Recover Cleartext Document
Hidden in the Mongo
Instructions in your personal badge:
The Elfscrow Crypto tool is a vital asset used at Elf University for encrypting SUPER SECRET documents. We can’t send you the source, but we do have debug symbols that you can use. Recover the plaintext content for this encrypted document. We know that it was encrypted on December 6, 2019, between 7pm and 9pm UTC. What is the middle line on the cover page? (Hint: it’s five words) For hints on achieving this objective, please visit the NetWars room and talk with Holly Evergreen.
Links in the objective:
First is a Windows executable, which can be used to perform encryption on arbitrary input and observe output. The second is a file for storing debugging information about a the encryption tool itself (this will help you mitigate the lack of access to its source code), and finally the encrypted document which you need to decipher.
For further hints you may approach Holly Evergreen in the NetWars room, but he will only reveal them if you help him solve some issues with his terminal first!
Hey! It’s me, Holly Evergreen! My teacher has been locked out of the quiz database and can’t remember the right solution. Without access to the answer, none of our quizzes will get graded. Can we help get back in to find that solution? I tried lsof -i, but that tool doesn’t seem to be installed. I think there’s a tool like ps that’ll help too. What are the flags I need? Either way, you’ll need to know a teensy bit of Mongo once you’re in. Pretty please find us the solution to the quiz!
Now, you should click on the terminal near Holly and dive into the console to help him recover the quiz material he is after:
Hello dear player! Won't you please come help me get my wish!
I'm searching teacher's database, but all I find are fish!
Do all his boating trips effect some database dilution?
It should not be this hard for me to find the quiz solution!
Find the solution hidden in the MongoDB on this system.
elf@e496ebfb254b:~$ netstat -a -n -o
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State Timer
tcp 0 0 127.0.0.1:12121 0.0.0.0:* LISTEN off (0.00/0/0)
tcp 0 0 127.0.0.1:54372 127.0.0.1:12121 TIME_WAIT timewait (7.43/0/0)
Active UNIX domain sockets (servers and established)
Proto RefCnt Flags Type State I-Node Path
unix 2 [ ACC ] STREAM LISTENING 168482939 /tmp/mongodb-12121.sock
elf@e496ebfb254b:~$ mongo --port 12121
MongoDB shell version v3.6.3
connecting to: mongodb://127.0.0.1:12121/
MongoDB server version: 3.6.3
Welcome to the MongoDB shell.
>
So the hint in the terminal says that the database backend is MongoDB, and so you should first use netstat to find out the port on which the mongod is listening on, then connect to it. Now you are in the mongo shell ready to poke around to find the answer:
> show dbs
admin 0.000GB
config 0.000GB
elfu 0.000GB
local 0.000GB
test 0.000GB
> use elfu
switched to db elfu
> show tables
bait
chum
line
metadata
solution
system.js
tackle
tincan
> db.solution.find()
{ "_id" : "You did good! Just run the command between the stars: ** db.loadServerScripts();displaySolution(); **" }
> db.loadServerScripts()
> displaySolution()
.
__/ __
/
/.'o'.
.*.'.
.'.'*'.
*'.o.'.*.
.'.*.'.'.*.
.o.'.*.'.*.'.
[_____]
___/
Congratulations!!
So with this the technical challenge in Holly’s terminal is solved, he is ready to provide you with some useful hints for solving Objective:
Woohoo! Fantabulous! I’ll be the coolest elf in class. On a completely unrelated note, digital rights management can bring a hacking elf down. That ElfScrow one can really be a hassle. It’s a good thing Ron Bowes is giving a talk on reverse engineering! That guy knows how to rip a thing apart. It’s like he breathes opcodes!
So his best hint points you to a youtube video from Ron Bowes who has a KringleCon talk. This is definitely a very good hint, be sure to watch it!
Reverse crypto - Main Objective
To kick off the crypto fun, let’s call the elfscrow.exe right away, to see how it can be used.
