_t buflen)
|
||||
{
|
||||
struct arc4_ctx ctx;
|
||||
|
@ -70,6 +74,11 @@ arc4_crypt_buffer(uint8_t const *key, size_t keylen,
|
|||
arc4_crypt(&ctx, buf, buf, buflen);
|
||||
}
|
||||
|
||||
/*
|
||||
*
|
||||
*/
|
||||
|
||||
|
||||
|
||||
ssize_t
|
||||
read_token_fd(int fd,
|
||||
|
|
|
@ -8,13 +8,6 @@
|
|||
#define TOKEN_MAX 80
|
||||
|
||||
/* ARC4 functions, in case anybody wants 'em */
|
||||
struct arc4_ctx;
|
||||
void arc4_init(struct arc4_ctx *ctx,
|
||||
uint8_t const *key, size_t keylen);
|
||||
void arc4_crypt(struct arc4_ctx *ctx,
|
||||
uint8_t *obuf, uint8_t const *ibuf, size_t buflen);
|
||||
void arc4_crypt_buffer(uint8_t const *key, size_t keylen,
|
||||
uint8_t *buf, size_t buflen);
|
||||
|
||||
ssize_t read_token_fd(int fd,
|
||||
uint8_t const *key, size_t keylen,
|
||||
|
|
|
@ -0,0 +1,18 @@
|
|||
CTFBASE_PKGDIR = $(TARGET)/ctfbase
|
||||
|
||||
ctfbase-install: ctfbase-build
|
||||
mkdir -p $(CTFBASE_PKGDIR)/bin/
|
||||
|
||||
$(call COPYTREE, packages/ctfbase/service, $(CTFBASE_PKGDIR)/service)
|
||||
|
||||
cp packages/ctfbase/src/tokencli $(CTFBASE_PKGDIR)/bin/
|
||||
cp packages/ctfbase/src/arc4 $(CTFBASE_PKGDIR)/bin/
|
||||
|
||||
ctfbase-clean:
|
||||
rm -rf $(CTFBASE_PKGDIR)
|
||||
$(MAKE) -C packages/ctfbase/src clean
|
||||
|
||||
ctfbase-build:
|
||||
$(MAKE) -C packages/ctfbase/src build
|
||||
|
||||
PACKAGES += ctfbase
|
|
@ -1,6 +1,7 @@
|
|||
#! /bin/sh
|
||||
|
||||
while true; do
|
||||
# Get new tokens
|
||||
for dn in /opt/*/tokens/*; do
|
||||
[ -d $dn ] || continue
|
||||
puzzle=$(basename $dn)
|
||||
|
@ -9,5 +10,16 @@ while true; do
|
|||
-e /opt/tokens/bin/tokencli $category $dn/category.key 3>&1 | \
|
||||
/opt/tokens/bin/arc4 $dn/enc.key > /var/lib/ctf/tokens/$puzzle
|
||||
done
|
||||
|
||||
# Fetch list of teams
|
||||
wget -q -P /var/lib/ctf http://10.0.0.2/teams.txt &
|
||||
|
||||
# Archive state
|
||||
state=/var/www/state.tar.gz.rc4
|
||||
tar cf - /var/lib/ctf | \
|
||||
gzip -c | \
|
||||
KEY='crashmaster' arc4 > $state.tmp
|
||||
mv $state.tmp $state
|
||||
|
||||
sleep 60
|
||||
done
|
|
@ -0,0 +1,12 @@
|
|||
#! /bin/sh -e
|
||||
|
||||
exec 2>&1
|
||||
|
||||
# Set up networking for all CTF ip
|
||||
ip link set eth0 up
|
||||
if ! ip route | grep -q default; then
|
||||
ip route add default via 10.0.0.1 || exit 1
|
||||
fi
|
||||
|
||||
install -o root -m 0755 -d /var/lib/ctf/tokens
|
||||
exec ./ctfd
|
|
@ -1,6 +1,7 @@
|
|||
build: tokencli arc4
|
||||
|
||||
arc4: arc4.o arc4-main.o
|
||||
arc4: arc4.c
|
||||
$(CC) $(CFLAGS) $(LDFLAGS) -DARC4_MAIN -o $@ $<
|
||||
|
||||
tokencli: tokencli.o arc4.o
|
||||
|
|
@ -0,0 +1,4 @@
|
|||
#! /bin/sh
|
||||
|
||||
IP=$(cat ip.txt)
|
||||
ip addr del $IP dev eth0
|
|
@ -0,0 +1 @@
|
|||
10.0.0.14/24
|
|
@ -1,4 +1,6 @@
|
|||
#! /bin/sh
|
||||
#! /bin/sh -e
