This is an archived web site made available for research purposes. The web site is no longer maintained.

Challenge Information - NRFIN_00043

Commonly known as: String_Info_Calculator


Rounds Enabled

57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71

Details

Original Versions

Known Vulnerabilities

  • CWE-201 - Information Exposure Through Sent Data
  • CWEs are listed as indicated by the challenge author.

Deployed patches

Deployed IDS rules

Author Information

"Nick Davis" info@narfindustries.com

DARPA performer group

Narf Industries (NRFIN)

Description:

For all of the authors who write all of their documents in VI, we've created the String Info Calculator. Not everybody has a fancy GUI word processing tool handy when writing a research paper or a book report. And we strongly believe that ALL authors need to be able to determine the statistics of their writing. How else are they going to meet the demanding parameters of their editors?

Feature List:

This is a service that will tell you the stats on your writing.

  • Number of characters -- Number of total chars -- Number of printable chars -- Number of non-printable chars -- Number of letters -- Number of numbers -- Number of symbols

  • Number of words

  • Number of sentences
  • Number of paragraphs
  • A cryptographic hash of the content

Vulnerability 1

The vuln is information leakage of secret data. The compute_hash() function in strinfo.c uses bytes from user input as the offset into the secret page. The bytes read from the secret page are used in an xor operation to create a hash value that is provided as part of the result sent to the user; the hash field in the result struct. The user can take advantage of the known offset and the hash value to calculate all of the bytes in the secret page.

Generic Class of Vulnerability

Information Leakage

CWE classification

CWE-201: Information Exposure Through Sent Data

Challenges

  • The hash value returned from the CB is deterministic and can be controlled by 2 bytes in user input. The CRS will need taint tracking to learn that the hash value contains 4 bytes from the magic page. It need some complex logic to create the checksum, and to xor the checksum with the hash value to extract the bytes that came from the magic page. But it is more advanced than just tracking the taint and doing the xor, because the hash value contains a non-sequential set of bytes from the secret page and when extracted from the hash value they are in reverse order from their ordering in the secret page. Then, the CRS has to learn to perform enough repeated communications with the CB to gather a sufficiently long sequence of magic page bytes, put them all in order, and then submit them.
  • This CB was intentionally kept small to give the CRS's a chance at solving this vuln.

