Project 2: What’s the Password?
Due: Wedesday, March 25, 2020, at 11:59pm
Description
Throughout most of your studies, you work creating or modifying programs or computers – in a word: building. However, sometimes the best way to learn about something is to break it. In this project you will be deconstructing existing programs that each have a secret password or passphrase that needs to be input in order to unlock the program.
I am providing you with 3 compiled executables. Each one requires you to enter a sequence of ASCII characters to “unlock.” Unlocking the programs will draw upon the things we are studying this term.
You will also write a tool to help you with solving the first program. In UNIX/Linux, there is a program called strings that dumps out the sequences of ASCII characters that are 4 or more characters long.
Part 1: mystrings (40 points)
The mystrings program should take a filename from the command line and read the bytes of the file, looking for strings of printable characters (ASCII values between 32 and 126 decimal, inclusive). A string is a run of at least 4 consecutive printable characters and ends whenever a non-printable character is encountered. Whenever you find such a string, print it out, one per line.
You can check the operation of your program via the real strings program, and do a man strings to learn about how it works. You do not need to support all of the features of the real strings program. It has knowledge of executables that makes it print out different strings than your program will. You do should not do anything special based upon the file type for your program.
Make sure your program can handle strings that are arbitrarily long.
Part 2: Passwords (60 points)
For this part of the program, you may work with a group of up to 4 people. The hope is that at least one or two of you has taken 252 or equivalent to help out with some of the low-level details. Each person will still have their own solution to the programs and each member is required to write their own writeup that describes what their solution is and how/why it was found. On the writeup, each of the four team members’ names must be listed. You may not work with more than 4 people, but you can work with fewer if you wish. All four people must list the same team members. If there are questions on the group rules, ask before you share information.
For each of the three programs, you will be required to provide two things: the solution passphrase and a written description of your attempts to discover it, stating what you learned to help you along the way. You should relate your experiences back to the course material, using the terms and concepts we’ve discussed. Write it up in a formal, organized fashion. You do not need to describe every command you have tried or every wrong idea. Describe briefly your failed attempts and motivation, but describe in detail your successful approach.
Tools
The most obvious tool you will need is a good debugger like gdb. You may also find a hex viewer like od -x useful. objdump can do a lot of individual tasks that can be helpful. Additionally, you might find the mystrings command you wrote somewhat useful.
Environment
This project and its support will only work on lectura.cs.arizona.edu. You will not be able to run the provided scripts or executables on your local machine.
Initial Setup
Make a proj2 directory under your private directory. Then execute:
cp ~jmisurda/original/get_proj2.sh .
Next, run the shell script that we just copied in:
./get_proj2.sh
This will copy your three executables to the current directory and copy over a new script. The executables will be named USERNAME_1 through USERNAME_3.
As you work on the project
You will also see a script in the directory named ./disable_aslr.sh This script will temporarily disable a security feature that makes it harder to debug your programs. Each time a program is run, the addresses will be different, but if you run this script when you log in, the addresses will be the same, allowing you to learn information from previous executions that you need to solve the puzzles. This only needs to be run once per log in. It goes back to normal when you exit. Run it by:
./disable_aslr.sh
In the proj2 directory you are working in.
Hints/Notes
• Each program is written in C
• Each program will have a different passphrase per student, although how to find it will be consistent for everyone
• All passphrases will be printable ASCII characters and be less than 100 characters in length
• A passphrase may be different each run of a program, make sure to test it several times
• There may be several passphrases that work, try to describe them or explain why
• This is not an attempt to prove how clever I am, each program will be solvable from course material and the standard tools on the system.
What to turn in
• Your mystrings program and source code
• A written description for each program documenting your attempts to arrive at the solution and the passphrase itself, submitted as a Text, Word, or PDF document. (You can use an SFTP or SCP client such as WinSCP or FileZilla to upload this to your proj2 directory before making your tar.gz and submitting)
When you’re done, create a gzipped tarball (as we did in the first lab) of your commented source files and compiled executables.
turnin csc352-spring2020-p2 USERNAME.tar.gz