Due to a massive power outage, our site went down last night around midnight EST and did not come back up until around 9:30am this morning. While we were able to keep the server up due to battery backup systems, our internet provider also lost power. Please bear with us as we do maintenance related tasks and tests to our server to ensure that no data loss occurred. Please note that VIP activities scheduled for today will be delayed until tomorrow. In other news, we're still waiting to hear some ideas on the programming contest. Please chime in!
We are ironing out the final details on our 2011 Programming Contest. If you have any ideas that you think we should use, please contact me or leave a comment on this news post. We are planning to make the 2011 Programming Contest fairly open ended, but we could also make it challenge driven (plus story line) like the Cryptography/Steganography Cracking Contest. Speaking of the Cryptography/Steganography Cracking Contest, nobody has even completed Mission 1 yet. I have had serious submissions from twelve different people on Mission 1, but none of them were correct. Is anybody out there up to the challenge? If you know any ninjas, please tell them about our challenge. I didn't create it so that it could go unsolved...
SOLDIERX proudly presents the official 2011 Cryptography/Steganography Contest. This contest will run from August 30, 2011 until December 31, 2011. At the moment anybody who can complete all of the challenges of this contest will get free VIP and a shirt. If only one person is able to complete the contest, we will be awarding a large prize (to be disclosed in the future). While multiple people may complete the contest, we think there is also the possibility that nobody will complete the challenges. Seriously, this is the toughest contest that SX has ever had. Please check it out by visiting https://www.soldierx.com/CryptographySteganography-Cracking-Contest-2011. If we have enough interest in this contest, we will create similar contests covering other areas of computer security.
Stream Inspector is a code library + example .exe that will detect a file type based on the contents of the file by using "magic bytes". The code library is intended to be used in other applications such as network sniffers to detect file transfers on the wire. Available now in the SX Labs.
I've fixed a bug with 64bit processes. The bugfix changed the main HIJACK structure, so please rebuild your applications when linking with libhijack 0.5.2. If you don't, you could see mysterious bugs. The Makefile is also dynamic, so now you don't need to edit it if you're compiling on 64bit. Download the tarball from its usual spot on GitHub and on SoldierX Labs.
DES_GEN was written as a POC for a specific application that shall remain nameless (cough, major firewall, cough). The belief at the company was that cracking DES requires custom hardware (See EFF's US$250,000 DES cracking machine), so the vendor refused to update to newer methods of password storage. DES_GEN is a single threaded x86 based slap in the face for that company (written in perl none the less). If that company is watching - yes, a dictionary file and some fairly weak mutations cracked your root password in 46 minutes. Available now in the SX Labs.
I absolutely love the nature of opensource: anyone can check your code for errors and patch any bugs. After talking a little with a random developer who's interested in libhijack, he found a bug where I'm accessing a variable after calling free() on it. The fix was simple and he provided a patch for it. I'm releasing version 0.5.1 of libhijack today to fix the bug. It's a minor release. I'd recommend everyone to use this release rather than 0.5 formal.
You can find libhijack at its usual spot on SX Labs.
Libhijack 0.5 has been released! This is an exciting major milestone release. The major features in this release include:
This release has broken two external API calls:
You'll need to pay attention to any code you've written to make sure it still works. The above API calls are completely working, but the function prototypes have changed. I've worked very hard for this release and I hope it's bug-free. I've plugged quite a few memory leaks. Check out the Texts page on 0xfeedface.org's site for the Defcon presentation slides.