Assignment 4

Type of assignment: This is an individual assignment. You are welcome to discuss it with others and consult them but your should solve the problems in this assignment by yourself.

Points: The maximum number of points for this assignment is 30, which will be prorated accordingly after all assignments are posted. Weight of each problem is in parenthesis.

Format: Assignment submissions are accepted in PDF formats only. Assignments submitted in any other format will be discarded without marking and 0 points will be given. All text in the assignment submissions must be typed and figures (if any) plotted to be easy to read and understood.

Format your answer and references in the course assignment template (word, latex, overleaf).

How to Submit: via Canvas.

 

Problems

Problem 1 (8 points)

For this problem, you are required to develop a program that “mines” a digital coin. This hypothetical coin is called “CPEN442 coin”, which does not have any monetary value. In order to mine one CPEN442 coin, you have to find a blob of data (a random string or series of bytes), which we refer to as coin_blob, such that the following SHA256 hash (when presented in hexadecimal notation encoded in ASCII) starts with the string “0000000”:

SHA256("CPEN 442 Coin" + "2020" + hash_of_preceding_coin + coin_blob + id_of_miner)

The operator ” + ” represents string concatenation. The strings “CPEN 442 Coin” and “2020” are constant.

Using the SHA256 hash of your student number (treat the hash as a ASCII string) as id_of_miner and “a9c1ae3f4fc29d0be9113a42090a5ef9fdef93f5ec4777a008873972e60bb532”  (treat it as a string) as hash_of_preceding_coin, develop a program that mines one CPEN 442 coin (finds a coin_blob that satisfies the hash condition). You should verify your coin using the “Verify Example Coin” function of the RESTful API available at http://cpen442coin.ece.ubc.ca (refer to this website for the input arguments and return types of the API calls).

In your report, briefly describe how your program works, and provide the coin_blob that you found in base64 encoded format. Also attach your code as a separate file to your report (put all files, including your report, in a zip archive).


Problem 2 (6 points)

You are asked to reverse engineer two applications (one per task) and extract the required password.

Find your application by prefix (your student id) in this file. Your task is:

(a) (4 points) Find the required password from the application for successful authentication.
(b) (4 points) Devise a patch so that the application will accept any password.

In your report briefly describe how you found the password and provide the password associated with your student ID. Also attach the patch file you devised to your report.


Problem 3 (16 pints)

Find your application by prefix (your student id) in this file. Your task is to:

(a) (8 points) Find the required password from the application for successful authentication.
(b) (4 points) Create a patch so that the application will accept any password.
(c) (4 points) Create a script/patch or application that allows you to replace password with any password.

Similar to Problem 2, briefly describe how you found the password and provide the passwords associated with your student ID. Also attach the patch (b) and the script (c) that you developed.

NOTES for problems 2 & 3:

  • For all tasks that you are required to find a password, make sure you report it visibly (do not hide it).
  • If you used existing tools for finding passwords, explain how you used them. In case you developed your own tools for doing problems 2 or 3, explain how they work and provide a link to the source code. Own tools without source code will not be considered as complete work, since we cannot judge on how you accomplished your work.
  • For the patches in tasks 2.b, 3.b, and 3.c, you can use the Dif format (in IDA its in File/Produce File/Create Diff File…).
  • For problem 3 there are two additional DLL files (called libcrypto-1_1.dll and libssl-1_1.dll) in the zip archive. Make sure to keep these dll files in the same folder as your exe file when you execute it. Otherwise, you might encounter missing DLL errors.
  • For all reverse engineering we would recommend you use IDA Pro Freeware version, which is available for download on Hex-Rays website. Alternatively, you can also use Ghidra, OllyDbg, gdb, x64dbg, radare2, or any other tool that you prefer.