CHES 2015 Challenge. Adrian Thillard, Ryad Benadjila, Emmanuel Prouff, Guénaël Renault, Matthieu Rivain

Similar documents
Text Encryption Based on Glider in the Game of Life

ELOQUA INTEGRATION GUIDE

Information Extraction slides adapted from Jim Martin s Natural Language Processing class

Part 1. Part 2. airports100.csv contains a list of 100 US airports.

Using Mountain Air's Website

A Statistical Method for Eliminating False Counts Due to Debris, Using Automated Visual Inspection for Probe Marks

UIA-PHG 2018 HOSPITAL 21. May 29-31, th INTERNATIONAL ANNUAL SEMINAR. Breathing new life in the 21 st century hospital

Math Summer Packet Grade 6

Episode 13 The Beale Ciphers

Dell EMC Unisphere 360

George Nicholas And Wilhelm Three Royal Cousins And The Road To World War I

Kristina Ricks ISYS 520 VBA Project Write-up Around the World

EMC Unisphere 360 for VMAX

Analyzing the Fault Sensitivity of Secure Embedded Software

o " tar get v moving moving &

EMC Unisphere 360 for VMAX

Time-Space Analysis Airport Runway Capacity. Dr. Antonio A. Trani. Fall 2017

Air Travel: An Introduction (Higher) Selling Scheduled Air Travel (Higher)

IACRA Procedures Starting an 8710 and Getting Affiliated with OU Aviation

ultimate traffic Live User Guide

Spring'2016' Franziska'(Franzi)'Roesner''

Bonita Workflow. Getting Started BONITA WORKFLOW

ESPANOL SANTILLANA PRACTICE WORKBOOK HIGH SCHOOL 1 TEACHER'S EDITION

Pre-lab questions: Physics 1AL CONSERVATION OF MOMENTUM Spring Introduction

Jump Chart Main Chart flagship Ship List

Federal Aviation Administration Early Implementation Experiences

1224 Splitter and CTO combo, setup instructions using the Panelview HMI

Marc Girault Independent expert (formerly in France Telecom Orange Labs R&D) Rue d Ulm, 4 September 2009

Authentic Assessment in Algebra NCCTM Undersea Treasure. Jeffrey Williams. Wake Forest University.

Titanic Timeline: April 2012, Titanic Visitor Centre Opens in Belfast

UVACARS User Guide Version 1.0

Amusement Park Physics 11 Answers

SAFETY BULLETIN. One Level of Safety Worldwide Safety Bulletin No. 05SAB004 5 July 2004

Predicting flight routes with a Deep Neural Network in the operational Air Traffic Flow and Capacity Management system

The University of California. Change of Status to F-1 or J-1 (for Students)

GDC Services Access via PDA. User Guide

Camp Roosevelt February 22-24, 2019 The High Adventure Chill Out is a chance to join in one of the oldest traditions in Boy Scout history.

Kat s Artist Tree W Van Buren St Goodyear, AZ

By Prabath Siriwardena, WSO2

FSXmap.com. Interactive Airport and Runway map for Flight Simulator X

Tekla looks up in New York:

Paratransit Advisory Committee (PAC)

Angel Flight Information Database System AFIDS

A. Karakasidis 1, V. S. Verykios 2 and P. Christen 3

Little Red Schoolhouse Newsletter- September 2017

Airport Runway Location and Orientation. CEE 4674 Airport Planning and Design

Airline Boarding Schemes for Airbus A-380. Graduate Student Mathematical Modeling Camp RPI June 8, 2007

Introduction & Admin. Online UAS Training Courses. Virtual Meet & Greet

SAVOIR industrial perspectives Thales Alenia Space View

Your Logistics Solution for Maritime and Industrial Needs

Monitoring & Control Tim Stevenson Yogesh Wadadekar

BRANDING & MEDIA GUIDELINES FOR GR ANTEES IN INDIA

Aircraft Noise. Why Aircraft Noise Calculations? Aircraft Noise. SoundPLAN s Aircraft Noise Module

Applicability / Compatibility of STPA with FAA Regulations & Guidance. First STAMP/STPA Workshop. Federal Aviation Administration

1. Introduction. 2.2 Surface Movement Radar Data. 2.3 Determining Spot from Radar Data. 2. Data Sources and Processing. 2.1 SMAP and ODAP Data

Information security supplier rules. Information security supplier rules

LIFE TRAVEL THE MIDDLE SEAT. American, Delta, United and others are prepping streamlined systems that could skew their lost-luggage stats

