Whoever is jobless in germany, here is your chance :3

[LResn]

I just noticed that our "BND" (Bundesnachrichtendienst), equal to the NSA searches for some qualified Reverse Engineers and uploaded 3 Challenges to RE that are required to apply for the job.

I haven't done them so far, but the first one is .NET and looks super easy.

 

If you want to give it a try here is the article:

http://www.bnd.bund.de/DE/Karriere/Reversing_Challenge/Reversing_Challenge_node.html

And here is the direct downloadlink for the Challenges:

http://www.bnd.bund.de/DE/Karriere/Reversing_Challenge/ZIP_Challenge.zip?__blob=publicationFile&v=2

 

Have fun :3

Edited August 24, 2016 by LResn

[kao]

I guess non-Germans shouldn't apply? :-D

 

[Artic]

@kao i think you can still participate, when you are good enough, they will pick you anyway.

[JohnWho]

If you are Russian or American you will naturally come first in line

[Kurapica]

So Russians and Americans have a preferential treatment ?

 

Edited August 24, 2016 by Kurapica

[samoray]

@Kurapica: your kid has very good talent with painting 

[Kurapica]

Can someone who understands German translate this to understandable English ?

Quote

Unser Urlauber hat sich die nächste Version des Lösegeldtrojaners eingefangen.
Diesmal liegt uns nur die Verschlüsselungskomponente vor.

 

danke

[LResn]

28 minutes ago, Kurapica said:

Can someone who understands German translate this to understandable English ?

 

danke

Sure  

"Our vacationer got infected with the next version of the "ransom (money) trojan" ( ransom ware ). This time we have only the encryption component/This time there is only the encryption component available."

My english is bad but I guess it's enough for you to understand it

(In case you did not understand :stupid:)

You will have to build the decryption routine by understanding the encryption and building its inverse.

Edited August 24, 2016 by LResn

[Kurapica]

Thanks, now it makes more sense !

[LResn]

Kurapica if you get hired I want you to see how to break my ransom ware. Encryption is AES and the AES key is encrypted with RSA. The RSA public and private key are generated on my server and the pub key gets send to the victim so it never has the private key. BREAK IT

Edited August 24, 2016 by LResn

[crystalboy]

30 minutes ago, LResn said:

Kurapica if you get hired I want you to see how to break my ransom ware. Encryption is AES and the AES key is encrypted with RSA. The RSA public and private key are generated on my server and the pub key gets send to the victim so it never has the private key. BREAK IT

If you encrypt your AES key with RSA private key public key will be enough to unencrypt it. The victim will receive your public key from the server and your AES key will be available. Once that you got AES key files can be easily unencrypted.

Edited August 24, 2016 by crystalboy

[LResn]

11 minutes ago, crystalboy said:

If you encrypt your AES key with RSA private key public key will be enough to unencrypt it. The victim will receive your public key from the server and your AES key will be available. Once that you got AES key files can be easily unencrypted.

But I never said that I encrypt the AES key with the private key, did I? Read again what I wrote

[Kurapica]

"Encrypt" with the private key, "decrypt" with the public key.

he encrypts the AES key with the private key on his server.

I will not be hired anyway so I'm just having fun  

[LResn]

18 minutes ago, Kurapica said:

"Encrypt" with the private key, "decrypt" with the public key.

he encrypts the AES key with the private key on his server.

I will not be hired anyway so I'm just having fun  

No.

1) evil.exe gets executed

2) evil.exe generates AES key and encrypts all files.

3) evil.exe sends to server "hi i need a key"

4) server generates rsa private and public key and sends the public key to victim and saves the private key in a db.

5) evil.exe encrypts the generated aes key with the received public key

Without the private key it is now impossible to decrypt the aes key. However I was just kidding, I have not implemented such thing because everyone who uses ransomware may go to hell.

 

Oh and kurapica - are the Challenges "hard" ?

Edited August 24, 2016 by LResn

[Kurapica]

 

No, not hard.

I finished the first and started coding the decryption for the 2nd one.

No idea if I will complete this

Spoiler

evil expects 3 params or it will exit ...

evil.exe --Param1 --inFile --OutFile

Param1 : should be of 32 hex digits, Example : AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

inFile : Create a text file  with some words and give it a name of 32 chars, each 2 char represent a hex number of 2 digits like this : BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB

OutFile : same rule for inFile, will contain the encrypted data.

Make sure to set these variables in your debugger, for x64dbg I used

"..\evil.exe" "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" "BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB" "CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC"

 

 

[Kurapica]

Any one managed to solve part 2 ?

I wrote a decryption tool which works on all files except the file they provided in the challenge.

they might have modded the "Urlaubsphoto2.png.crypt" file header by hand too !

[LResn]

https://high-minded.net/threads/bnd-reversing-writeup.51755/

maybe translate into english

Edited August 25, 2016 by LResn

[Kurapica]

My mistake was using EBC instead of CBC !

Thanks for the link.