Cryptography/Steganography Cracking Contest 2011 Now Open
30 August, 2011 - 00:44 — RaTSOLDIERX proudly presents the official 2011 Cryptography/Steganography Contest. This contest will run from August 30, 2011 until December 31, 2011. At the moment anybody who can complete all of the challenges of this contest will get free VIP and a shirt. If only one person is able to complete the contest, we will be awarding a large prize (to be disclosed in the future). While multiple people may complete the contest, we think there is also the possibility that nobody will complete the challenges. Seriously, this is the toughest contest that SX has ever had. Please check it out by visiting https://www.soldierx.com/CryptographySteganography-Cracking-Contest-2011. If we have enough interest in this contest, we will create similar contests covering other areas of computer security.
Stream Inspector 0.1 Released
19 August, 2011 - 21:13 — KayinStream Inspector is a code library + example .exe that will detect a file type based on the contents of the file by using "magic bytes". The code library is intended to be used in other applications such as network sniffers to detect file transfers on the wire. Available now in the SX Labs.
Libhijack 0.5.2 Released
15 August, 2011 - 18:12 — latteraI've fixed a bug with 64bit processes. The bugfix changed the main HIJACK structure, so please rebuild your applications when linking with libhijack 0.5.2. If you don't, you could see mysterious bugs. The Makefile is also dynamic, so now you don't need to edit it if you're compiling on 64bit. Download the tarball from its usual spot on GitHub and on SoldierX Labs.
DES_GEN Proof of Concept Released
12 August, 2011 - 23:00 — EverestXDES_GEN was written as a POC for a specific application that shall remain nameless (cough, major firewall, cough). The belief at the company was that cracking DES requires custom hardware (See EFF's US$250,000 DES cracking machine), so the vendor refused to update to newer methods of password storage. DES_GEN is a single threaded x86 based slap in the face for that company (written in perl none the less). If that company is watching - yes, a dictionary file and some fairly weak mutations cracked your root password in 46 minutes. Available now in the SX Labs.
Libhijack 0.5.1 Released
9 August, 2011 - 21:05 — latteraI absolutely love the nature of opensource: anyone can check your code for errors and patch any bugs. After talking a little with a random developer who's interested in libhijack, he found a bug where I'm accessing a variable after calling free() on it. The fix was simple and he provided a patch for it. I'm releasing version 0.5.1 of libhijack today to fix the bug. It's a minor release. I'd recommend everyone to use this release rather than 0.5 formal.
You can find libhijack at its usual spot on SX Labs.
Libhijack 0.5 Released - Live From Defcon 19
5 August, 2011 - 22:43 — latteraLibhijack 0.5 has been released! This is an exciting major milestone release. The major features in this release include:
Uncached function searching
Hijacking within shared objects
This release has broken two external API calls:
MapMemory
FindFunctionInGot
You'll need to pay attention to any code you've written to make sure it still works. The above API calls are completely working, but the function prototypes have changed. I've worked very hard for this release and I hope it's bug-free. I've plugged quite a few memory leaks. Check out the Texts page on 0xfeedface.org's site for the Defcon presentation slides.
