News

Final Grades

Written on 21.11.18 by Joshua Steffensky

Hi everybody,

all the points and grades are now available in the CMS.

You now have until this Friday, 23.11.2018, to raise objections against your grade.
Afterwards the grades will be uploaded to the LSF/HISPOS.
 

Regards,
Joshua

Final Deadlines TOMORROW

Written on 19.07.18 by Joshua Steffensky

Hi everyone,

Tomorrow (Friday, July 20th 23:59) is the final deadline for the last exercise sheet and for the final report.
Make sure you submit in time since late submissions will not be accepted.

Regards,
Joshua

No meeting today

Written on 18.07.18 by Dhiman Chakraborty

There will be no meeting today.

Exercise 06 extension

Written on 14.07.18 by Dhiman Chakraborty

Due to some technical problem with virtual box and ubuntu, the vm for exercise was not stable with ASLR.

I have uploaded a new vm. Please download it.

Due to this exercise 06 submission is extended till Friday 20th July 2018 11:59 pm.

Exercise 6 : Task 1 Flag fixed

Written on 11.07.18 by Dhiman Chakraborty

The flag was wrong. It is fixed now. Please try to submit and report if it is not working.

Exercise 5: Additional note

Written on 04.07.18 by Christoph Sorge

Unfortunately, there has been a problem with the picture in task 2 - the version of the memory image that I uploaded does not contain the picture in a reasonably accessible format. It does, however, contain a screenshot. So ignore the description of the picture and describe the screenshot and how you… Read more

Unfortunately, there has been a problem with the picture in task 2 - the version of the memory image that I uploaded does not contain the picture in a reasonably accessible format. It does, however, contain a screenshot. So ignore the description of the picture and describe the screenshot and how you obtained it. The information in the screenshot may confirm something you have already found out, but do not use it as a substitute for other memory analysis methods.

Exercise 05: Image download

Written on 02.07.18 by Christoph Sorge

I have received several comments indicating the memory image download did not work. It does, but only within the university network (including VPN).

Exercise 05

Written on 28.06.18 by Christoph Sorge

Exercise sheet 5 has been uploaded. Sorry for the slight delay.

Last-Minute update for Ex4

Written on 26.06.18 by Frederik Möllers

Hi all,

a big sorry from my side, but there has been a mixup in the encrypted message on Exercise 4. The binary data was mixed so that every two bytes were swapped. If you managed to extract the AES key but failed to decrypt the message from the sheet, try it again with the following… Read more

Hi all,

a big sorry from my side, but there has been a mixup in the encrypted message on Exercise 4. The binary data was mixed so that every two bytes were swapped. If you managed to extract the AES key but failed to decrypt the message from the sheet, try it again with the following data:

8feb0333433b0f660c8a7215e95eeecc
27e47a35d75c0eda16aa42e30752e407
50032f405358c7f0e07650480ad42795
0af6a7293a8e37515bad8a29b3f129af
54ee5ea350e880a74f3848371db88c72
6fffe3f2b437319815199d6eeab3c0b6
c2c6d80153d82cafba8c1933090504ad
10ca8c221dcef3fd2a8f40cae8d5b2e3
ca4f2d101a540514ca68cef6896e6ec1
4fec604ee5219124f815e59e359c785c
c321e6f70a8df9d534996dcf96812e60
665ffcd15e94983e82cdc62a40cd34a9

If your submission is correct up to the point where you decrypt the message, you will of course get full points.

Sorry for the mistake and see you tomorrow,
Frederik

Raspberry Pi

Written on 18.06.18 (last change on 20.06.18) by Frederik Möllers

If you have a Raspberry Pi 2 Model B at home, you can download the following image and solve Exercise 4 Part 1 yourself without any additional hardware. Copy the image to an SD card (min. 16 GB) and boot it.

https://hyperion.cispa.saarland/fred/hacking/pi2.image

Keep in mind that we cannot offer… Read more

If you have a Raspberry Pi 2 Model B at home, you can download the following image and solve Exercise 4 Part 1 yourself without any additional hardware. Copy the image to an SD card (min. 16 GB) and boot it.

https://hyperion.cispa.saarland/fred/hacking/pi2.image

Keep in mind that we cannot offer support for your own hardware. If the image doesn't work or you run into problems using it, it might be necessary to swap for one of the provided Raspberry Pi 3 Model B.

