SlideShare ist ein Scribd-Unternehmen logo

Keygenning using the Z3 SMT Solver

extremecoders
extremecoders

This article shows how we can use a SMT solver in developing a key generator, where we need to find valid keys while satisfying certain constraints.

Technologie
1 von 8
Downloaden Sie, um offline zu lesen
Keygenning using the Z3 SMT Solver ExtremeCoders email: extremecoders@hotmail.com April 27, 2015 1 Introduction Quoting Wikipedia, In computer science and mathematical logic, the satisfiability mod- ulo theories (SMT) problem is a decision problem for logical formulas with respect to combinations of background theories expressed in classical firstorder logic with equality. Formally speaking, an SMT instance is a formula in first order logic, where some function and predicate symbols have additional interpretations, and SMT is the problem of determining whether such a formula is satisfiable. This article shows how we can use an SMT solver in developing a key generator. We need to find valid keys while also satisfying certain constraints. We will use the Z3 SMT Solver, as it is quite easy to use and also has a nice python API to code against. 2 The Challenge While solving a few problems from the TJCTF challenge, I stumbled upon an interesting one. The problem is as follows. We have been provided with a jar (Java Archive) file. The challenge is to find the password which will “unlock” this executable jar file. The jar file contains just a solitary class within it named JavaBytecode.class. We can decompile this class straightaway to proceed. The decompiling proceeds fine which means that the code wasn’t obfuscated. Here is the decompiled code. For bet- ter understanding of the code, some variable and function names have been renamed. Comments have also been added as and when deemed necessary. import java.io.PrintStream; import java.util.Scanner; public class JavaBytecode { public static void main(String[] args) { Scanner a = new Scanner(System.in); System.out.print("Enter passcode: "); String b = a.nextLine(); if (check(b)) System.out.println("Success!"); else System.out.println("Failed"); 1
} // Junk Method private static void junk(String b) { int i = 0; b = b + i; } private static boolean check(String pass) { for (int i = 0; i < 10000000; i++) { junk(pass); } for (int i = 0; i < pass.length(); i++) { char c = pass.charAt(i); // All characters must lie within 0-9 inclusive if ((c < ’0’) || (c > ’9’)) { return false; } } int d = 0; // Calculate sum of even positioned digits for (int i = 0; i < pass.length() - 1; i += 2) { d += pass.charAt(i) - ’0’; } // Calculates sum of odd position digits for (int i = 1; i < pass.length() - 1; i += 2) { d += (pass.charAt(i) - ’0’) * 3; } // rem should equal 9 int rem = 10 - d % 10; int sum = 0; // Sum of first 5 digits for (int i = 0; i < 5; i++) { sum += pass.charAt(i) - ’0’; } 2
int prod = 1; // Products of 4 digits after the first. for (int i = 1; i < 5; i++) { prod *= (pass.charAt(i) - ’0’); } int d1 = pass.charAt(1) - ’0’; int d2 = pass.charAt(2) - ’0’; int d3 = pass.charAt(3) - ’0’; int d4 = pass.charAt(4) - ’0’; // The substring at 5 must equal this hardcoded value if (!pass.substring(5, 11).equals("914323")) return false; if ((Math.abs(d1 + d2 - d3) != 1) || (Math.abs(d1 + d2 - d4) != 1)) return false; // Must contain at least a zero if (!pass.contains("0")) return false; // Last digit of passcode must be 9 if (pass.charAt(pass.length() - 1) - ’0’ != rem) return false; // Sum of first 5 digits must equal 21 if (sum != 21) return false; // Product of 4 digits after the first one must equal 480 if (prod != 480) return false; return rem == 9; } } 3 Analysis of the algorithm The main function accepts a passcode as a String. It is passed to another function check which checks whether our passcode is valid or not. At the begin of the function there is a call to junk which is called about ten million times. This is nothing but a sort of delay loop and can be ignored. Next we encounter this snippet which checks whether all the characters of the password are within the range of 0-9. 3
for (int i = 0; i < pass.length(); i++) { char c = pass.charAt(i); // All characters must lie within 0-9 inclusive if ((c < ’0’) || (c > ’9’)) { return false; } } Next we have two loops. The first one sums up the even positioned digits of the passcode. The next one sums up the odd positioned digits. This last sum is further multiplied by 3. The total of the above two sums modulo 10 is calculated. We will later see that this remainder must equal 1, i.e., variable rem must equal 9. int d = 0; // Calculate sum of even positioned digits for (int i = 0; i < pass.length() - 1; i += 2) { d += pass.charAt(i) - ’0’; } // Calculates sum of odd position digits for (int i = 1; i < pass.length() - 1; i += 2) { d += (pass.charAt(i) - ’0’) * 3; } // rem should equal 9 int rem = 10 - d % 10; Next, there are another pair of loops. The first calculates the sum of the first 5 digits. The next calculates the product of 4 digits after the first. These sum and product must equal 21 and 480 respectively which we will see later. // Sum of first 5 digits for (int i = 0; i < 5; i++) { sum += pass.charAt(i) - ’0’; } int prod = 1; // Product of 4 digits after the first. for (int i = 1; i < 5; i++) { prod *= (pass.charAt(i) - ’0’); } 4
