Scribd
Upload
104 views

NSA's Codebreaker Challenge: Fall 2019

The document discusses the NSA's Codebreaker Challenge, an annual cybersecurity competition. It provides an overview of the 2019 scenario involving a custom Android messaging app called TerrorTime. Participants are tasked with reverse engineering TerrorTime to develop exploits like spoofing messages, masquerading as other users, and decrypting conversations. The document outlines technical skills needed and guides participants on analyzing the app's network traffic, permissions, encryption, and more to complete the challenges.

Uploaded by

kiko zotro
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
104 views

NSA's Codebreaker Challenge: Fall 2019

The document discusses the NSA's Codebreaker Challenge, an annual cybersecurity competition. It provides an overview of the 2019 scenario involving a custom Android messaging app called TerrorTime. Participants are tasked with reverse engineering TerrorTime to develop exploits like spoofing messages, masquerading as other users, and decrypting conversations. The document outlines technical skills needed and guides participants on analyzing the app's network traffic, permissions, encryption, and more to complete the challenges.

Uploaded by

kiko zotro
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 21

Te

rro
rT
im
e

NSA’s
Codebreaker Challenge
Fall 2019
Agenda
● Introduction
● Tasks
● Technical Background
2
What is the Codebreaker Challenge?
● Annual Cyber Challenge Event
● Nationwide
● 2018 Top-Finishers
1. Oregon State
2. Georgia Institute of Technology
3. University of North Georgia
4. New Mexico Institute of Mining &
Technology
5. University of Tulsa 3
2019 Scenario

* custom Android secure messaging app


4
Mission
● Reverse engineer and develop new
exploitation capabilities against
TerrorTime to enable: Te
rro
rT
im
e

■ Message spoofing
■ User masquerades
■ Message decryption


● Discover and thwart future attack plans!

5
Key Skills
1. Network Traffic Analysis

2. Android App Analysis

3. Cryptanalysis

4. Binary Reverse Engineering

5. Vulnerability Analysis

6. Exploitation Development

6
Agenda
● Introduction
● Tasks
● Technical Background
7
To Break the Code
1: Extract a copy of TerrorTime APK from
network traffic

2: Analyze APK for app permissions and


certificate information
Te
rro
rT
im

3: Investigate SQLite database from captured


e

device to discover the server addresses

4: Recover user credentials and attack plans

8
To Break the Code (continued)

5: Develop exploit to masquerade into


TerrorTime as another user

6: Develop exploit to enable message spoofing Te


rro
rT
im
e

7: Reverse engineer encryption scheme and


develop exploit to decrypt conversations

9
Agenda
● Introduction
● Tasks
● Technical Background
10
Network Traffic Analysis
● Recommended tools: Wireshark, Burp Suite
● Cross platform, parsers for many protocols
● Features/Functionality:
○ Display filters to focus in on traffic
○ TCP stream following
○ Extract files from packet payloads Te
rro

○ Dissect custom payloads


rT
im
e

○ Traffic statistics/characterization
● Traffic interception / manipulation
● https://www.wireshark.org and https://
portswigger.net/burp
11
Binary Reverse Engineering

Ghidra IDA Pro Binary Ninja

IDA Pro

12
Binary Reverse Engineering
● General tips
○ Examine strings
○ Look for clues Te
rro
rT
im
e

○ Leverage xrefs to find relevant code

● Utilize symbols (function names, etc.)

● Online resources
○ Intel manuals, RE Lectures, tutorials

13
Ghidra Resources
https://ghidra-sre.org
Ghidra SRE Cheat Sheet
Te
rro
rT
im
e

14
Android Applications

● Android package (APK) file

● https://developer.android.com/

● Emulator setup steps Te


rro

○ Resources Page
rT
im
e

15
Android App Analysis
Android Studio Visual Studio Emulator

Ghidra JEB

16
OAUTH
● Grant 3rd Party Access to Data

● Requires TLS (https)


Te
rro
rT
im
e

● Roles:
○ User
○ Client
○ Servers - Resource and Authorization

17
OAUTH Protocol Diagram

4. Request Resource
e
ic
rv

7. Return Resource
se

6. Token
is valid
ss

Client App
ce
Ac

Resource Server
1.

3. 5. Validate token
Is
su
e
2. Ac
Re ce
qu ss
es To
t ke
Ac n
ce
ss
To
ke
n

User
Authorization Server 18
To Get Started

1● https://codebreaker.ltsnet.net

2● .edu email address

3● Learn and have fun!

19
Questions?

codebreaker@nsa.gov

20
Te
rro
rT
im
e

2018
Codebreaker Challenge Walkthrough

Special thanks to Jonathan Armer for sharing his detailed write up at 


https://armerj.github.io/CodeBreaker-2018-Overview/

21

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy