tag:blogger.com,1999:blog-1186045943589514752.post9179071898310841549..comments2015-11-23T12:14:06.832-08:00Comments on GCHQ CanYouCrackIt Solution explained: How to solve the GCHQ challengeDr Gareth Owenhttp://www.blogger.com/profile/13286124564196198067noreply@blogger.comBlogger35125tag:blogger.com,1999:blog-1186045943589514752.post-65112898718207714372015-11-23T12:14:06.832-08:002015-11-23T12:14:06.832-08:00I'll take it that you didn't apply...I'll take it that you didn't apply...DavidMhttps://www.blogger.com/profile/04763814397661540815noreply@blogger.comtag:blogger.com,1999:blog-1186045943589514752.post-23937736977779936772015-10-28T13:00:07.487-07:002015-10-28T13:00:07.487-07:00This article was written by a real thinking writer... This article was written by a real thinking writer. I agree many of the the solid points made by the writer. I’ll be back.<br /><a href="http://goldwebservices.com/" rel="nofollow">SEO services pakistan</a>james brownnhttps://www.blogger.com/profile/02028427553636467260noreply@blogger.comtag:blogger.com,1999:blog-1186045943589514752.post-66463314638197309212014-03-05T02:59:46.223-08:002014-03-05T02:59:46.223-08:00I agree with all of the points about save our webs...I agree with all of the points about save our website of gchq challenge.Thanks for sharing this.<br /><br /><a href="https://www.igel.com/us" rel="nofollow">Windows Thin Client</a> & <a href="https://www.igel.com/us/solutions/access-to-server-based-applications/microsoft-remote-desktop-services-rds.html" rel="nofollow">Citrix Thin Client</a>Anonymoushttps://www.blogger.com/profile/06233699974657004533noreply@blogger.comtag:blogger.com,1999:blog-1186045943589514752.post-21695452207370780262012-02-10T21:19:55.743-08:002012-02-10T21:19:55.743-08:00You really make it seem so easy with your presenta...<b>You really make it seem so easy with your presentation but I find this topic to be really something that I think I would never understand. It seems too complex and very broad for me. I'm looking forward for your next post, I’ll try to get the hang of it!</b><br><a href="https://sites.google.com/a/bestbuy.bestlowbuy.d0ki.com/where-to-buy-sheets-bedding-sportinggoods-on-sale/buy-cheap-michigan-printed-sheet-set-full--solid---michigan-wolverines" rel="nofollow">Michigan Printed Sheet Set Full -Solid - Michigan Wolverines</a>Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-1186045943589514752.post-89312675326337372442011-12-23T13:30:06.766-08:002011-12-23T13:30:06.766-08:00Great job dr. gareth i enjoyed your presentation. ...Great job dr. gareth i enjoyed your presentation. I liked how you cut the asm as well. keep smashingthestack.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-1186045943589514752.post-84235832372899041432011-12-11T17:52:22.688-08:002011-12-11T17:52:22.688-08:00(But all the same, awesome solution Dr Owen)(But all the same, awesome solution Dr Owen)El Sachinohttps://www.blogger.com/profile/03532145619013638210noreply@blogger.comtag:blogger.com,1999:blog-1186045943589514752.post-65195111291809846502011-12-11T17:50:47.925-08:002011-12-11T17:50:47.925-08:00First step's to see if GHCQ have been lazy... ...First step's to see if GHCQ have been lazy... which they have. Checking for a sitemap via google:<br /><br />site:www.canyoucrackit.co.uk<br /><br />The text file containing the keyword comes up. Disappointing.El Sachinohttps://www.blogger.com/profile/03532145619013638210noreply@blogger.comtag:blogger.com,1999:blog-1186045943589514752.post-81253117167465998422011-12-09T00:43:59.842-08:002011-12-09T00:43:59.842-08:00Yes please don't take any code here as an exam...Yes please don't take any code here as an example how to code - it was typed purely with the aim of solving the puzzle quickly. The VM code is particularly poorly written - I wrote it side by side against the spec giving no real consideration to readability or good structure - writing it quickly was the only goal.Dr Gareth