|
||||
|
||||
exec 2>&1
|
||||
exec tcpsvd 0 4104 /opt/logger/bin/logger
|
||||
IP=$(cat ip.txt)
|
||||
ip addr add $IP label eth0:logger dev eth0
|
||||
exec tcpsvd ${IP#/*} 1958 /opt/logger/bin/logger
|
||||
|
|
|
@ -1,10 +1,34 @@
|
|||
#include <sys/select.h>
|
||||
/** logger.c - generate fake log messages (part of dirtbags CTF)
|
||||
*
|
||||
* Author: Neale Pickett <neale@lanl.gov>
|
||||
*
|
||||
* This software has been authored by an employee or employees of Los
|
||||
* Alamos National Security, LLC, operator of the Los Alamos National
|
||||
* Laboratory (LANL) under Contract No. DE-AC52-06NA25396 with the
|
||||
* U.S. Department of Energy. The U.S. Government has rights to use,
|
||||
* reproduce, and distribute this software. The public may copy,
|
||||
* distribute, prepare derivative works and publicly display this
|
||||
* software without charge, provided that this Notice and any statement
|
||||
* of authorship are reproduced on all copies. Neither the Government
|
||||
* nor LANS makes any warranty, express or implied, or assumes any
|
||||
* liability or responsibility for the use of this software. If
|
||||
* software is modified to produce derivative works, such modified
|
||||
* software should be clearly marked, so as not to confuse it with the
|
||||
* version available from LANL.
|
||||
*/
|
||||
|
||||
|
||||
#include <time.h>
|
||||
#include <stdlib.h>
|
||||
#include <stdio.h>
|
||||
#include <stdint.h>
|
||||
#include <string.h>
|
||||
|
||||
#ifdef STANDALONE
|
||||
# define TOKEN_MAX 50
|
||||
#else
|
||||
# include "token.h"
|
||||
#endif
|
||||
|
||||
#define PID_MAX 32768
|
||||
#define QSIZE 200
|
||||
|
@ -27,12 +51,16 @@ read_tokens()
|
|||
char name[40];
|
||||
|
||||
for (i = 0; i < sizeof(token)/sizeof(*token); i += 1) {
|
||||
#ifdef STANDALONE
|
||||
strcpy(token[i], "logger:xylep-donut-nanox");
|
||||
#else
|
||||
/* This can't grow beyond 40. Think about it. */
|
||||
sprintf(name, "logger%d", i);
|
||||
|
||||
len = read_token(name, key, sizeof(key), token[i], sizeof(token[i]));
|
||||
if ((-1 == len) || (len >= sizeof(token[i]))) abort();
|
||||
token[i][len] = '\0';
|
||||
#endif
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
@ -6,9 +6,7 @@ mcp-install: mcp-build
|
|||
$(call COPYTREE, packages/mcp/bin, $(MCP_PKGDIR)/bin)
|
||||
cp packages/mcp/src/in.tokend $(MCP_PKGDIR)/bin/
|
||||
cp packages/mcp/src/pointscli $(MCP_PKGDIR)/bin/
|
||||
cp packages/mcp/src/tokencli $(MCP_PKGDIR)/bin/
|
||||
cp packages/mcp/src/puzzles.cgi $(MCP_PKGDIR)/bin/
|
||||
cp packages/mcp/src/arc4 $(MCP_PKGDIR)/bin/
|
||||
|
||||
$(call COPYTREE, packages/mcp/service, $(MCP_PKGDIR)/service)
|
||||
|
||||
|
|
|
@ -1,8 +0,0 @@
|
|||
#! /bin/sh -e
|
||||
|
||||
hostname mcp
|
||||
|
||||
ifconfig eth0 10.0.0.2 netmask 255.255.0.0
|
