News
New p2png version: please upgrade!
Written on 11.01.2019 14:03 by Christian Rossow
Dear Alice,
Bad news on the horizon: Left-wing populists have discovered severe flaws in our p2png implementation, which made it trivial for everyone to identify all party members. We were just forced to release a new version of p2png (p2png.v2) that mitigates this trivial vulnerability and makes peer discovery much harder. You can download the new binary here. p2png.v2 is largely the same binary as the previous one, we just had to change one constant and add one check. Note that the default port was updated to 13337 (which, obviously, is significantly more leet than 1337). Furthermore, all existing peers updated their software and changed their addresses. Please make sure that your assignment solution is based on this particular binary. Given the trivial solution of the old version, p2png solutions that were created before today will be invalid.
I can totally feel your pain. But wait! Normally, a new binary would have meant that your reversing efforts completely start from scratch, as you'd need to start a new IDA database. Yet, we spent significant amount of time to create an in-line patch that, luckily, leaves code offsets and everything in place. You can apply this patch to your IDA database and continue working on your existing IDB. To be on the safe side, make sure to make a copy of your database before applying the script.
To cope with this extra burden, we will grant you two things:
a) The submission deadline will be extended by 4 days to March 4 23:59 CET.
b) We will give bonus points if you describe in your report how we fixed what problem.
Happy reversing,
Bernd