Japan Tokyo, Japan. Non-fiction: Japan - Tokyo. founded started, established 2. metropolitan of a large city; belonging to a large city 3

Instructions for Parents Registering Children for Camp Walter Johnson

IACRA Procedures Starting an 8710 and Getting Affiliated with OU Aviation

Japanese Traditional Music Program

UNIVERSAL GUEST ACCOUNT QUICK REFERENCE GUIDE

Official FAI event under IGC rules FAI 15m class or below No index handicap, Limited loading 50kg/m² Regatta start, SGP scoring & rules

DOWNLOAD OR READ : USCIS GOV QUESTION AND ANSWER PDF EBOOK EPUB MOBI

Strategic Management. 24 November Examination Paper. Time: 2 hours

SIMULATION TECHNOLOGY FOR FREE FLIGHT SYSTEM PERFORMANCE AND SURVIVABILITY ANALYSIS

2016 Council Camporee. Leaders Guide

Bioinformatics of Protein Domains: New Computational Approach for the Detection of Protein Domains

etrust SiteMinder Connector for Oracle Solutions Architecture, Installation and Configuration Guide For UNIX Version 1.6 (Rev 1.

INTERNATIONAL CIVIL AVIATION ORGANIZATION AFI REGION AIM IMPLEMENTATION TASK FORCE. (Dakar, Senegal, 20 22nd July 2011)

Using STAMP to Address Causes and Preventive Measures of Mid-Air Collisions in Visual Flight

INFORMATION FOR COMPLETING THE FORM at

Mathcad 14.0 Curriculum Guide

KTRK Flight Tracking System, VNOMS, Altitudes and Positional Calculations

Mathcad 140 Curriculum Guide

François CAHUZAC / Arnaud BIARD

5 Give the students Worksheet 4. Ask them to. 6 Ask the students to look at the second part of. 7 Give the students a copy of Worksheet 5 and ask

Integration of Hotel Room Reservation and Travel Agency

2019 Sycamore Valley Day Camp Information

CDM Quick Reference Guide. Concepts I Need to Know for the Exam

Flight Crew Operating Manual STANDARD OPERATING PROCEDURES

OHIO STATE UNIVERSITY EXTENSION

Important! You need to print out the 2 page worksheet you find by clicking on this link and take it with you to your lab session.

HardSID Uno / UPlay user s guide HardSID Uno HardSID UPlay

Scalable Runtime Support for Data-Intensive Applications on the Single-Chip Cloud Computer

Impact of Landing Fee Policy on Airlines Service Decisions, Financial Performance and Airport Congestion

Setup and Configure the Siteminder Policy Store with Dxmanager

The AeroKurier Online Contest Not Just for Computer Nerds

I hike USER EXPERIENCE BRIEF

PAGES SAMPLE. GRIVAS PUBLICATIONS 2004 ll rights reserved

Pass The Cabin Crew Panel Interview In 12 Hours: Great Answers For Maximum Impact By Carrie Loren READ ONLINE

An Online Airline Reservation Information System Case

Anchorage Radio Standard Operating Guidelines

Iata Airport Handling Manual Free Download

EE382V: Embedded System Design and Modeling

1. Where Should you Send your EB-2 NIW (National Interest Waiver) Petition Package:

ROLLER COASTER POLYNOMIALS

electronica Automotive Conference International Conference on Technologies and Strategies for Automotive Electronics and Components

Introduction Aircraft Flight Mechanics Performance

Polynomial Roller Coaster

Transcription:

CHES 2015 Challenge Adrian Thillard, Ryad Benadjila, Emmanuel Prouff, Guénaël Renault, Matthieu Rivain CHES 2015 Tuesday, September 15th, St-Malo, France /39 A. Thillard, R. Benadjila CHES15 Challenge

CHES Challenge : goal Challenge people on CHES topics Add fun to the conference 2/39 A. Thillard, R. Benadjila CHES15 Challenge

CHES Challenge : general principle 1 Download 4 challenges 2 Solve their problem to retrieve flags 3 Enter flags on our website to earn points 4??? 5 PROFIT 3/39 A. Thillard, R. Benadjila CHES15 Challenge

Stats 250 registrations 44 retrieved at least one flag First to retrieve all the flags : 6 days - yobibe Check his awesome writeup 1!! 8 players retrieved all the flags 1. http://wiki.yobi.be/wiki/ches2015_writeup 4/39 A. Thillard, R. Benadjila CHES15 Challenge