||||
route add default gw 10.0.0.1
|
||||
|
||||
exec inotifyd true $(pwd):x
|
|
@ -41,6 +41,8 @@ Control {
|
|||
}
|
||||
|
||||
Server {
|
||||
Address 10.0.0.2
|
||||
|
||||
Virtual {
|
||||
AnyHost
|
||||
Control {
|
||||
|
|
|
@ -2,6 +2,8 @@
|
|||
|
||||
exec 2>&1
|
||||
|
||||
ip addr add 10.0.0.2/24 label eth0:mcp dev eth0
|
||||
|
||||
DB=/var/lib/ctf/tokens.db
|
||||
|
||||
if [ ! -f $DB ]; then
|
||||
|
|
|
@ -1,13 +1,13 @@
|
|||
CFLAGS = -Wall -Werror
|
||||
TARGETS = in.tokend tokencli claim.cgi
|
||||
TARGETS = in.tokend claim.cgi
|
||||
TARGETS += puzzler.cgi puzzles.cgi
|
||||
TARGETS += pointscli mktoken arc4
|
||||
TARGETS += pointscli mktoken
|
||||
|
||||
all: build
|
||||
|
||||
build: $(TARGETS)
|
||||
|
||||
in.tokend: in.tokend.o arc4.o common.o
|
||||
in.tokend: in.tokend.o arc4.o md5.o common.o
|
||||
tokencli: tokencli.o arc4.o
|
||||
pointscli: pointscli.o common.o
|
||||
mktoken: mktoken.o common.o
|
||||
|
|
|
@ -1 +0,0 @@
|
|||
../../tokens/src/arc4-main.c
|
|
@ -0,0 +1 @@
|
|||
../../../include/md5.c
|
|
@ -0,0 +1 @@
|
|||
../../../include/md5.h
|
|
@ -1 +0,0 @@
|
|||
../../tokens/src/tokencli.c
|
|
@ -0,0 +1,3 @@
|
|||
#! /bin/sh
|
||||
|
||||
echo 'Try UDP.'
|
|
@ -0,0 +1,5 @@
|
|||
#! /bin/sh -e
|
||||
|
||||
IP=$(cat ../octopus/ip.txt)
|
||||
sv s octopus >/dev/null || exit 1
|
||||
exec tcpsvd ${IP#/*} 8888 ./octopus-redirect
|
|
@ -0,0 +1,4 @@
|
|||
#! /bin/sh
|
||||
|
||||
IP=$(cat ip.txt)
|
||||
ip addr del $IP dev eth0
|
|
@ -0,0 +1 @@
|
|||
10.0.0.8/24
|
|
@ -1,4 +1,6 @@
|
|||
#! /bin/sh
|
||||
#! /bin/sh -e
|
||||
|
||||
exec 2>&1
|
||||
exec /opt/octopus/bin/octopus
|
||||
IP=$(cat ip.txt)
|
||||
ip addr add $IP label eth0:octopus dev eth0
|
||||
exec /opt/octopus/bin/octopus ${IP%/*}
|
||||
|
|
|
@ -194,17 +194,17 @@ struct bound_port {
|
|||
} bound_ports[PORTS];
|
||||
|
||||
int
|
||||
bind_port(int fd, uint16_t port) {
|
||||
struct sockaddr_in addr;
|
||||
bind_port(struct in_addr *addr, int fd, uint16_t port) {
|
||||
struct sockaddr_in saddr;
|
||||
|
||||
addr.sin_family = AF_INET;
|
||||
addr.sin_port = htons(port);
|
||||
addr.sin_addr.s_addr = INADDR_ANY;
|
||||
return bind(fd, (struct sockaddr *)&addr, sizeof(addr));
|
||||
saddr.sin_family = AF_INET;
|
||||
saddr.sin_port = htons(port);
|
||||
memcpy(&saddr.sin_addr.s_addr, addr, sizeof(struct in_addr));
|
||||
return bind(fd, (struct sockaddr *)&saddr, sizeof(saddr));
|
||||
}
|
||||
|
||||
int
|
||||
rebind()
|
||||
rebind(struct in_addr *addr)
|
||||
{
|
||||
static int offset = 0;
|
||||
char token[200];
|
||||
|
@ -235,7 +235,7 @@ rebind()
|
|||
bound_ports[i + offset].fd = socket(PF_INET, SOCK_DGRAM, 0);
|
||||
do {
|
||||
port = (random() % 56635) + 10000;
|
||||
ret = bind_port(bound_ports[i + offset].fd, port);
|
||||
ret = bind_port(addr, bound_ports[i + offset].fd, port);
|
||||
} while (-1 == ret);
|
||||
|
||||
/* Set the last guy's port number */
|
||||
|
@ -340,12 +340,22 @@ main(int argc, char *argv[])
|
|||
int ret;
|
||||
int i;
|
||||
time_t last = time(NULL);
|
||||
struct in_addr addr;
|
||||
|
||||
/* The random seed isn't super important here. */
|
||||
srand(8);
|
||||
srand(last);
|
||||
|
||||
if (argc > 1) {
|
||||
if (-1 == inet_aton(argv[1], &addr)) {
|
||||
fprintf(stderr, "invalid address: %s\n", argv[1]);
|
||||
return EX_IOERR;
|
||||
}
|
||||
} else {
|
||||
addr.s_addr = INADDR_ANY;
|
||||
}
|
||||
|
||||
bound_ports[0].fd = socket(PF_INET, SOCK_DGRAM, 0);
|
||||
ret = bind_port(bound_ports[0].fd, 8888);
|
||||
ret = bind_port(&addr, bound_ports[0].fd, 8888);
|
||||
if (-1 == ret) {
|
||||
perror("bind port 8888");
|
||||
return EX_IOERR;
|
||||
|
@ -354,7 +364,7 @@ main(int argc, char *argv[])
|
|||
for (i = 1; i < PORTS; i += 1) {
|
||||
bound_ports[i].fd = -1;
|
||||
}
|
||||
if (-1 == rebind()) {
|
||||
if (-1 == rebind(&addr)) {
|
||||
perror("initial binding");
|
||||
return EX_IOERR;
|
||||
}
|
||||
|
@ -364,7 +374,7 @@ main(int argc, char *argv[])
|
|||
|
||||
if (last + 4 < now) {
|
||||
last = now;
|
||||
if (-1 == rebind()) break;
|
||||
if (-1 == rebind(&addr)) break;
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
@ -0,0 +1,4 @@
|
|||
#! /bin/sh
|
||||
|
||||
IP=$(cat ip.txt)
|
||||
ip addr del $IP dev eth0
|
|
@ -0,0 +1 @@
|
|||
10.0.0.91
|
|
@ -1,11 +1,14 @@
|
|||
#! /bin/sh
|
||||
#! /bin/sh -e
|
||||
|
||||
exec 2>&1
|
||||
|
||||
IP=$(cat ip.txt)
|
||||
ip addr add $IP label eth0:printf dev eth0
|
||||
|
||||
# So I say to him, "Alex, what's a good high port number for a CTF category?"
|
||||
# And he says, "6"
|
||||
# And I say, "no, it has to be bigger than 1000"
|
||||
# And he says, "how about 9001, because that's bigger than 9000"
|
||||
# So, okay.
|
||||
# Okay.
|
||||
|
||||
exec tcpsvd 0 9001 ./run-printf
|
||||
exec tcpsvd ${IP#/*} 9001 ./run-printf
|
||||
|
|
|
@ -1,11 +0,0 @@
|
|||
#! /bin/sh
|
||||
|
||||
if [ -d /opt/mcp ]; then
|
||||
sv d .
|
||||
exit
|
||||
fi
|
||||
|
||||
hostname pwnables
|
||||
ifconfig eth0 10.0.0.10 netmask 255.255.0.0
|
||||
route add default gw 10.0.0.1
|
||||
exec inotifyd true $(pwd):x
|
|
@ -0,0 +1,4 @@
|
|||
#! /bin/sh
|
||||
|
||||
IP=$(cat ip.txt)
|
||||
ip addr del $IP dev eth0
|
|
@ -0,0 +1 @@
|
|||
10.0.0.3/24
|
|
@ -1,5 +1,9 @@
|
|||
#! /bin/sh -e
|
||||
|
||||
# Configure IP address
|
||||
IP=$(cat ip.txt)
|
||||
ip addr add $IP label eth0:pwnables dev eth0
|
||||
|
||||
# Set up chroot environment
|
||||
# We never umount any of this since it's all just in RAM
|
||||
mkdir -p /mnt/pwnables-root
|
||||
|
|
|
@ -1,3 +0,0 @@
|
|||
#! /bin/sh
|
||||
|
||||
exec logger -t sshd
|
Binary file not shown.
|
@ -1,10 +0,0 @@
|
|||
#! /bin/sh
|
||||
|
||||
exec 2>&1
|
||||
|
||||
if [ -d /opt/mcp ]; then
|
||||
sv d .
|
||||
exit
|
||||
fi
|
||||
|
||||
exec dropbear -r ./rsa.key -E -F
|
|
@ -0,0 +1,27 @@
|
|||
RLYEH_PKGDIR = $(TARGET)/rlyeh
|
||||
RLYEH_BUILDDIR = $(BUILD)/rlyeh
|
||||
RLYEH_TAR = $(CACHE)/rlyeh.tar.gz
|
||||
RLYEH_URL = "http://woozle.org/~neale/gitweb.cgi?p=rlyeh;a=snapshot;h=master;sf=tgz"
|
||||
|
||||
$(RLYEH_TAR):
|
||||
@ mkdir -p $(@D)
|
||||
wget -O $@ $(RLYEH_URL)
|
||||
|
||||
rlyeh-source: $(RLYEH_BUILDDIR)/rlyeh
|
||||
$(RLYEH_BUILDDIR)/rlyeh: $(RLYEH_TAR)
|
||||
mkdir -p $(RLYEH_BUILDDIR)
|
||||
zcat $(RLYEH_TAR) | (cd $(RLYEH_BUILDDIR) && tar xf -)
|
||||
|
||||
rlyeh-build: rlyeh-source
|
||||
$(MAKE) -C $(RLYEH_BUILDDIR)/rlyeh
|
||||
|
||||
rlyeh-install: rlyeh-build
|
||||
mkdir -p $(RLYEH_PKGDIR)/bin
|
||||
cp $(RLYEH_BUILDDIR)/rlyeh/rlyeh $(RLYEH_PKGDIR)/bin
|
||||
|
||||
$(call COPYTREE, packages/rlyeh/service, $(RLYEH_PKGDIR)/service)
|
||||
|
||||
rlyeh-clean:
|
||||
rm -rf $(RLYEH_BUILDDIR)
|
||||
|
||||
PACKAGES += rlyeh
|
|
@ -0,0 +1,4 @@
|
|||
#! /bin/sh
|
||||
|
||||
read IP < ip.txt
|
||||
ip addr del $IP dev eth0
|
|
@ -0,0 +1 @@
|
|||
10.0.0.28/24
|
|
@ -0,0 +1,42 @@
|
|||
#! /bin/sh
|
||||
|
||||
base=${CTF_BASE:-/var/lib/ctf}
|
||||
|
||||
read -p "Team password: " -r teamhash
|
||||
|
||||
if ! KEY='Too much cheese.' arc4 < $base/teams.txt | grep -q -F -e "$teamhash"; then
|
||||
echo 'No such team.'
|
||||
exit
|
||||
fi
|
||||
|
||||
cd $base/rlyeh
|
||||
|
||||
if [ -f $teamhash ]; then
|
||||
now=$(date +%s)
|
||||
ts=$(stat -c %Y $teamhash)
|
||||
d=$(expr $now - $ts)
|
||||
if [ $d -lt 60 ]; then
|
||||
echo 'You are trying to connect too fast.'
|
||||
exit
|
||||
fi
|
||||
else
|
||||
echo 0 > $teamhash
|
||||
fi
|
||||
read level < $teamhash
|
||||
|
||||
(
|
||||
if ! flock -n 8; then
|
||||
echo 'Your team is already logged in.'
|
||||
exit
|
||||
fi
|
||||
|
||||
echo "Your team is on level $level."
|
||||
echo
|
||||
|
||||
if ./rlyeh $level; then
|
||||
echo "10 points for Gryffindor!"
