I've seen a number of requests for a writeups on the forensics 200 challenge from Defcon Quals, so I figured I would write one up. Its a relatively simply challenge, but it takes a certain mindset to solve these forensics challenges, so I'll be focusing on that instead of the technical aspects as much. I will, however, try and go step by step so the process can be reproduced.

Next up in the series of PCTF writeups, is problem #6, a .NET challenge. Unfortunately, the .Net Reflector recently went pay, although its only $35, and comes with a 2 week trial. We'll go with the trial.

Great. Its obfuscated, but we kind of expected that, and we know we're looking for a valid key.

Before we get too far, this is what the application is looking for, so we're looking for 3 values ranging from 0->255 that fit and will activate our controller.

So, this is one of the easier challenges, we were given a some connection information, and here's the information it gave us upon connection:

Welcome to the online calculator. Please enter your expression below.
1
About to Calculate:
Calculating: 1
Equals: 1

At this point, we don't know much, except that it does some sort of calculation. A few more trials, and we've learned some useful information:

Welcome to the online calculator. Please enter your expression below.
1+1
About to Calculate:
Calculating: 1+1
Equals: 2


In the spirit of learning me some Python, I decided I would take on the task of re-writing some of the SysInternals tools in Python. The first of those I've done is what I like to call PySInfo.

Download:

PySInfo Source Code
PySInfo Windows Executable

I've recently been working more on Python, since that's what most of the other people I know use as a scripting language, and I figured it would be a good idea to brush up on it a little. As a Windows guy, that meant I would need to dig into the Windows internals, and put together a few tools based on that.

This isn't anything particularly impressive, its just something I threw together in class one day. Its pretty kludgy, and the EXIF data printing I took from somewhere (sorry, I did this as a quick hack and didn't write down who made that part originally. If its your, just let me know and I'll edit this to give you credit).

Essentially, you upload a JPG image, and it dumps all the EXIF data for you, showing you what all was stored in the file for it, and then gives you a version stripped of the exif data.

Over on Reddit, someone asked me about whether or not locking a computer could be considered secure, and I figured rather than just posting a comment to him that he will read once and forget, I would post it here too, for anyone that needs some basic information.

>> is a windows log off lock screen secure?

Yes and No.

As a little bit of backstory:

• At work we used to have an alarm system, which had a really, really convenient feature: after disarming the alarm, you could enter your disarm code again, and the door would be opened up for you. (Those who want some details, its available lower down).
• After having the alarm running and working just fine for several months (well, longer than that, since it wasn't installed by us, so the previous tenants must have had it working, but I don't know how long that was), it suddenly died, rather suddenly.

This, oh so obviously, is a work in progress. It will get there, eventually. We'll just have to see how long that takes...

Just ignore the layout for now. I've got a long list of things that are far more interesting and practical to get working on than the layout is. This will do until I can either con someone else into fixing it, or through some strange stroke of luck I manage to get some free time where I don't have something better to work on (or some stupid game distracting me).