Skip to content

Latest commit

 

History

History
129 lines (78 loc) · 4.59 KB

README.md

File metadata and controls

129 lines (78 loc) · 4.59 KB

SideChannel

Write-up author: jon-brandy

DESCRIPTION:

There's something fishy about this PIN-code checker, can you figure out the PIN and get the flag? Download the PIN checker program here pin_checker. Once you've figured out the PIN (and gotten the checker program to accept it), connect to the master server using nc saturn.picoctf.net 52680 and provide it the PIN to get your flag.

HINTS:

  1. Read about "timing-based side-channel attacks."
  2. Attempting to reverse-engineer or exploit the binary won't help you, you can figure out the PIN just by interacting with it and measuring certain properties about it.
  3. Don't run your attacks against the master server, it is secured against them. The PIN code you get from the pin_checker binary is the same as the one for the master server.

STEPS:

  1. First, download the PIN checker program.
  2. Check the file type.

RESULT

image

  1. Let's make it executable by run -> chmod +x pin_checker.
  2. Now run it by -> ./pin_checker.

image

  1. Based from the hint number 1, let's do small research about timing based side-channel attacks.

NOTES

In cryptography, a timing attack is a side-channel attack in which the attacker attempts to compromise a cryptosystem by analyzing the time taken to execute cryptographic algorithms. 

Every logical operation in a computer takes time to execute, and the time can differ based on the input; with precise measurements of the time for each operation, an attacker can work backwards to the input. 

Finding secrets through timing information may be significantly easier than using cryptanalysis of known plaintext, ciphertext pairs. Sometimes timing information is combined with cryptanalysis to increase the rate of information leakage.
  1. Since i can't make the python script, so i bruteforced it.
  2. At first, i started by enter 00000000.
  3. Run the program again at your kali linux using this command -> time ./pin_checker.

NOTES:

The "time" command -> In computing, time is a command in Unix and Unix-like operating systems. It is used to determine the duration of execution of a particular command.

RESULT

image

  1. Next, let's input 10000000.

RESULT

image

  1. it shows the same time, now let's try 20000000.

RESULT

image

  1. Hmm.. Still the same, let's try 30000000.

RESULT

image

  1. Well, this time higher. Let's continue by 40000000.

RESULT

image

  1. Great! It's much higher, continue by 50000000.

RESULT

image

  1. I keep doing this until 90000000.

RESULT

image

  1. It's known that 40000000 is the highest time value.
  2. I keep the value by incrementing to 41000000.

RESULT

image

  1. Until 9.
  2. It's known that 48000000 has the highest time value.

image

  1. Let's use the same steps until the last integer.

FINAL RESULT

  1. For the last digit, when i incremented it to -> 3. The program gave me this output.

image

  1. We can conclude that 48390513 is the right pin.
  2. Now, run the netcat command -> nc saturn.picoctf.net 52680 and enter the pin.

RESULT

image

  1. Finally, we got the flag!

FLAG

picoCTF{t1m1ng_4tt4ck_914c5ec3}

REFERENCES

https://en.wikipedia.org/wiki/Time_(Unix)
https://en.wikipedia.org/wiki/Timing_attack