|
||||
expr $level + 1 > $teamhash
|
||||
else
|
||||
touch $teamhash
|
||||
fi
|
||||
) 8<$teamhash
|
|
@ -0,0 +1,10 @@
|
|||
#! /bin/sh -e
|
||||
|
||||
exec 2>&1
|
||||
read IP < ip.txt
|
||||
ip addr add $IP label eth0:rlyeh dev eth0
|
||||
|
||||
dir=/var/lib/ctf/rlyeh
|
||||
install -o nobody -d $dir
|
||||
|
||||
exec setuidgid nobody tcpsvd ${IP#/*} 1928 ./rlyeh-ctf
|
|
@ -1,5 +0,0 @@
|
|||
#! /bin/sh
|
||||
|
||||
exec 2>&1
|
||||
install -o root -m 0755 -d /var/lib/ctf/tokens
|
||||
exec ./tokens
|
|
@ -1,4 +0,0 @@
|
|||
#! /bin/sh
|
||||
|
||||
cp -r service/* /var/service
|
||||
mkdir -p /var/lib/ctf/tokens
|
|
@ -1,58 +0,0 @@
|
|||
#include <stdint.h>
|
||||
#include <string.h>
|
||||
#include <stdlib.h>
|
||||
#include <stdio.h>
|
||||
#include <sysexits.h>
|
||||
#include "arc4.h"
|
||||
|
||||
int
|
||||
main(int argc, char *argv[])
|
||||
{
|
||||
struct arc4_ctx ctx;
|
||||
|
||||
/* Read key and initialize context */
|
||||
{
|
||||
uint8_t key[256];
|
||||
size_t keylen = 0;
|
||||
char *ekey = getenv("KEY");
|
||||
FILE *f;
|
||||
|
||||
if (argc == 2) {
|
||||
if (! (f = fopen(argv[1], "r"))) {
|
||||
perror(argv[0]);
|
||||
}
|
||||
} else {
|
||||
f = fdopen(3, "r");
|
||||
}
|
||||
|
||||
if (f) {
|
||||
keylen = fread(key, 1, sizeof(key), f);
|
||||
fclose(f);
|
||||
} else if (ekey) {
|
||||
keylen = strlen(ekey);
|
||||
if (keylen > sizeof(key)) {
|
||||
keylen = sizeof(key);
|
||||
}
|
||||
memcpy(key, ekey, keylen);
|
||||
}
|
||||
|
||||
if (0 == keylen) {
|
||||
fprintf(stderr, "Usage: %s [KEYFILE] <PLAINTEXT\n", argv[0]);
|
||||
fprintf(stderr, "\n");
|
||||
fprintf(stderr, "You can also pass in the key on fd 3 or in\n");
|
||||
fprintf(stderr, "$KEY; omit KEYFILE in this case.\n");
|
||||
return EX_IOERR;
|
||||
}
|
||||
arc4_init(&ctx, key, (size_t)keylen);
|
||||
}
|
||||
|
||||
/* Encrypt */
|
||||
while (1) {
|
||||
int c = getchar();
|
||||
|
||||
if (EOF == c) break;
|
||||
putchar(c ^ arc4_pad(&ctx));
|
||||
}
|
||||
|
||||
return 0;
|
||||
}
|
|
@ -1,20 +0,0 @@
|
|||
TOKENS_PKGDIR = $(TARGET)/tokens
|
||||
|
||||
tokens-install: tokens-build
|
||||
mkdir -p $(TOKENS_PKGDIR)/bin/
|
||||
|
||||
$(call COPYTREE, packages/tokens/service, $(TOKENS_PKGDIR)/service)
|
||||
|
||||
cp packages/tokens/setup $(TOKENS_PKGDIR)/
|
||||
|
||||
cp packages/tokens/src/tokencli $(TOKENS_PKGDIR)/bin/
|
||||
cp packages/tokens/src/arc4 $(TOKENS_PKGDIR)/bin/
|
||||
|
||||
tokens-clean:
|
||||
rm -rf $(TOKENS_PKGDIR)
|
||||
$(MAKE) -C packages/tokens/src clean
|
||||
|
||||
tokens-build:
|
||||
$(MAKE) -C packages/tokens/src build
|
||||
|
||||
PACKAGES += tokens
|
Loading…
Reference in New Issue