Winners (1/2) 1 hellman 2 yobibe (represented by Joppe BOS) 3 jybu (represented by François DASSANCE) 4 fox (represented by Ilya KIZHVATOV) 5/39 A. Thillard, R. Benadjila CHES15 Challenge

Winners (1/2) 1 hellman 2 yobibe (represented by Joppe BOS) 3 jybu (represented by François DASSANCE) 4 fox (represented by Ilya KIZHVATOV) 5/39 A. Thillard, R. Benadjila CHES15 Challenge

Winners (1/2) 1 hellman 2 yobibe (represented by Joppe BOS) 3 jybu (represented by François DASSANCE) 4 fox (represented by Ilya KIZHVATOV) 5/39 A. Thillard, R. Benadjila CHES15 Challenge

Winners (1/2) 1 hellman 2 yobibe (represented by Joppe BOS) 3 jybu (represented by François DASSANCE) 4 fox (represented by Ilya KIZHVATOV) 5/39 A. Thillard, R. Benadjila CHES15 Challenge

Winners (2/2) 5 c23 (represented by Cyril ROSCIAN) 6 Seeluna (Céline THUILLET) 7 barbapapa (represented by Julien FRANCQ) 8 OverTime (represented by Alberto BATTISTELLO) 9 dummy (represented by Peter SHWABE) 10 marsob 6/39 A. Thillard, R. Benadjila CHES15 Challenge

CHES Challenge : description 1 WAV file : signal analysis, SCA 2 JPG file : fun (stegano, chess, googling) 3 C file : factorisation, primes collision, SCA, fault attacks 4 PNG file : pattern matching, emulation, padding oracle, whitebox 7/39 A. Thillard, R. Benadjila CHES15 Challenge

Challenge 1- WAV file 8/39 A. Thillard, R. Benadjila CHES15 Challenge

Challenge 1- WAV file : First flag Quicken the file = voice reading letters Letters form sentences = solving recipe 9/39 A. Thillard, R. Benadjila CHES15 Challenge

Challenge 1- WAV file : First flag is in the spectrogram Go on pastebin = first flag and plaintexts 1 1. Note to self : do not screw with the plaintexts 0/39 A. Thillard, R. Benadjila CHES15 Challenge

Challenge 1- WAV file : First flag is in the spectrogram Go on pastebin = first flag and plaintexts 1 1. Note to self : do not screw with the plaintexts 10/39 A. Thillard, R. Benadjila CHES15 Challenge

Challenge 1- WAV file : Second flag : Getting the curves Recipe instructed to extract needles 1/39 A. Thillard, R. Benadjila CHES15 Challenge

Challenge 1- WAV file : Second flag : Getting the curves Recipe instructed to extract needles 1/39 A. Thillard, R. Benadjila CHES15 Challenge

Challenge 1- WAV file : Second flag CPA HW (Mayer-Sommer (CHES00), Brier et al. (CHES04)) = Secret Key Secret Key = flag 12/39 A. Thillard, R. Benadjila CHES15 Challenge

Challenge 2- JPG file 13/39 A. Thillard, R. Benadjila CHES15 Challenge

Challenge 2- JPG file : First flag 14/39 credit : Denelson83 A. Thillard, R. Benadjila CHES15 Challenge

Challenge 2- JPG file : First flag Order the cells according to their numbers Blue = STEGHIDE, phrase about helped mate Use STEGHIDE on jpg with password = previous phrase Get Gabor.txt = first flag 15/39 A. Thillard, R. Benadjila CHES15 Challenge

Challenge 2- JPG file : Second flag In text file : FEN notation 16/39 A. Thillard, R. Benadjila CHES15 Challenge

Challenge 2- JPG file : Second flag, path 1 : Solve it! 17/39 A. Thillard, R. Benadjila CHES15 Challenge

Challenge 2- JPG file : Second flag, path 2 : Google it! Cseh.jpg + Gabor.txt = Gabor Cseh 18/39 A. Thillard, R. Benadjila CHES15 Challenge

Challenge 2- JPG file : Second flag Encode each move using grid numbers (eg. G2-H4= 14,31) Secret Key = flag 19/39 A. Thillard, R. Benadjila CHES15 Challenge

Challenge 3- C file : Behavior 20/39 A. Thillard, R. Benadjila CHES15 Challenge

Challenge 3- C file : Behavior Wrong signature : Correct signature : Correct plaintext??? 21/39 A. Thillard, R. Benadjila CHES15 Challenge

Challenge 3- C file : First flag, path 1 : side-channel Prime generation by trial divisions Generate random - = not divisible / = divisible = random+1 22/39 A. Thillard, R. Benadjila CHES15 Challenge