Owenhttps://www.blogger.com/profile/13286124564196198067noreply@blogger.comtag:blogger.com,1999:blog-1186045943589514752.post-54716626719268035632011-12-08T23:41:13.002-08:002011-12-08T23:41:13.002-08:00Many thanks, Gareth. I know that it's non-stan...Many thanks, Gareth. I know that it's non-standard or heretical usage, but personally I find that by avoiding single line unbraced conditional statements; by verbosely spelling out all non-trivial else conditions; by placing matching braces directly under one-another (rather than at the end of the line and below); and by commenting distant end braces, it makes debugging and understanding a whole lot easier -- especially if you have really deeply nested and complex, "evolving" code.Etienne de LAmourhttps://www.blogger.com/profile/16291731924515126757noreply@blogger.comtag:blogger.com,1999:blog-1186045943589514752.post-78897467364006009602011-12-08T14:51:21.034-08:002011-12-08T14:51:21.034-08:00I've also uploaded a new C file implementing t...I've also uploaded a new C file implementing the VM code - much cleaner and clearer.Dr Gareth Owenhttps://www.blogger.com/profile/13286124564196198067noreply@blogger.comtag:blogger.com,1999:blog-1186045943589514752.post-48723703883968181862011-12-08T14:39:46.900-08:002011-12-08T14:39:46.900-08:00Thanks folks - made those two corrections.Thanks folks - made those two corrections.Dr Gareth Owenhttps://www.blogger.com/profile/13286124564196198067noreply@blogger.comtag:blogger.com,1999:blog-1186045943589514752.post-71558900139320282852011-12-08T06:49:17.128-08:002011-12-08T06:49:17.128-08:00Thanks guys - I'll try to do a fix later this ...Thanks guys - I'll try to do a fix later this evening.Dr Gareth Owenhttps://www.blogger.com/profile/13286124564196198067noreply@blogger.comtag:blogger.com,1999:blog-1186045943589514752.post-20925769430716546202011-12-08T04:52:17.303-08:002011-12-08T04:52:17.303-08:00// *jmpe r1*
// => if (fl == 0) jmp r1
// ...// *jmpe r1*<br />// => if (fl == 0) jmp r1<br />// else nop<br /><br />Also $gregs[DS] = $op2; instead of [CS].Etienne de LAmourhttps://www.blogger.com/profile/16291731924515126757noreply@blogger.comtag:blogger.com,1999:blog-1186045943589514752.post-66466258654973263932011-12-08T04:07:46.945-08:002011-12-08T04:07:46.945-08:00Your PHP vm does not calculate instruction length ...Your PHP vm does not calculate instruction length correctly for untaken jmpes -- you were lucky the code only uses short ones.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-1186045943589514752.post-67863531375472550502011-12-07T04:05:38.575-08:002011-12-07T04:05:38.575-08:00Hope so, Gareth. I don't know why I hadn't...Hope so, Gareth. I don't know why I hadn't even thought of writing my own VM in php or js, and not at all happy about using other folks' code. Will have a go in php and see if I can get a better understanding of what's going on. Regards ~ ET.Etienne de LAmourhttps://www.blogger.com/profile/16291731924515126757noreply@blogger.comtag:blogger.com,1999:blog-1186045943589514752.post-53028533747574149692011-12-07T03:54:57.562-08:002011-12-07T03:54:57.562-08:00Etienne, there's speculation there's more ...Etienne, there's speculation there's more to the puzzle than meets the eye :-)Dr Gareth Owenhttps://www.blogger.com/profile/13286124564196198067noreply@blogger.comtag:blogger.com,1999:blog-1186045943589514752.post-80951603874474013102011-12-07T01:33:37.762-08:002011-12-07T01:33:37.762-08:00Thanks Gareth, Bit disappointed at the challenge, ...Thanks Gareth, Bit disappointed at the challenge, in a way. Was hoping it might offer a number of different routes, with differing resultant keywords, to make it more inter-disciplinary and to sort out the high fliers from the 99.9% of candidates who -- like me -- were "also rans". Was hoping that the exe itself would manipulate the "supposed" keyword sent in the clear ... Nada.Etienne de LAmourhttps://www.blogger.com/profile/16291731924515126757noreply@blogger.comtag:blogger.com,1999:blog-1186045943589514752.post-38295610759443239972011-12-06T14:41:24.368-08:002011-12-06T14:41:24.368-08:00That was an amazing piece of detective work!