At the end, there are some additional checks on the passcode. The substring at 5 must match the hardcoded value 914323. It must contain atleast one zero digit. The last digit of the passcode must be 9. The remaining few checks like the one using Math.abs can be understood by going through the code. int d1 = pass.charAt(1) - ’0’; int d2 = pass.charAt(2) - ’0’; int d3 = pass.charAt(3) - ’0’; int d4 = pass.charAt(4) - ’0’; // The substring at 5 must equal this hardcoded value if (!pass.substring(5, 11).equals("914323")) return false; if ((Math.abs(d1 + d2 - d3) != 1) || (Math.abs(d1 + d2 - d4) != 1)) return false; // Must contain at least a zero if (!pass.contains("0")) return false; // Last digit of passcode must be 9 if (pass.charAt(pass.length() - 1) - ’0’ != rem) return false; // Sum of first 5 digits must equal 21 if (sum != 21) return false; // Product of 4 digits after the first one must equal 480 if (prod != 480) return false; return rem == 9; 4 Using Z3 In order to find a key, we can code a bruteforcer which generates keys of increasing lengths until it finds one which satisfies all the checks. However such an approach will be inefficient both in space and time as there are far too many keys to check. Further more memory and time requirements of bruteforce approach will increase exponentially if we need to find keys of increasing lengths. This is an ideal problem which can be solved using Z3. We need to initialize the parameters and add the constraints. Z3 would automatically try to find a solution re- specting all the given constraints. This is our quick n dirty Z3 solver. It will try to find valid keys staring from a length of 11 characters. from z3.z3 import * 5
# The digits of the passcode d0, d1, d2, d3, d4, d5, d6, d7, d8, d9, d10 = Ints(’d0 d1 d2 d3 d4 d5 d6 d7 d8 d9 d10’) digits_list = [d0, d1, d2, d3, d4, d5, d6, d7, d8, d9, d10] def check(num_digits): # Create a new digit globals()[’d{}’.format(num_digits)] = Int(’d{}’.format(num_digits)) # Append it to the digits list digits_list.append(globals().get(’d{}’.format(num_digits))) # Initialize the solver s = Solver() # Add the constraints # Sum of first 5 digits should equal 21 s.add(d0 + d1 + d2 + d3 + d4 == 21) # Product of 4 digits after the first should equal 480 s.add(d1 * d2 * d3 * d4 == 480) # All digits must be within 0-9 inclusive s.add(d0 >= 0, d0 <= 9) s.add(d1 >= 0, d1 <= 9) s.add(d2 >= 0, d2 <= 9) s.add(d3 >= 0, d3 <= 9) s.add(d4 >= 0, d4 <= 9) for i in range(11, num_digits): s.add( globals().get(’d{}’.format(i)) >= 0, globals().get(’d{}’.format(i)) <= 9 ) # Digits from 5 to 10 should be 914323 s.add(d5 == 9, d6 == 1, d7 == 4, d8 == 3, d9 == 2, d10 == 3) # Constraint involving Math.abs s.add(Or(d1 + d2 - d3 == 1, d1 + d2 - d3 == -1)) s.add(Or(d1 + d2 - d4 == 1, d1 + d2 - d4 == -1)) # Last digit must be 9 s.add(globals().get(’d{}’.format(num_digits)) == 9) # ((sum of even pos digits) + (sum of odd pos digits) * 3) % 10 ==1 s.add(( reduce(lambda a, b: a+b, digits_list[0:len(digits_list)-1:2]) + reduce(lambda a, b: a+b, digits_list[1:len(digits_list)-1:2]) *3 6
) % 10 == 1) # Check if there is a solution to the problem if s.check() == sat: m = s.model() print ’Found a passcode of length %d digits’ %num_digits print ’Passcode is’, reduce(lambda a, b:a + str(m[b]), ([’’] + digits_list)) return True return False def main(): # Minimal number of digits is 11 num_digits = 11 while check(num_digits) == False: print ’No passcode of length %d exists’ %num_digits num_digits += 1 if __name__ == ’__main__’: main() On running our solver we get the following output No passcode of length 11 exists Found a passcode of length 12 digits Passcode is 0526891432329 The above passcode “unlocks” the jar. Some other valid passcodes of higher lengths are 05286914323029, 025869143232209, 0258691432327299, 02568914323002609. There may also be more valid passcodes for a particular length. The most notable fact is that Z3 found valid passcodes in quick time, which would not have been possible had we chose a bruteforce approach. 5 Conclusion SMT Solvers are such an useful tool that they should be a necessary weapon in every reverser’s kitty. They can be used whenever we have a type of constraint satisfaction problem. SMT solvers can also be used in symbolic execution, bug finding & fuzz testing, where we need to generate inputs such that a particular branch of code execution is taken, triggering the bug. 6 References 1. z3 Theorem Prover :: https://github.com/Z3Prover/z3 2. z3 API In Python Guide :: http://web.archive.org/web/20150214002728/http://rise4fun.com/z3py/tutorial 3. Z3 - a Tutorial :: http://citeseerx.ist.psu.edu/viewdoc/download?rep=rep1&type=pdf&doi=10.1.1.225.8231 7
4. Automated algebraic cryptanalysis with OpenREIL and Z3 (Kao’s toy project) :: http://blog.cr4.sh/2015/03/automated-algebraic-cryptanalysis-with.html 5. Taming a Wild Nanomite-protected MIPS Binary With Symbolic Execution :: https://doar- e.github.io/blog/2014/10/11/taiming-a-wild-nanomite-protected-mips-binary-with-symbolic-execution-no-such- crackme/ 6. Breaking Kryptonite’s Obfuscation: A Static Analysis Approach Relying on Sym- bolic Execution :: https://doar-e.github.io/blog/2013/09/16/breaking-kryptonites-obfuscation-with- symbolic-execution/ 7. Finding unknown algorithm using only input-output pairs and Z3 SMT solver :: http://go.yurichev.com/17268 8. SMT Solving - San Heelan’s Blog :: https://seanhn.wordpress.com/category/smt-solving/ 8

