NUCLEAR LAUNCH CODE (1000 points)

History and task

You have just landed a job with the ISP TRUSTWORTHY INTERNET, who has important customers, such as the American government. The company does thorough background checks of all employees, you included. However, they found out that you're a CHINESE SPY!

At work, you have access to TRUSTWORTHY INTERNET's infrastructure, especially the software bridge.py, which routes packages between the customers.

Through your contacts in the Chinese government, you have the following information:

  • Public RSA-keys for several persons/organizations.
  • Private keys for an international Chinese company.
  • That Obama is very eager to know the latest NUCLEAR LAUNCH CODE, and thus presses F5 in his browser repeatedly.
  • The American government uses RSA with PKCS1_OAEP for Public Key Encryption.
  • The launch code is XOR'ed with some secret information.

Your mission: GET THE NUCLEAR LAUNCH CODE!

Connect to the VPN to access the servers.

bridge.py

import struct, socket, sys
from select import select

TCP_Mr_OBAMA = ('10.20.9.100', 2000)
TCP_WWW_NSAx = ('10.20.10.100', 2000)

def main():
    sock_a = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
    sock_a.connect(TCP_Mr_OBAMA)

    sock_b = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
    sock_b.connect(TCP_WWW_NSAx)

    socks = [sock_a, sock_b]

    route_table = { "Mr_OBAMA": sock_a,
                    "WWW_NSAx": sock_b}
    while socks:
        (rlist, _, _) = select(socks, [], [])

        for s in rlist:
            pkg = PackageFromSocket(s)
            print pkg
            if pkg.receiver in route_table:
                pkg.send(route_table[pkg.receiver])
            else:
                print "Dropper pakke fra ukjent mottaker:", pkg

class Package:
    def __init__(self, sender, receiver, proto, length, payload):
        self.sender = sender
        self.receiver = receiver
        self.proto = proto
        self.length = len(payload)
        self.payload = payload

    def send(self, sock):
        self.length = len(self.payload)
        data = struct.pack("!8s8s5sL%ds" % self.length,
            self.sender, self.receiver, self.proto,
            self.length, self.payload)
        sock.sendall(data)

    def __repr__(self):
        items = [self.sender, self.receiver, self.proto, self.payload]
        return "SRC=%s DST=%s PROTO=%s CONTENT=%s" %\
            tuple([x.__repr__() for x in items])

def PackageFromSocket(sock):
    def recv_all(sock, size):
        data = ""
        while len(data) < size:
            tmp = sock.recv(size - len(data))
            if not tmp:
                print "recv returned without data. Exiting."
                sys.exit(1)
            data += tmp
        return data

    header = recv_all(sock, 25)
    pkg = struct.unpack_from("!8s8s5sL", header)
    payload = recv_all(sock, pkg[3])
    return Package(*(pkg + (payload,)))


if __name__ == "__main__":
    main()