C:\Users\admin\Desktop\elfscrow> elfscrow.exe
Welcome to ElfScrow V1.01, the only encryption trusted by Santa!
Are you encrypting a file? Try --encrypt! For example:
elfscrow.exe --encrypt <infile> <outfile>
You'll be given a secret ID. Keep it safe! The only way to get the file
back is to use that secret ID to decrypt it, like this:
elfscrow.exe --decrypt --id=<secret_id> <infile> <outfile>
You can optionally pass --insecure to use unencrypted HTTP. But if you
do that, you'll be vulnerable to packet sniffers such as Wireshark that
could potentially snoop on your traffic to figure out what's going on!
This last sentence seems to invite you to do exactly what it warns against. While running the program with the –insecure flag and sniffing network traffic with Wireshark, I could not find any vulnerabilities however. It seems that the key ID, useful to retrieve it from the server, is generated quite unpredictably. Thus, instead of attacking the key ID you should attack the algorithm that generates the key for encryption/decryption.
As mentioned in the objective, the file you need to decrypt was encrypted sometime between 7-9pm on December 6th, 2019 UTC. As such, the plan was to gather enough information to generate the same key that was used to encrypt the file. For this I had to do some further reconnaissance in IDA Pro, so I fired it up with the provided .pdb file.
After a few minutes of poking around in the GUI, I did a string search for generate and found the sub-routine called generate_key that seemed interesting. I spent some time studying it and find the highlighted parts quite interesting on the below screenshot:
It seems that in order to generate the key, it uses the timestamp as a seed to the random number generator. Pretty useful observation. Next I notice a loop, that executes 8 times and generates 8 bits of random data on each iteration, so this suggests that it may be using DES encryption algorithm and thus a 64 bit key. To generate the random key, this sub-routine makes a call to super_secure_random on each iteration of the loop, as seen on the below figure:
This sub-routine has some constants, for which I do some Google searches to reveal that these are used in Linear Congruential Generator algorithms (LCG for short - link). Then I searched for some example implementations of this algorithm, and found a very useful website, which has the same algorithm implemented in many different languages. As I like to work with Go, I decided to choose this implementation and go from there.
To see if my code is correct, when it generates a key based on a given seed, I execute the elfscrow.exe once more and noted the values in its output:
C:\> elfscrow.exe --insecure --encrypt elfscrow.pdb encrypted_elfscrow.pdb.enc
Welcome to ElfScrow V1.01, the only encryption trusted by Santa!
Our miniature elves are putting together random bits for your secret key!
Seed = 1577895929 << NOTE THIS
Generated an encryption key: 09f384150bdb41ba (length: 8) << AND THIS
...
Next, I fed the same seed into the algorithm I put together to generate a key for DES, and observed the same key output:
~/elfscrow ▶ go run lcg.go
Seed: 1577895929
Key: 09f384150bdb41ba
It seems that the key, generated by my code, is the same that was output in the windows command line terminal after executing elfscrow.exe on a sample file. This is good news! Next, I looked on the Internet for an example implementation of DES decryption in Go and found a good solution on StackOverflow… as usual!
Finally, I integrated this Go code for DES decryption with my key generation Go code, and created a tool that loops through every second of the given time interval, generates the corresponding key and uses it for decrypting the given file. If the resulting plain-text is a valid PDF - the plain-text result starts with %PDF - it will save the result to a pdf file on disk. The program takes around 2-3 minutes to finish iterating through every second of the given time interval, but eventually it successfully recovers the pdf file. The timestamp for when the encryption happened is:
12/06/2019 @ 8:20pm (UTC) - 1575663650
This code can be found in a Github repo I created.
~/elfscrow ▶ go run des-go.go
Key-Used: b5ad6a321240fbec - TimeStamp: 1575663650 - First-4-Chars: %PDF...
~/elfscrow ▶
After running this program, it will save the pdf in the same directory where it is executed with the decrypted file. Opening the pdf we can finally recover the solution to this objective:
Machine Learning Sleigh Route Finder