Empfohlen

Captitude 2doc-100627004318-phpapp01
Captitude 2doc-100627004318-phpapp01Captitude 2doc-100627004318-phpapp01
Captitude 2doc-100627004318-phpapp01ManjeeraBhargavi Varanasi
 
C aptitude.2doc
C aptitude.2docC aptitude.2doc
C aptitude.2docSrikanth
 
C tutorial
C tutorialC tutorial
C tutorialAnurag Sukhija
 
Computer Programming- Lecture 10
Computer Programming- Lecture 10Computer Programming- Lecture 10
Computer Programming- Lecture 10Dr. Md. Shohel Sayeed
 
09. Java Methods
09. Java Methods09. Java Methods
09. Java MethodsIntro C# Book
 
Computer Programming- Lecture 7
Computer Programming- Lecture 7Computer Programming- Lecture 7
Computer Programming- Lecture 7Dr. Md. Shohel Sayeed
 
Resource wrappers in C++
Resource wrappers in C++Resource wrappers in C++
Resource wrappers in C++Ilio Catallo
 
03 and 04 .Operators, Expressions, working with the console and conditional s...
03 and 04 .Operators, Expressions, working with the console and conditional s...03 and 04 .Operators, Expressions, working with the console and conditional s...
03 and 04 .Operators, Expressions, working with the console and conditional s...Intro C# Book
 

Empfohlen

Captitude 2doc-100627004318-phpapp01
Captitude 2doc-100627004318-phpapp01Captitude 2doc-100627004318-phpapp01
Captitude 2doc-100627004318-phpapp01ManjeeraBhargavi Varanasi
 
C aptitude.2doc
C aptitude.2docC aptitude.2doc
C aptitude.2docSrikanth
 
C tutorial
C tutorialC tutorial
C tutorialAnurag Sukhija
 
Computer Programming- Lecture 10
Computer Programming- Lecture 10Computer Programming- Lecture 10
Computer Programming- Lecture 10Dr. Md. Shohel Sayeed
 
09. Java Methods
09. Java Methods09. Java Methods
09. Java MethodsIntro C# Book
 
Computer Programming- Lecture 7
Computer Programming- Lecture 7Computer Programming- Lecture 7
Computer Programming- Lecture 7Dr. Md. Shohel Sayeed
 
Resource wrappers in C++
Resource wrappers in C++Resource wrappers in C++
Resource wrappers in C++Ilio Catallo
 
03 and 04 .Operators, Expressions, working with the console and conditional s...
03 and 04 .Operators, Expressions, working with the console and conditional s...03 and 04 .Operators, Expressions, working with the console and conditional s...
03 and 04 .Operators, Expressions, working with the console and conditional s...Intro C# Book
 
Computer Programming- Lecture 3
Computer Programming- Lecture 3Computer Programming- Lecture 3
Computer Programming- Lecture 3Dr. Md. Shohel Sayeed
 
Computer Programming- Lecture 6
Computer Programming- Lecture 6Computer Programming- Lecture 6
Computer Programming- Lecture 6Dr. Md. Shohel Sayeed
 
Network security CS2
Network security CS2Network security CS2
Network security CS2Infinity Tech Solutions
 
02. Data Types and variables
02. Data Types and variables02. Data Types and variables
02. Data Types and variablesIntro C# Book
 
Computer Programming- Lecture 8
Computer Programming- Lecture 8Computer Programming- Lecture 8
Computer Programming- Lecture 8Dr. Md. Shohel Sayeed
 
Computer Programming- Lecture 5
Computer Programming- Lecture 5 Computer Programming- Lecture 5
Computer Programming- Lecture 5 Dr. Md. Shohel Sayeed
 
04. Console Input Output
04. Console Input Output 04. Console Input Output
04. Console Input Output Intro C# Book
 
Computer Programming- Lecture 9
Computer Programming- Lecture 9Computer Programming- Lecture 9
Computer Programming- Lecture 9Dr. Md. Shohel Sayeed
 
Lecture 12: Classes and Files
Lecture 12: Classes and FilesLecture 12: Classes and Files
Lecture 12: Classes and FilesDr. Md. Shohel Sayeed
 