Difficulty

  • Discovering is medium
  • Proving is hard
  • Fixing is easy

POV Information

Round Source Destination Result POV Analysis Video
58 CSDS CodeJitsu Failed POV POV Watch
58 CSDS DeepRed Failed POV POV Watch
58 CSDS Disekt Failed POV POV Watch
58 CSDS ForAllSecure Failed POV POV Watch
58 CSDS Shellphish Failed POV POV Watch
58 CSDS TECHx Failed POV POV Watch
58 DeepRed CodeJitsu Failed POV POV Watch
58 DeepRed CSDS Failed POV POV Watch
58 DeepRed Disekt Failed POV POV Watch
58 DeepRed ForAllSecure Failed POV POV Watch
58 DeepRed Shellphish Failed POV POV Watch
58 DeepRed TECHx Failed POV POV Watch
59 CodeJitsu Disekt Failed POV through defenses POV Watch
59 CSDS CodeJitsu Failed POV POV Watch
59 CSDS DeepRed Failed POV POV Watch
59 CSDS Disekt Failed POV through defenses POV Watch
59 CSDS ForAllSecure Failed POV POV Watch
59 CSDS Shellphish Failed POV POV Watch
59 DeepRed CodeJitsu Failed POV POV Watch
59 DeepRed CSDS Failed POV POV Watch
59 DeepRed Disekt Failed POV through defenses POV Watch
59 DeepRed ForAllSecure Failed POV POV Watch
59 DeepRed Shellphish Failed POV POV Watch
60 CSDS CodeJitsu Failed POV POV Watch
60 CSDS DeepRed Failed POV POV Watch
60 CSDS Disekt Failed POV through defenses POV Watch
60 CSDS ForAllSecure Failed POV POV Watch
60 CSDS Shellphish Failed POV POV Watch
60 CSDS TECHx Failed POV through defenses POV Watch
60 DeepRed CodeJitsu Failed POV POV Watch
60 DeepRed CSDS Failed POV POV Watch
60 DeepRed Disekt Failed POV through defenses POV Watch
60 DeepRed ForAllSecure Failed POV POV Watch
60 DeepRed Shellphish Failed POV POV Watch
60 DeepRed TECHx Failed POV through defenses POV Watch
61 CodeJitsu Shellphish Failed POV through defenses POV Watch
61 CSDS CodeJitsu Failed POV POV Watch
61 CSDS DeepRed Failed POV POV Watch
61 CSDS Disekt Failed POV through defenses POV Watch
61 CSDS ForAllSecure Failed POV POV Watch
61 CSDS Shellphish Failed POV through defenses POV Watch
61 CSDS TECHx Failed POV through defenses POV Watch
61 DeepRed CodeJitsu Failed POV POV Watch
61 DeepRed CSDS Failed POV POV Watch
61 DeepRed Disekt Failed POV through defenses POV Watch
61 DeepRed ForAllSecure Failed POV POV Watch
61 DeepRed Shellphish Failed POV through defenses POV Watch
61 DeepRed TECHx Failed POV through defenses POV Watch
62 CSDS CodeJitsu Failed POV POV Watch
62 CSDS DeepRed Failed POV POV Watch
62 CSDS Disekt Failed POV through defenses POV Watch
62 CSDS ForAllSecure Failed POV POV Watch
62 CSDS Shellphish Failed POV through defenses POV Watch
62 CSDS TECHx Failed POV through defenses POV Watch
62 DeepRed CodeJitsu Failed POV POV Watch
62 DeepRed CSDS Failed POV POV Watch
62 DeepRed Disekt Failed POV through defenses POV Watch
62 DeepRed ForAllSecure Failed POV POV Watch
62 DeepRed Shellphish Failed POV through defenses POV Watch
62 DeepRed TECHx Failed POV through defenses POV Watch
63 CSDS CodeJitsu Failed POV POV Watch
63 CSDS DeepRed Failed POV POV Watch
63 CSDS Disekt Failed POV through defenses POV Watch
63 CSDS ForAllSecure Failed POV POV Watch
63 CSDS Shellphish Failed POV through defenses POV Watch
63 CSDS TECHx Failed POV through defenses POV Watch
63 DeepRed CodeJitsu Failed POV POV Watch
63 DeepRed CSDS Failed POV POV Watch
63 DeepRed Disekt Failed POV through defenses POV Watch
63 DeepRed ForAllSecure Failed POV POV Watch
63 DeepRed Shellphish Failed POV through defenses POV Watch
63 DeepRed TECHx Failed POV through defenses POV Watch
64 CSDS CodeJitsu Failed POV POV Watch
64 CSDS DeepRed Failed POV POV Watch
64 CSDS Disekt Failed POV through defenses POV Watch
64 CSDS ForAllSecure Failed POV POV Watch
64 CSDS Shellphish Failed POV through defenses POV Watch
64 CSDS TECHx Failed POV through defenses POV Watch
64 DeepRed CodeJitsu Failed POV POV Watch
64 DeepRed CSDS Failed POV POV Watch
64 DeepRed Disekt Failed POV through defenses POV Watch
64 DeepRed ForAllSecure Failed POV POV Watch
64 DeepRed Shellphish Failed POV through defenses POV Watch
64 DeepRed TECHx Failed POV through defenses POV Watch
65 CSDS CodeJitsu Failed POV POV Watch
