Assignment 4

Type of assignment: This assignment is individual. Students can discuss with others and collaborate while working on the assignment. However, the solution assignments should be submitted individually and proper credits were given. Failure to give proper credits will be considered as plagiarism.

Points: The maximum number of points for this assignment is 30, which will be prorated accordingly after all assignments are posted. Weight of each problem is in parenthesis.

Problems

1. For 8 points:

For this problem, you are required to develop a program that “mines” a digital coin. This hypothetical coin is called “CPEN442 coin”, which does not have any monetary value. In order to mine one CPEN442 coin, you have to find a blob of data (a random string or series of bytes), which we refer to as coin_blob, such that the following SHA256 hash (when presented in hexadecimal notation encoded in ASCII) starts with the string “00000000”:

SHA256("CPEN 442 Coin" + "2021" + hash_of_preceding_coin + coin_blob + id_of_miner)

The operator ” + ” represents string concatenation. The strings “CPEN 442 Coin” and “2021” are constant.

Using the SHA256 hash of your student number as id_of_miner (treat the hash as a ASCII string) and “a9c1ae3f4fc29d0be9113a42090a5ef9fdef93f5ec4777a008873972e60bb532”  (treat it as a string) as hash_of_preceding_coin, develop a program that mines one CPEN 442 coin (finds a coin_blob that satisfies the hash condition). You should verify your coin using the “Verify Example Coin” function of the RESTful API available at http://cpen442coin.ece.ubc.ca (refer to this website for the input arguments and return types of the API call).

In your report, briefly describe how your program works, and provide the coin_blob that you found, in base64 encoded format. Also, attach your code as a separate file to your report (put all files, including your report, in a zip archive).


2. For 6 points:

You are asked to reverse engineer two applications (one per task) and extract the required password.

Find your application by prefix (your student id) in this file. Your task is:

(a) (4 points) Find the required password from the application for successful authentication.
(b) (4 points) Devise a patch so that the application will accept any password.

In your report, briefly describe how you found the password and provide the password associated with your student ID. Also, attach the patch file you devised to your report.


3. For 16 points:

Find your application by prefix (your student id) in this file. Your task is to:

(a) (8 points) Find the required password from the application for successful authentication.
(b) (4 points) Create a patch so that the application will accept any password.
(c) (4 points) Create a script/patch or application that allows you to replace the password with any password.

Note that the difference between (b) and (c) is that while it is a permissible solution for (b) to simply skip the password check, it is not the case for (c). For it, password check should take place, but the patch should replace the correct password with the one provided to it.

Similar to Problem 2, briefly describe how you found the password and provide the passwords associated with your student ID. Also attach the patch (b) and the script (c) that you developed.

 

NOTES for problems 2 & 3:

  • For all tasks that you are required to find a password, make sure you report it visibly (do not hide it).
  • If you used existing tools for finding passwords, explain how you used them. In case you developed your own tools for doing problems 2 or 3, explain how they work and provide a link to the source code. Own tools without source code will not be considered as complete work, since we cannot judge on how you accomplished your work.
  • For the patches in tasks 2.b, 3.b, and 3.c, you can use the Dif format (in IDA its in File/Produce File/Create Diff File…).
  • For problem 3 there are two additional DLL files (called libcrypto-1_1.dll and libssl-1_1.dll) in the zip archive. Make sure to keep these dll files in the same folder as your exe file when you execute it. Otherwise, you might encounter missing DLL errors.
  • For all reverse engineering we would recommend you use IDA Pro Freeware version, which is available for download on Hex-Rays website. Alternatively, you can also use Ghidra, OllyDbg, gdb, x64dbg, radare2, or any other tool that you prefer.