As I...That was an amazing piece of detective work!<br /><br />As I'm unfamiliar with that particular machine code, I wouldn't have recognised it as code.<br />Nor would I have recognised the BASE64 encoding.<br /><br />Well done.Phil Rogershttps://www.blogger.com/profile/15173791173834949870noreply@blogger.comtag:blogger.com,1999:blog-1186045943589514752.post-18187682671761773582011-12-06T14:23:12.696-08:002011-12-06T14:23:12.696-08:00Excellent videos. The skills that you've demon...Excellent videos. The skills that you've demonstrated are sadly very rare these days - I know many IT professionals who wouldn't have a clue what you did here, and (correct me if i wrong) i doubt they even teach this stuff any more at University. <br /><br />Sadly computers have become like cars - 99% of users have no idea about the inner workings, yet they drive them every day :(Joehttps://www.blogger.com/profile/17800180829773036802noreply@blogger.comtag:blogger.com,1999:blog-1186045943589514752.post-77160321145806236362011-12-06T12:49:09.681-08:002011-12-06T12:49:09.681-08:00Thank you for the videos. I work in IT but never ...Thank you for the videos. I work in IT but never finished my degree this just motivated me in to getting it done so i would be able to do alot of this sort of thing my self as i find it very intrestingAnonymousnoreply@blogger.comtag:blogger.com,1999:blog-1186045943589514752.post-22637057111035382122011-12-06T09:54:34.419-08:002011-12-06T09:54:34.419-08:00All that brain power and the salary is £31k!!All that brain power and the salary is £31k!!Summerm00nhttps://www.blogger.com/profile/08994284229569054752noreply@blogger.comtag:blogger.com,1999:blog-1186045943589514752.post-24397554838517503192011-12-06T09:47:31.674-08:002011-12-06T09:47:31.674-08:00Hello Gareth!
How many more students do you think...Hello Gareth!<br /><br />How many more students do you think these videos have recruited? If this doesn't act as a good advert for you department ( http://www.gre.ac.uk/schools/engineering/departments/c_and_c ) what does?Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-1186045943589514752.post-88341691726910081712011-12-06T08:33:44.871-08:002011-12-06T08:33:44.871-08:00Nicely presented exposition of the challenge.
The...Nicely presented exposition of the challenge.<br /><br />The problem with the challenge itself is that it contains no real fundamental test of the would-be solver's raw logico-algorithmic thinking capacity or originality. Instead, it concentrates on a mechanical familiarity with interrelationships of various mid-to-low-level hardware and software frameworks. In that sense, it is more of an orienteering challenge than of cryptanalytic insightfulness.Edi MacCohenhttps://www.blogger.com/profile/13249515141736191200noreply@blogger.comtag:blogger.com,1999:blog-1186045943589514752.post-43053610425889614402011-12-06T06:56:19.932-08:002011-12-06T06:56:19.932-08:00Dr Owen,
As a CIT undergrad in the US, I found th...Dr Owen,<br /><br />As a CIT undergrad in the US, I found this extremely challenging compared to traditional war-games such as smash the stack, over the wire, etc... Thanks for the contribution!shephttps://www.blogger.com/profile/16878475956611379086noreply@blogger.comtag:blogger.com,1999:blog-1186045943589514752.post-49316312365924721782011-12-06T04:56:01.901-08:002011-12-06T04:56:01.901-08:00Well done and thanks for the brilliant explanation...Well done and thanks for the brilliant explanation. However, like you say, a rather disappointing end for quite a lot of work!jitsukihttps://www.blogger.com/profile/14896778050292562407noreply@blogger.com