65 CSDS DeepRed Failed POV POV Watch
65 CSDS Disekt Failed POV through defenses POV Watch
65 CSDS ForAllSecure Failed POV POV Watch
65 CSDS Shellphish Failed POV through defenses POV Watch
65 CSDS TECHx Failed POV through defenses POV Watch
65 DeepRed CodeJitsu Failed POV POV Watch
65 DeepRed CSDS Failed POV POV Watch
65 DeepRed Disekt Failed POV through defenses POV Watch
65 DeepRed ForAllSecure Failed POV POV Watch
65 DeepRed Shellphish Failed POV through defenses POV Watch
65 DeepRed TECHx Failed POV through defenses POV Watch
66 CSDS CodeJitsu Failed POV POV Watch
66 CSDS DeepRed Failed POV POV Watch
66 CSDS Disekt Failed POV through defenses POV Watch
66 CSDS ForAllSecure Failed POV POV Watch
66 CSDS Shellphish Failed POV through defenses POV Watch
66 CSDS TECHx Failed POV through defenses POV Watch
66 DeepRed CodeJitsu Failed POV POV Watch
66 DeepRed CSDS Failed POV POV Watch
66 DeepRed Disekt Failed POV through defenses POV Watch
66 DeepRed ForAllSecure Failed POV POV Watch
66 DeepRed Shellphish Failed POV through defenses POV Watch
66 DeepRed TECHx Failed POV through defenses POV Watch
67 CSDS CodeJitsu Failed POV POV Watch
67 CSDS DeepRed Failed POV POV Watch
67 CSDS Disekt Failed POV through defenses POV Watch
67 CSDS ForAllSecure Failed POV POV Watch
67 CSDS Shellphish Failed POV through defenses POV Watch
67 CSDS TECHx Failed POV through defenses POV Watch
67 DeepRed CodeJitsu Failed POV POV Watch
67 DeepRed CSDS Failed POV POV Watch
67 DeepRed Disekt Failed POV through defenses POV Watch
67 DeepRed ForAllSecure Failed POV POV Watch
67 DeepRed Shellphish Failed POV through defenses POV Watch
67 DeepRed TECHx Failed POV through defenses POV Watch
68 CSDS CodeJitsu Failed POV POV Watch
68 CSDS DeepRed Failed POV POV Watch
68 CSDS Disekt Failed POV through defenses POV Watch
68 CSDS ForAllSecure Failed POV POV Watch
68 CSDS Shellphish Failed POV through defenses POV Watch
68 CSDS TECHx Failed POV through defenses POV Watch
68 DeepRed CodeJitsu Failed POV POV Watch
68 DeepRed CSDS Failed POV POV Watch
68 DeepRed Disekt Failed POV through defenses POV Watch
68 DeepRed ForAllSecure Failed POV POV Watch
68 DeepRed Shellphish Failed POV through defenses POV Watch
68 DeepRed TECHx Failed POV through defenses POV Watch
69 CSDS CodeJitsu Failed POV POV Watch
69 CSDS DeepRed Failed POV POV Watch
69 CSDS Disekt Failed POV through defenses POV Watch
69 CSDS ForAllSecure Failed POV POV Watch
69 CSDS Shellphish Failed POV through defenses POV Watch
69 CSDS TECHx Failed POV through defenses POV Watch
69 DeepRed CodeJitsu Failed POV POV Watch
69 DeepRed CSDS Failed POV POV Watch
69 DeepRed Disekt Failed POV through defenses POV Watch
69 DeepRed ForAllSecure Failed POV POV Watch
69 DeepRed Shellphish Failed POV through defenses POV Watch
69 DeepRed TECHx Failed POV through defenses POV Watch
70 CSDS CodeJitsu Failed POV POV Watch
70 CSDS DeepRed Failed POV POV Watch
70 CSDS Disekt Failed POV through defenses POV Watch
70 CSDS ForAllSecure Failed POV POV Watch
70 CSDS Shellphish Failed POV through defenses POV Watch
70 CSDS TECHx Failed POV through defenses POV Watch
70 DeepRed CodeJitsu Failed POV POV Watch
70 DeepRed CSDS Failed POV POV Watch
70 DeepRed Disekt Failed POV through defenses POV Watch
70 DeepRed ForAllSecure Failed POV POV Watch
70 DeepRed Shellphish Failed POV through defenses POV Watch
70 DeepRed TECHx Failed POV through defenses POV Watch
71 CSDS CodeJitsu Failed POV POV Watch
71 CSDS DeepRed Failed POV POV Watch
71 CSDS Disekt Failed POV through defenses POV Watch
71 CSDS ForAllSecure Failed POV POV Watch
71 CSDS Shellphish Failed POV through defenses POV Watch
71 CSDS TECHx Failed POV through defenses POV Watch
71 DeepRed CodeJitsu Failed POV POV Watch
71 DeepRed CSDS Failed POV POV Watch
71 DeepRed Disekt Failed POV through defenses POV Watch
71 DeepRed ForAllSecure Failed POV POV Watch
71 DeepRed Shellphish Failed POV through defenses POV Watch
71 DeepRed TECHx Failed POV through defenses POV Watch

Curated by Lunge Technology, LLC. Questions or comments? Send us email