Ntewrok secuirty cs7
Ntewrok secuirty cs7Ntewrok secuirty cs7
Ntewrok secuirty cs7Infinity Tech Solutions
 
100 c interview questions answers
100 c interview questions answers100 c interview questions answers
100 c interview questions answersSareen Kumar
 
12. Exception Handling
12. Exception Handling 12. Exception Handling
12. Exception Handling Intro C# Book
 
C Recursion, Pointers, Dynamic memory management
C Recursion, Pointers, Dynamic memory managementC Recursion, Pointers, Dynamic memory management
C Recursion, Pointers, Dynamic memory managementSreedhar Chowdam
 
Multidimensional arrays in C++
Multidimensional arrays in C++Multidimensional arrays in C++
Multidimensional arrays in C++Ilio Catallo
 
Advanced C - Part 3
Advanced C - Part 3Advanced C - Part 3
Advanced C - Part 3Emertxe Information Technologies Pvt Ltd
 
13. Java text processing
13. Java text processing13. Java text processing
13. Java text processingIntro C# Book
 
05. Conditional Statements
05. Conditional Statements05. Conditional Statements
05. Conditional StatementsIntro C# Book
 
10. Recursion
10. Recursion10. Recursion
10. RecursionIntro C# Book
 
C Programming Storage classes, Recursion
C Programming Storage classes, RecursionC Programming Storage classes, Recursion
C Programming Storage classes, RecursionSreedhar Chowdam
 
09. Methods
09. Methods09. Methods
09. MethodsIntro C# Book
 
C interview question answer 2
C interview question answer 2C interview question answer 2
C interview question answer 2Amit Kapoor
 
Python programming workshop session 2
Python programming workshop session 2Python programming workshop session 2
Python programming workshop session 2Abdul Haseeb
 

Weitere ähnliche Inhalte

Was ist angesagt?

02. Data Types and variables
02. Data Types and variables02. Data Types and variables
02. Data Types and variablesIntro C# Book
 
04. Console Input Output
04. Console Input Output 04. Console Input Output
04. Console Input Output Intro C# Book
 
100 c interview questions answers
100 c interview questions answers100 c interview questions answers
100 c interview questions answersSareen Kumar
 
12. Exception Handling
12. Exception Handling 12. Exception Handling
12. Exception Handling Intro C# Book
 
C Recursion, Pointers, Dynamic memory management
C Recursion, Pointers, Dynamic memory managementC Recursion, Pointers, Dynamic memory management
C Recursion, Pointers, Dynamic memory managementSreedhar Chowdam
 
Multidimensional arrays in C++
Multidimensional arrays in C++Multidimensional arrays in C++
Multidimensional arrays in C++Ilio Catallo
 
13. Java text processing
13. Java text processing13. Java text processing
13. Java text processingIntro C# Book
 
05. Conditional Statements
05. Conditional Statements05. Conditional Statements
05. Conditional StatementsIntro C# Book
 
C Programming Storage classes, Recursion
C Programming Storage classes, RecursionC Programming Storage classes, Recursion
C Programming Storage classes, RecursionSreedhar Chowdam
 

Was ist angesagt? (20)

Computer Programming- Lecture 3
Computer Programming- Lecture 3Computer Programming- Lecture 3
Computer Programming- Lecture 3
 
Computer Programming- Lecture 6
Computer Programming- Lecture 6Computer Programming- Lecture 6
Computer Programming- Lecture 6
 
Network security CS2
Network security CS2Network security CS2
Network security CS2
 
02. Data Types and variables
02. Data Types and variables02. Data Types and variables
02. Data Types and variables
 
Computer Programming- Lecture 8
Computer Programming- Lecture 8Computer Programming- Lecture 8
Computer Programming- Lecture 8
 
Computer Programming- Lecture 5
Computer Programming- Lecture 5 Computer Programming- Lecture 5
Computer Programming- Lecture 5
 
04. Console Input Output
04. Console Input Output 04. Console Input Output
04. Console Input Output
 
Computer Programming- Lecture 9
Computer Programming- Lecture 9Computer Programming- Lecture 9
Computer Programming- Lecture 9
 
Lecture 12: Classes and Files
Lecture 12: Classes and FilesLecture 12: Classes and Files
Lecture 12: Classes and Files
 
Ntewrok secuirty cs7
Ntewrok secuirty cs7Ntewrok secuirty cs7
Ntewrok secuirty cs7
 
100 c interview questions answers
100 c interview questions answers100 c interview questions answers
100 c interview questions answers
 
12. Exception Handling
12. Exception Handling 12. Exception Handling
12. Exception Handling
 
C Recursion, Pointers, Dynamic memory management
C Recursion, Pointers, Dynamic memory managementC Recursion, Pointers, Dynamic memory management
C Recursion, Pointers, Dynamic memory management
 
Multidimensional arrays in C++
Multidimensional arrays in C++Multidimensional arrays in C++
Multidimensional arrays in C++
 
