Pertandingan tersebut bermula pada 3 November yang lepas melalui sebuah laman web yang tidak terkenal iaitu http://www.canyoucrackit.co.uk yang memaparkan kod visual dan sebuah grid yang mengandungi nombor dan huruf.Pelawat terlebih dahulu perlu memecahkan kod itu sebelum mereka diberikan akses ke laman Ibu Pejabat Komunikasi Britain (GCHQ).
GCHQ mengatakan bahawa ada beberapa orang telah berjaya memecahkan kod tersebut,tetapi pertandingan itu akan diteruskan selama 10 hari iaitu sehingga 12 Disember 2011.
Tambah mereka lagi,ini bukan kali pertama mereka menggunakan tektik merekrut yang luar biasa bagi menggaji pekerja baru.
Hanya warga United Kingdom yang berjaya memecahkan kod tersebut sahaja yang akan diambil bekerja oleh agensi perisikan itu.
Credit to:
http://irsyad.rc.my
ini lagi sedikit info mengenainya yg sy dpt:
As you might have heard, Britain’s security agency put up an online puzzle earlier this week as a way of trying to recruit new cryptologists and code-breakers. Unfortunately, it seems a simple Google search can unlock the answer to Can You Crack It? and help potential recruits get through to the next round.
As a number of people have noted, the site: command search in Google – which is used to see all pages at a site that are visible to search engines – reveals that the confirmation of success page (i.e. the Congratulations, You’ve Done It page) is out in plain sight, which means anyone can just go there via Google and pretend they’ve cracked the code.
CanYouCrackIt.co.uk Walk-Through And Level 1 Solution
Earlier this week a mysterious website appeared at the url canyoucrackit.co.uk.
I saw the url being passed around Twitter and eventually my curiousity got the best of me.
At first, not much was known about the purpose or origin on the website and the code challenge
displayed. The goal is obviously to break the code that appears in the image and enter the password afterwards.
Well, it turns out that the website is hosted by GCHQ. The United Kingdom’s spy agency. The website is their advertisement for a job application, more or less. After you complete the challenge, enter the code and click ‘Okay’ you are redirected to a website where you can apply for a job at the MI5 as a ‘Cyber Security Specialist.’ Unfortunately, the job only offers 25k yearly to start. And you need to be a UK citizen. Starting to look like alot of work for not much reward, right? Again, my curiousity won and I tried my luck at cracking the code…not for the job but just for the satisfaction of actually completing it.
[+] Requirements
—————–
* NASM
* Cygwin w/ needed DLLs
* GDB
* Hex Editor
* Coding Knowledge (C/C++ or Python)
* Objdump
* Patience, Cigarettes & Coffee
[+] Stage One
——————-
Visit canyoucrackit.co.uk and save the image file that contains the code (cyber.png)
You can either manually copy the code in the image or feed the image into an OCR.
After you have the code saved to a text file, open up cyber.png in your Hex Editor. I used GHex.
When you open cyber.png in the hex editing application, in the beginning you should notice a string that starts with ‘iTXtComment’ followed by a string of numbers and letters which end with ‘==’ That is a base64 code.
Save the base64 string, decode it and add it to the beginning of your code from the image.
Base64 Code:
QkJCQjIAAACR2PFtcCA6q2eaC8SR+8dmD/zNzLQC+td3tFQ4qx8O447TDeuZw5P+0SsbEcYR78jKLw==
Image Code:
eb 04 af c2 bf a3 81 ec 00 01 00 00 31 c9 88 0c
0c fe c1 75 f9 31 c0 ba ef be ad de 02 04 0c 00
d0 c1 ca 08 8a 1c 0c 8a 3c 04 88 1c 04 88 3c 0c
fe c1 75 e8 e9 5c 00 00 00 89 e3 81 c3 04 00 00
00 5c 58 3d 41 41 41 41 75 43 48 3d 42 42 42 42
75 3b 5a 89 d1 89 e6 89 df 29 cf f3 a4 89 de 89
d1 89 df 29 cf 31 c0 31 db 31 d2 fe c0 02 1c 06
8a 14 06 8a 34 1e 88 34 06 88 14 1e 00 f2 30 f6
8a 1c 16 8a 17 30 da 88 17 47 49 75 de 31 db 89
d8 fe c0 cd 80 90 90 e8 9d ff ff ff 41 41 41 41
Save your file that combines these two codes as a binary file.
Run this through objdump with: objdump -d -D -b binary -mi386 crackme.bin
Open with your debugger (gdb) and set a breakpoint at the INT 0×80 call. When it hits your breakpoint, use the gdb command ‘bt’ (which dumps the current stack.) A decrypted string will be visible in the stack dump.
GET /15b436de1f9107f3778aad525e5d0b20.js HTTP/1.1
Throw that in your browser behind canyoucrackit.co.uk and you’re on your way to Stage Two!
You feel elite all ready, right? Yeah, I thought so..
*Stage One Solution click here
credit to:
http://www.myh3r3.com
http://CanYourCrackit.co.uk
credit diberikan kepada dua-dua blog yang saya copy ini...