Challenge 3- C file : First flag, path 1 : side-channel Ideal application of Finke et al. (CHES09) : Get a lot of modular equations involving the prime Solve them using CRT Factorize N 23/39 A. Thillard, R. Benadjila CHES15 Challenge

Challenge 3- C file : First flag, path 2 : prime collision Only 100 different primes can be generated by the server Build {N 1, N 2, } Compute gcd(n, N 1 ), gcd(n, N 2 ) Factorize N when gcd 1 4/39 A. Thillard, R. Benadjila CHES15 Challenge

Challenge 3- C file : First flag First ciphertext only 4 blocks Use server as decryption oracle = flag 25/39 A. Thillard, R. Benadjila CHES15 Challenge

Challenge 3- C file : Second flag Second ciphertext is a several hundreds of MB picture Too long to use previous method 1 ( month) 1 : Note to self : do not screw the server implementation, it could be DoS ed otherwise. 26/39 A. Thillard, R. Benadjila CHES15 Challenge

Challenge 3- C file : Second flag Second ciphertext is a several hundreds of MB picture Too long to use previous method 1 ( month) 1 : Note to self : do not screw the server implementation, it could be DoS ed otherwise. 26/39 A. Thillard, R. Benadjila CHES15 Challenge

Challenge 3- C file : Second flag, path 1 : clever server heckler Ask for decryption of random blocks of the picture Blank space = change area Black zone = useful info = decrypt foreign blocks Decryption of useful parts = flag 27/39 A. Thillard, R. Benadjila CHES15 Challenge

Challenge 3- C file : Second flag, path 2 : fault attack Ask for two decryptions of the same block Answer wrongly = error in the 2nd to last round = C Answer correctly = C Piret and Quisquater (CHES03) on AES decryption : (C, C) = secret key = flag 28/39 A. Thillard, R. Benadjila CHES15 Challenge

Challenge 4- PNG file 29/39 A. Thillard, R. Benadjila CHES15 Challenge

Challenge 4- PNG file : First flag Pattern matching : On cell = bit 1 Off cell = bit 0 30/39 A. Thillard, R. Benadjila CHES15 Challenge

Challenge 4- PNG file : First flag, path 1 : static analysis Look at strings Get flag (one of the only strings that is not obfuscated) 31/39 A. Thillard, R. Benadjila CHES15 Challenge

Challenge 4- PNG file : First flag, path 2 : emulation Command file = GameBoy ROM Launch a GB emulator = flag 32/39 A. Thillard, R. Benadjila CHES15 Challenge

Challenge 4- PNG file : Second flag, path 1 : emulation 33/39 A. Thillard, R. Benadjila CHES15 Challenge

Challenge 4- PNG file : Second flag, path 1 : emulation 34/39 A. Thillard, R. Benadjila CHES15 Challenge

Challenge 4- PNG file : Second flag, path 1 : emulation ROM is a padding oracle on AES-CBC Vaudenay s attack (EUROCRYPT02) = decryption 2 oracle Script an attack (Lua scripting with Visual Boy Advance or emulator patching) Decrypt ciphertext = flag 2. Except we have encryption here : same attack applies! 5/39 A. Thillard, R. Benadjila CHES15 Challenge

Challenge 4- PNG file : First flag, path 2 : WB pwning 36/39 A. Thillard, R. Benadjila CHES15 Challenge credit : yobibe

Challenge 4- PNG file : First flag, path 2 : WB pwning Reverse soft and GB architecture (memory banks, etc.) Break whitebox Secret key = flag 37/39 A. Thillard, R. Benadjila CHES15 Challenge

Acknowledgments We d like to thank the following persons for their help in the conception and testing : Aurélie Bauer, Sonia Belaïd, Guillaume Bouffard, Jean-Christophe Delaunay, Thomas Fuhr, Emilien Girault, Pierre-Michel Ricordel, Joana Treger-Marim, Philippe Valembois, Eloi Vanderbeken, and all the persons on this obscure GB-ROM dev IRC channel that insisted half an hour on the fact that implementing a crypto algorithm on the GameBoy was useless. Martin also insisted for special thanks to Jacquie & Michel. 8/39 A. Thillard, R. Benadjila CHES15 Challenge

Call for challenge There will be a challenge next year More information coming soon We want you!!! 39/39 A. Thillard, R. Benadjila CHES15 Challenge

2024 © travelsdocbox.com Privacy Policy | Terms of Service | Feedback