Advanced C - Part 3
Advanced C - Part 3Advanced C - Part 3
Advanced C - Part 3
 
13. Java text processing
13. Java text processing13. Java text processing
13. Java text processing
 
05. Conditional Statements
05. Conditional Statements05. Conditional Statements
05. Conditional Statements
 
10. Recursion
10. Recursion10. Recursion
10. Recursion
 
C Programming Storage classes, Recursion
C Programming Storage classes, RecursionC Programming Storage classes, Recursion
C Programming Storage classes, Recursion
 
09. Methods
09. Methods09. Methods
09. Methods
 

Ähnlich wie Keygenning using the Z3 SMT Solver

C interview question answer 2
C interview question answer 2C interview question answer 2
C interview question answer 2Amit Kapoor
 
Python programming workshop session 2
Python programming workshop session 2Python programming workshop session 2
Python programming workshop session 2Abdul Haseeb
 
C++ Course - Lesson 2
C++ Course - Lesson 2C++ Course - Lesson 2
C++ Course - Lesson 2Mohamed Ahmed
 
Lecture 15_Strings and Dynamic Memory Allocation.pptx
Lecture 15_Strings and Dynamic Memory Allocation.pptxLecture 15_Strings and Dynamic Memory Allocation.pptx
Lecture 15_Strings and Dynamic Memory Allocation.pptxJawadTanvir
 
C++ and OOPS Crash Course by ACM DBIT | Grejo Joby
C++ and OOPS Crash Course by ACM DBIT | Grejo JobyC++ and OOPS Crash Course by ACM DBIT | Grejo Joby
C++ and OOPS Crash Course by ACM DBIT | Grejo JobyGrejoJoby1
 
VIT351 Software Development VI Unit2
VIT351 Software Development VI Unit2VIT351 Software Development VI Unit2
VIT351 Software Development VI Unit2YOGESH SINGH
 
booksoncprogramminglanguage-anintroductiontobeginnersbyarunumrao4-21101016591...
booksoncprogramminglanguage-anintroductiontobeginnersbyarunumrao4-21101016591...booksoncprogramminglanguage-anintroductiontobeginnersbyarunumrao4-21101016591...
booksoncprogramminglanguage-anintroductiontobeginnersbyarunumrao4-21101016591...GkhanGirgin3
 
Notes for C Programming for MCA, BCA, B. Tech CSE, ECE and MSC (CS) 4 of 5 by...
Notes for C Programming for MCA, BCA, B. Tech CSE, ECE and MSC (CS) 4 of 5 by...Notes for C Programming for MCA, BCA, B. Tech CSE, ECE and MSC (CS) 4 of 5 by...
Notes for C Programming for MCA, BCA, B. Tech CSE, ECE and MSC (CS) 4 of 5 by...ssuserd6b1fd
 
Programming python quick intro for schools
Programming python quick intro for schoolsProgramming python quick intro for schools
Programming python quick intro for schoolsDan Bowen
 
QA Auotmation Java programs,theory
QA Auotmation Java programs,theory QA Auotmation Java programs,theory
QA Auotmation Java programs,theory archana singh
 
Beautiful python - PyLadies
Beautiful python - PyLadiesBeautiful python - PyLadies
Beautiful python - PyLadiesAlicia Pérez
 
C Programming Interview Questions
C Programming Interview QuestionsC Programming Interview Questions
C Programming Interview QuestionsGradeup
 
Write a program to check a given number is prime or not
Write a program to check a given number is prime or notWrite a program to check a given number is prime or not
Write a program to check a given number is prime or notaluavi
 
Shad_Cryptography_PracticalFile_IT_4th_Year (1).docx
Shad_Cryptography_PracticalFile_IT_4th_Year (1).docxShad_Cryptography_PracticalFile_IT_4th_Year (1).docx
Shad_Cryptography_PracticalFile_IT_4th_Year (1).docxSonu62614
 
Python programming workshop
Python programming workshopPython programming workshop
Python programming workshopBAINIDA
 
the refernce of programming C notes ppt.pptx
the refernce of programming C notes ppt.pptxthe refernce of programming C notes ppt.pptx
the refernce of programming C notes ppt.pptxAnkitaVerma776806
 
FALLSEM2022-23_BCSE202L_TH_VL2022230103292_Reference_Material_I_08-08-2022_C_...
FALLSEM2022-23_BCSE202L_TH_VL2022230103292_Reference_Material_I_08-08-2022_C_...FALLSEM2022-23_BCSE202L_TH_VL2022230103292_Reference_Material_I_08-08-2022_C_...
FALLSEM2022-23_BCSE202L_TH_VL2022230103292_Reference_Material_I_08-08-2022_C_...AntareepMajumder
 

Ähnlich wie Keygenning using the Z3 SMT Solver (20)

C interview question answer 2
C interview question answer 2C interview question answer 2
C interview question answer 2
 
Python programming workshop session 2
Python programming workshop session 2Python programming workshop session 2
Python programming workshop session 2
 
C++ Course - Lesson 2
C++ Course - Lesson 2C++ Course - Lesson 2
C++ Course - Lesson 2
 