RSA-keys

INTRUDER.private

-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEAzWDA4Ro7yHm7/wGEJCzPKkyqn8eHwMgl9+0IjJsqEEr+rO3l
1k28MWKBpcD/HH5uf26JEHRxo6cTZAh8Z7rHCgmC4/jdM7JppYcl4jn4eAmEcgYc
HgUIWY9QdWTGOYyX6qFUYwKMcqVyYPP+9F7HNxxKJuZLmu2tDueDLMx5egZR0Uwt
OzS1/Wx+MyevRTodHyGsgEfqqd55+c0R1wjMUlDSHZlsbE1imZ2aJbF/66RPofhw
quSaKODtE2BZYGBuKYdR454pIl3a1FRg9h+o0F9K1CQ7Q580Rd/M555YOh1LbP2y
uRsnDUMX3LQim9LJ04pS+2qtAAJbMXp3u4Bv3QIDAQABAoIBAHAeu+2n5q9BVhKW
/07Ib6iGBjgIM+JY4fGBo8MvCj2u024QygK+mVjUkDavMBacJzLGY2lqSIexNHLN
9yyh2PtvydcvC4OniOlm6JWiVDUj7PxavYrd8HsENEaCZ30PdfgPbwRGZepIzDKF
wdAi1dsORKUL4IaJ7opOdVxFnKOyR8q4TBLd2A3MCHCzTQCeyabLnEFRivMPLyX0
VcV2UonSXqRr5IJqrs5xFAt+Q9TNwdbDsRh9P0D0pTbTyGQoRfyh/WGoJkabrZuq
4F4ZpTIMNSaGjiY4QuPfRDz4HqLFZgPG9dzQ4VTayZrcBJT+5yRZ5IFrZkh0Qbsm
BxKZ50ECgYEA/okXHIwdQ0zDaVeK192WsMZejkhZU3tqwoi5PzZ7ypkIsR1w++J5
mJsks1Odtossips7q3CWBPLsS169TNdfAJR4jnC2Jv714a4Wqy2HVlYgTKISWJpu
fuFJXY2XzchINYJZeT2svOtcFv5jRNdAMr7NcF/lGN2j0GuoJAUsW7UCgYEAzo9C
FP9Uu7C7PWE+5TNgxwVWYSunsc8WCetK5DOtE5UKiIf9Nx9go2QBgYNAxO7U03Y7
zjL6QMq2sdoCO8ZDkeyjTllLPNWdYNyuiJky2gdLWT9zx0syN7BU8xBETr/S/Zvl
+Cu3d+37rcF3+xUv6yG5biO3GFI0kXIXvtmnbIkCgYEArZ6XPCq6vzA6Tr2fAFWu
tw/oaYciHxadIOqf6WVhlTVDv4REkBvQM28H3qZXeq9+B2GRlwRp4CBPW63Y0/RI
Yh3kCc0KApmA4Jqd7c9VdGe1CnC2sOdOHY/QOlcdyAkocA9ktpWCIS8tlqWY0tk8
eiC6Az/2BjsQxVbZzxAUTM0CgYA/UdcWDLdy2dhsFnVrWXafS9mQ7Ar6DNtaqxBI
KDc0O4oBFH7g+PNs4uk7RHsEY5pGQIZQzXu9hObAWm442Kw5/WqKSAEyYuFdogi2
ww+9mmLUtwjM3RZFz/4ajLAD2/XX3ISAsRYK4581Qot/Ip2P3MS1KKmmAP0wYOM6
lAoo0QKBgQDVqYQUCfFktUxhbJGIvAZ6ztvu4qSwUnepFlRbXPes5GGp+cNYG5di
ObLo2sTXxmChUiIpjw6N0w3SPV8vgwEFAB6xbvNHS+dFzg11kzn8/Nxa8SVyD1cJ
ogxWDYj4CE9y1Bnb+kM7Q4NimaGnRlQFvVJHyuKdmGFqNmN6a/uuMA==
-----END RSA PRIVATE KEY-----

INTRUDER.public

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzWDA4Ro7yHm7/wGEJCzP
Kkyqn8eHwMgl9+0IjJsqEEr+rO3l1k28MWKBpcD/HH5uf26JEHRxo6cTZAh8Z7rH
CgmC4/jdM7JppYcl4jn4eAmEcgYcHgUIWY9QdWTGOYyX6qFUYwKMcqVyYPP+9F7H
NxxKJuZLmu2tDueDLMx5egZR0UwtOzS1/Wx+MyevRTodHyGsgEfqqd55+c0R1wjM
UlDSHZlsbE1imZ2aJbF/66RPofhwquSaKODtE2BZYGBuKYdR454pIl3a1FRg9h+o
0F9K1CQ7Q580Rd/M555YOh1LbP2yuRsnDUMX3LQim9LJ04pS+2qtAAJbMXp3u4Bv
3QIDAQAB
-----END PUBLIC KEY-----

Mr_OBAMA.public

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtcskqP0bRQoW9Q0O7lvZ
wP01THZcwZ+O2rb8CoC65Z6hqjeyek+CYvioT2W8O/vUB7dVcr1Mk5sfwRTnWAol
Jl3Sn69z3KQMelIlb/5zP7Lzs/uJ03nZ70jopsed7viaWjivePxWIDU+VcBNX3QC
Y2EVRwjtSeuonEd+Z+X/uJDpOZeRr9oqMvK8N7ghepq2mXO4g8bxC9J5g4Ura8+e
21v+doMSLaPSS5RnS0UUk9jME5D7zssVP1+rcwCkbWRwxxJd/wXJH0wqmEAcWQ42
hVW+Ww08+UP9V9dNSSljF9Cxw8bA6Y1lsOSABdkNXJrYzN838S8TuQbtzmdpd2TS
pwIDAQAB
-----END PUBLIC KEY-----

WWW_NSAx.public

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxnM4BIHsXaxzWtXqtppC
eo19uhu0DTtHYWEcmojbUcSpFEWwx5+nM4ZbLEaCyABnBsGpId/OPYAU3aTSAQvJ
iimhAfuLLGTNUEBDLRkGFBY1cs9HNTydzoH2h5kg7LpzGuFaiZrzDEcOyomkK2gs
QlcG8NjQWTTjHCH7/a4zmY0BRl8LnZvrv1tJMyKCTMzEK4j/YX2zpE5Tul7b1nlk
g9K8uZxVURejJ5kwMVvcFFyuNMehKoEcT65EmvGs+GFiLdMQdiR0CG4cgR66Xl1o
VWnUHLEGnSxNmSuAxCbnv67t5Dyh4HlZ33fZomuTY2/3kp8bhKnjdnLOT4t6ephN
8QIDAQAB
-----END PUBLIC KEY-----

Token

You must be logged in to submit token

Log in here

Required assignments