In case you break the operating system on the provided Raspberry Pi 3 Model B, you can use this image to restore the SD card (8 GB) to its original state.

https://hyperion.cispa.saarland/fred/hacking/pi3.image

Exercise 4.1

Written on 15.06.18 by Frederik Möllers

The Cold Boot part of Exercise 4 is ready and the sheet will be released this weekend. As we announced on wednesday, you will be needing hardware for this exercise which we will of course provide. Each team can come by the office in E9 1, room 1.13 on monday and get one Raspberry Pi. As the software… Read more

The Cold Boot part of Exercise 4 is ready and the sheet will be released this weekend. As we announced on wednesday, you will be needing hardware for this exercise which we will of course provide. Each team can come by the office in E9 1, room 1.13 on monday and get one Raspberry Pi. As the software has yet to be copied to all devices, we suggest that you come after lunch. You may however try coming in the morning, if you're feeling lucky.

Sorry for the delay and have a nice weekend.

Frederik

Exercise 3: Covert Channel: Hint 3/3

Written on 08.06.18 by Joshua Steffensky

Last hint:

One channel uses a (slightly modified) morse code.

Exercise 3: Covert Channel: Hint 2/3

Written on 07.06.18 by Joshua Steffensky

Hi,

the second hint is:
One of the channels is hard to find when using wiresharks default settings for the used network protocols

Exercise 3: Covert Channel: Hint 1/3

Written on 06.06.18 by Joshua Steffensky

Hi everybody,

there has been a request to give some hints on the Covert Channel task.

So I decided to give you three hints on the following dates:
6.9.2018: 15:30
7.9.2018: 15:30
8.9.2018: 15:30


So here is the first hint:
3 out of 4 channels are sending text as their… Read more

Hi everybody,

there has been a request to give some hints on the Covert Channel task.

So I decided to give you three hints on the following dates:
6.9.2018: 15:30
7.9.2018: 15:30
8.9.2018: 15:30


So here is the first hint:
3 out of 4 channels are sending text as their payload

 

Cheers,
Joshua

LSF Signup

Written on 15.05.18 by Ben Stock

Please sign up for the course in the LSF. The deadline for registration (and unregistration) is set to next week Wednesday, May 23rd.

 

Exercise 1: Due date

Written on 07.05.18 by Joshua Steffensky

Hi everyone,

There has been a typo on the current exercise sheet (which has been corrected).

The first exercise sheet is due on May 15th 11:59PM.

 

Exercise Sheet #1: Server fixed

Written on 05.05.18 by Frederik Möllers

Hi all (again),

the server for Exercise Sheet #1 is (or should be) fixed now. If you encounter any problems, write me an email. The server still runs on all 3 ports (1337, 1338, 1339), so if one doesn't work, you can try another.

Have a nice weekend and good luck with the exercises,
Read more

Hi all (again),

the server for Exercise Sheet #1 is (or should be) fixed now. If you encounter any problems, write me an email. The server still runs on all 3 ports (1337, 1338, 1339), so if one doesn't work, you can try another.

Have a nice weekend and good luck with the exercises,
Frederik

P.S.: It wasn't explicitly written on the exercise sheet, but the service is for verification only. Please do not try to brute-force the passwords or dictionaries (I keep logs now!). All the information you need is on the exercise sheet and somewhere online. If you have problems, contact me with a (detailed) description of what you tried so far.

Alternative servers for Exercise Sheet #1

Written on 05.05.18 by Frederik Möllers

Hi all,

due to the troubles with the server for Exercise Sheet #1 I have set up two alternative connections. You can use

nc pulsar.die-sinlosen.de 1338
nc pulsar.die-sinlosen.de 1339

It seems that the server is only accessible by one team/person at a time. While I'm trying to sort this… Read more

Hi all,

due to the troubles with the server for Exercise Sheet #1 I have set up two alternative connections. You can use

nc pulsar.die-sinlosen.de 1338
nc pulsar.die-sinlosen.de 1339

It seems that the server is only accessible by one team/person at a time. While I'm trying to sort this out, please be patient and try one of the alternatives or wait a few minutes if the connection hangs.

Sorry for the trouble
Frederik

Show all

Hacking

Please use the meta proseminar to register.

Privacy Policy | Legal Notice
If you encounter technical problems, please contact the administrators.