Lecture 15_Strings and Dynamic Memory Allocation.pptx
Lecture 15_Strings and Dynamic Memory Allocation.pptxLecture 15_Strings and Dynamic Memory Allocation.pptx
Lecture 15_Strings and Dynamic Memory Allocation.pptx
 
C++ and OOPS Crash Course by ACM DBIT | Grejo Joby
C++ and OOPS Crash Course by ACM DBIT | Grejo JobyC++ and OOPS Crash Course by ACM DBIT | Grejo Joby
C++ and OOPS Crash Course by ACM DBIT | Grejo Joby
 
VIT351 Software Development VI Unit2
VIT351 Software Development VI Unit2VIT351 Software Development VI Unit2
VIT351 Software Development VI Unit2
 
booksoncprogramminglanguage-anintroductiontobeginnersbyarunumrao4-21101016591...
booksoncprogramminglanguage-anintroductiontobeginnersbyarunumrao4-21101016591...booksoncprogramminglanguage-anintroductiontobeginnersbyarunumrao4-21101016591...
booksoncprogramminglanguage-anintroductiontobeginnersbyarunumrao4-21101016591...
 
Notes for C Programming for MCA, BCA, B. Tech CSE, ECE and MSC (CS) 4 of 5 by...
Notes for C Programming for MCA, BCA, B. Tech CSE, ECE and MSC (CS) 4 of 5 by...Notes for C Programming for MCA, BCA, B. Tech CSE, ECE and MSC (CS) 4 of 5 by...
Notes for C Programming for MCA, BCA, B. Tech CSE, ECE and MSC (CS) 4 of 5 by...
 
Ansi c
Ansi cAnsi c
Ansi c
 
Programming python quick intro for schools
Programming python quick intro for schoolsProgramming python quick intro for schools
Programming python quick intro for schools
 
QA Auotmation Java programs,theory
QA Auotmation Java programs,theory QA Auotmation Java programs,theory
QA Auotmation Java programs,theory
 
Beautiful python - PyLadies
Beautiful python - PyLadiesBeautiful python - PyLadies
Beautiful python - PyLadies
 
C Programming Interview Questions
C Programming Interview QuestionsC Programming Interview Questions
C Programming Interview Questions
 
Write a program to check a given number is prime or not
Write a program to check a given number is prime or notWrite a program to check a given number is prime or not
Write a program to check a given number is prime or not
 
Shad_Cryptography_PracticalFile_IT_4th_Year (1).docx
Shad_Cryptography_PracticalFile_IT_4th_Year (1).docxShad_Cryptography_PracticalFile_IT_4th_Year (1).docx
Shad_Cryptography_PracticalFile_IT_4th_Year (1).docx
 
Python programming workshop
Python programming workshopPython programming workshop
Python programming workshop
 
pointers 1
pointers 1pointers 1
pointers 1
 
PRACTICAL FILE(COMP SC).pptx
PRACTICAL FILE(COMP SC).pptxPRACTICAL FILE(COMP SC).pptx
PRACTICAL FILE(COMP SC).pptx
 
the refernce of programming C notes ppt.pptx
the refernce of programming C notes ppt.pptxthe refernce of programming C notes ppt.pptx
the refernce of programming C notes ppt.pptx
 
FALLSEM2022-23_BCSE202L_TH_VL2022230103292_Reference_Material_I_08-08-2022_C_...
FALLSEM2022-23_BCSE202L_TH_VL2022230103292_Reference_Material_I_08-08-2022_C_...FALLSEM2022-23_BCSE202L_TH_VL2022230103292_Reference_Material_I_08-08-2022_C_...
FALLSEM2022-23_BCSE202L_TH_VL2022230103292_Reference_Material_I_08-08-2022_C_...
 

Kürzlich hochgeladen

Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Jeffrey Haguewood
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native ApplicationsWSO2
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...apidays
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businesspanagenda
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdfSandro Moreira
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodJuan lago vázquez
 
Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityPlatformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityWSO2
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Angeliki Cooney
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsNanddeep Nachan
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfOrbitshub
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxRustici Software
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...apidays
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...Zilliz
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistandanishmna97
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...apidays
 
WSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2
 

Kürzlich hochgeladen (20)

Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityPlatformless Horizons for Digital Adaptability
Platformless Horizons for Digital Adaptability
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
WSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering Developers
 

Keygenning using the Z3 SMT Solver

  • 1. Keygenning using the Z3 SMT Solver ExtremeCoders email: extremecoders@hotmail.com April 27, 2015 1 Introduction Quoting Wikipedia, In computer science and mathematical logic, the satisfiability mod- ulo theories (SMT) problem is a decision problem for logical formulas with respect to combinations of background theories expressed in classical firstorder logic with equality. Formally speaking, an SMT instance is a formula in first order logic, where some function and predicate symbols have additional interpretations, and SMT is the problem of determining whether such a formula is satisfiable. This article shows how we can use an SMT solver in developing a key generator. We need to find valid keys while also satisfying certain constraints. We will use the Z3 SMT Solver, as it is quite easy to use and also has a nice python API to code against. 2 The Challenge While solving a few problems from the TJCTF challenge, I stumbled upon an interesting one. The problem is as follows. We have been provided with a jar (Java Archive) file. The challenge is to find the password which will “unlock” this executable jar file. The jar file contains just a solitary class within it named JavaBytecode.class. We can decompile this class straightaway to proceed. The decompiling proceeds fine which means that the code wasn’t obfuscated. Here is the decompiled code. For bet- ter understanding of the code, some variable and function names have been renamed. Comments have also been added as and when deemed necessary. import java.io.PrintStream; import java.util.Scanner; public class JavaBytecode { public static void main(String[] args) { Scanner a = new Scanner(System.in); System.out.print("Enter passcode: "); String b = a.nextLine(); if (check(b)) System.out.println("Success!"); else System.out.println("Failed"); 1
  • 2. } // Junk Method private static void junk(String b) { int i = 0; b = b + i; } private static boolean check(String pass) { for (int i = 0; i < 10000000; i++) { junk(pass); } for (int i = 0; i < pass.length(); i++) { char c = pass.charAt(i); // All characters must lie within 0-9 inclusive if ((c < ’0’) || (c > ’9’)) { return false; } } int d = 0; // Calculate sum of even positioned digits for (int i = 0; i < pass.length() - 1; i += 2) { d += pass.charAt(i) - ’0’; } // Calculates sum of odd position digits for (int i = 1; i < pass.length() - 1; i += 2) { d += (pass.charAt(i) - ’0’) * 3; } // rem should equal 9 int rem = 10 - d % 10; int sum = 0; // Sum of first 5 digits for (int i = 0; i < 5; i++) { sum += pass.charAt(i) - ’0’; } 2
  • 3. int prod = 1; // Products of 4 digits after the first. for (int i = 1; i < 5; i++) { prod *= (pass.charAt(i) - ’0’); } int d1 = pass.charAt(1) - ’0’; int d2 = pass.charAt(2) - ’0’; int d3 = pass.charAt(3) - ’0’; int d4 = pass.charAt(4) - ’0’; // The substring at 5 must equal this hardcoded value if (!pass.substring(5, 11).equals("914323")) return false; if ((Math.abs(d1 + d2 - d3) != 1) || (Math.abs(d1 + d2 - d4) != 1)) return false; // Must contain at least a zero if (!pass.contains("0")) return false; // Last digit of passcode must be 9 if (pass.charAt(pass.length() - 1) - ’0’ != rem) return false; // Sum of first 5 digits must equal 21 if (sum != 21) return false; // Product of 4 digits after the first one must equal 480 if (prod != 480) return false; return rem == 9; } } 3 Analysis of the algorithm The main function accepts a passcode as a String. It is passed to another function check which checks whether our passcode is valid or not. At the begin of the function there is a call to junk which is called about ten million times. This is nothing but a sort of delay loop and can be ignored. Next we encounter this snippet which checks whether all the characters of the password are within the range of 0-9. 3
  • 4. for (int i = 0; i < pass.length(); i++) { char c = pass.charAt(i); // All characters must lie within 0-9 inclusive if ((c < ’0’) || (c > ’9’)) { return false; } } Next we have two loops. The first one sums up the even positioned digits of the passcode. The next one sums up the odd positioned digits. This last sum is further multiplied by 3. The total of the above two sums modulo 10 is calculated. We will later see that this remainder must equal 1, i.e., variable rem must equal 9. int d = 0; // Calculate sum of even positioned digits for (int i = 0; i < pass.length() - 1; i += 2) { d += pass.charAt(i) - ’0’; } // Calculates sum of odd position digits for (int i = 1; i < pass.length() - 1; i += 2) { d += (pass.charAt(i) - ’0’) * 3; } // rem should equal 9 int rem = 10 - d % 10; Next, there are another pair of loops. The first calculates the sum of the first 5 digits. The next calculates the product of 4 digits after the first. These sum and product must equal 21 and 480 respectively which we will see later. // Sum of first 5 digits for (int i = 0; i < 5; i++) { sum += pass.charAt(i) - ’0’; } int prod = 1; // Product of 4 digits after the first. for (int i = 1; i < 5; i++) { prod *= (pass.charAt(i) - ’0’); } 4
  • 5. At the end, there are some additional checks on the passcode. The substring at 5 must match the hardcoded value 914323. It must contain atleast one zero digit. The last digit of the passcode must be 9. The remaining few checks like the one using Math.abs can be understood by going through the code. int d1 = pass.charAt(1) - ’0’; int d2 = pass.charAt(2) - ’0’; int d3 = pass.charAt(3) - ’0’; int d4 = pass.charAt(4) - ’0’; // The substring at 5 must equal this hardcoded value if (!pass.substring(5, 11).equals("914323")) return false; if ((Math.abs(d1 + d2 - d3) != 1) || (Math.abs(d1 + d2 - d4) != 1)) return false; // Must contain at least a zero if (!pass.contains("0")) return false; // Last digit of passcode must be 9 if (pass.charAt(pass.length() - 1) - ’0’ != rem) return false; // Sum of first 5 digits must equal 21 if (sum != 21) return false; // Product of 4 digits after the first one must equal 480 if (prod != 480) return false; return rem == 9; 4 Using Z3 In order to find a key, we can code a bruteforcer which generates keys of increasing lengths until it finds one which satisfies all the checks. However such an approach will be inefficient both in space and time as there are far too many keys to check. Further more memory and time requirements of bruteforce approach will increase exponentially if we need to find keys of increasing lengths. This is an ideal problem which can be solved using Z3. We need to initialize the parameters and add the constraints. Z3 would automatically try to find a solution re- specting all the given constraints. This is our quick n dirty Z3 solver. It will try to find valid keys staring from a length of 11 characters. from z3.z3 import * 5
  • 6. # The digits of the passcode d0, d1, d2, d3, d4, d5, d6, d7, d8, d9, d10 = Ints(’d0 d1 d2 d3 d4 d5 d6 d7 d8 d9 d10’) digits_list = [d0, d1, d2, d3, d4, d5, d6, d7, d8, d9, d10] def check(num_digits): # Create a new digit globals()[’d{}’.format(num_digits)] = Int(’d{}’.format(num_digits)) # Append it to the digits list digits_list.append(globals().get(’d{}’.format(num_digits))) # Initialize the solver s = Solver() # Add the constraints # Sum of first 5 digits should equal 21 s.add(d0 + d1 + d2 + d3 + d4 == 21) # Product of 4 digits after the first should equal 480 s.add(d1 * d2 * d3 * d4 == 480) # All digits must be within 0-9 inclusive s.add(d0 >= 0, d0 <= 9) s.add(d1 >= 0, d1 <= 9) s.add(d2 >= 0, d2 <= 9) s.add(d3 >= 0, d3 <= 9) s.add(d4 >= 0, d4 <= 9) for i in range(11, num_digits): s.add( globals().get(’d{}’.format(i)) >= 0, globals().get(’d{}’.format(i)) <= 9 ) # Digits from 5 to 10 should be 914323 s.add(d5 == 9, d6 == 1, d7 == 4, d8 == 3, d9 == 2, d10 == 3) # Constraint involving Math.abs s.add(Or(d1 + d2 - d3 == 1, d1 + d2 - d3 == -1)) s.add(Or(d1 + d2 - d4 == 1, d1 + d2 - d4 == -1)) # Last digit must be 9 s.add(globals().get(’d{}’.format(num_digits)) == 9) # ((sum of even pos digits) + (sum of odd pos digits) * 3) % 10 ==1 s.add(( reduce(lambda a, b: a+b, digits_list[0:len(digits_list)-1:2]) + reduce(lambda a, b: a+b, digits_list[1:len(digits_list)-1:2]) *3 6
  • 7. ) % 10 == 1) # Check if there is a solution to the problem if s.check() == sat: m = s.model() print ’Found a passcode of length %d digits’ %num_digits print ’Passcode is’, reduce(lambda a, b:a + str(m[b]), ([’’] + digits_list)) return True return False def main(): # Minimal number of digits is 11 num_digits = 11 while check(num_digits) == False: print ’No passcode of length %d exists’ %num_digits num_digits += 1 if __name__ == ’__main__’: main() On running our solver we get the following output No passcode of length 11 exists Found a passcode of length 12 digits Passcode is 0526891432329 The above passcode “unlocks” the jar. Some other valid passcodes of higher lengths are 05286914323029, 025869143232209, 0258691432327299, 02568914323002609. There may also be more valid passcodes for a particular length. The most notable fact is that Z3 found valid passcodes in quick time, which would not have been possible had we chose a bruteforce approach. 5 Conclusion SMT Solvers are such an useful tool that they should be a necessary weapon in every reverser’s kitty. They can be used whenever we have a type of constraint satisfaction problem. SMT solvers can also be used in symbolic execution, bug finding & fuzz testing, where we need to generate inputs such that a particular branch of code execution is taken, triggering the bug. 6 References 1. z3 Theorem Prover :: https://github.com/Z3Prover/z3 2. z3 API In Python Guide :: http://web.archive.org/web/20150214002728/http://rise4fun.com/z3py/tutorial 3. Z3 - a Tutorial :: http://citeseerx.ist.psu.edu/viewdoc/download?rep=rep1&type=pdf&doi=10.1.1.225.8231 7
  • 8. 4. Automated algebraic cryptanalysis with OpenREIL and Z3 (Kao’s toy project) :: http://blog.cr4.sh/2015/03/automated-algebraic-cryptanalysis-with.html 5. Taming a Wild Nanomite-protected MIPS Binary With Symbolic Execution :: https://doar- e.github.io/blog/2014/10/11/taiming-a-wild-nanomite-protected-mips-binary-with-symbolic-execution-no-such- crackme/ 6. Breaking Kryptonite’s Obfuscation: A Static Analysis Approach Relying on Sym- bolic Execution :: https://doar-e.github.io/blog/2013/09/16/breaking-kryptonites-obfuscation-with- symbolic-execution/ 7. Finding unknown algorithm using only input-output pairs and Z3 SMT solver :: http://go.yurichev.com/17268 8. SMT Solving - San Heelan’s Blog :: https://seanhn.wordpress.com/category/smt-solving/ 8