Rounds Enabled

62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76

Details

• POV Information

Original Versions

• Original Build: CB1
• Author-supplied patches: CB1
• Author-supplied POVs: POV1 , POV2
• Browse Source

Known Vulnerabilities

• CWE-822 - Untrusted Pointer Dereference
CWEs are listed as indicated by the challenge author.

Deployed patches

• Round 73 : DeepRed - CB1 (disassembly)

Deployed IDS rules

None

Author Information

"Ben Schmidt" info@narfindustries.com

DARPA performer group

Narf Industries (NRFIN)

Description

Making passwords is hard. Managing passwords is even harder. So let us do it for you! With EternalPass, you'll only ever need to remember one password, and we'll make the rest for you!

Feature List

• Create as many single use passwords as you want!
• Automatically generate a secure wallet that you can take anywhere!
• Choose between various security modes appropriate for you!
• For power users, you can even tweak our code to your liking!

Vulnerability 1

A very simple vulnerability involving use of an unchecked function pointer, directly provided by the user, in the password generation function. This function is passed a user-provided seed, which is fully controlled by the user. The only caveat is that the function pointer must be decimal encoded and greater than 0x08000000.

Generic class of vulnerability

Untrusted pointer use

CWE classification

CWE-822 Untrusted pointer dereference

Challenges

• Dealing with large amount of irrelevant but complex constraints
• Successfully encoding the function pointer.

Difficulty

• Discovery: easy
• Proving: easy
• Patching: easy

Vulnerability 2

Almost identical to the first vulnerability, but the user no longer directly controls any arguments in the vulnerable function pointer call. It is possible, however, to successfully control a register using the highest byte of each of four subsequent calls to CRC32 on dynamically generated strings (which they can select, but do not control). Alternatively, it may be possible to solve this by jumping to various useful gadgets in the binary.

Generic class of vulnerability

Untrusted pointer use

CWE classification

CWE-822 Untrusted pointer dereference

Challenges

• Dealing with a large number of relevant and complex constraints.
• Successfully encoding the register value using a series of indexes, which select strings to be CRC32d, which then build the final register value.
• Finding alternative, non-intended methods of proving vulnerability using only control of EIP.

Difficulty

• Discovery: easy
• Proving: hard
• Patching: easy

Round	Source	Destination	Result	POV	Analysis	Video
63	CSDS	CodeJitsu	Failed POV	POV		Watch
63	CSDS	DeepRed	Failed POV	POV		Watch
63	CSDS	Disekt	Failed POV	POV		Watch
63	CSDS	ForAllSecure	Failed POV	POV		Watch
63	CSDS	Shellphish	Failed POV	POV		Watch
63	CSDS	TECHx	Failed POV	POV		Watch
63	DeepRed	CodeJitsu	Failed POV	POV		Watch
63	DeepRed	CSDS	Failed POV	POV		Watch
63	DeepRed	Disekt	Failed POV	POV		Watch
63	DeepRed	ForAllSecure	Failed POV	POV		Watch
63	DeepRed	Shellphish	Failed POV	POV		Watch
63	DeepRed	TECHx	Failed POV	POV		Watch
64	CSDS	CodeJitsu	Failed POV	POV		Watch
64	CSDS	DeepRed	Failed POV	POV		Watch
64	CSDS	Disekt	Failed POV	POV		Watch
64	CSDS	ForAllSecure	Failed POV	POV		Watch
64	CSDS	Shellphish	Failed POV	POV		Watch
64	CSDS	TECHx	Failed POV	POV		Watch
64	DeepRed	CodeJitsu	Failed POV	POV		Watch
64	DeepRed	CSDS	Failed POV	POV		Watch
64	DeepRed	Disekt	Failed POV	POV		Watch
64	DeepRed	ForAllSecure	Failed POV	POV		Watch
64	DeepRed	Shellphish	Failed POV	POV		Watch
64	DeepRed	TECHx	Failed POV	POV		Watch
65	CSDS	CodeJitsu	Failed POV	POV		Watch
65	CSDS	DeepRed	Failed POV	POV		Watch
65	CSDS	Disekt	Failed POV	POV		Watch
65	CSDS	ForAllSecure	Failed POV	POV		Watch
65	CSDS	Shellphish	Failed POV	POV		Watch
65	CSDS	TECHx	Failed POV	POV		Watch
65	DeepRed	CodeJitsu	Failed POV	POV		Watch
65	DeepRed	CSDS	Failed POV	POV		Watch
65	DeepRed	Disekt	Failed POV	POV		Watch
65	DeepRed	ForAllSecure	Failed POV	POV		Watch
65	DeepRed	Shellphish	Failed POV	POV		Watch
65	DeepRed	TECHx	Failed POV	POV		Watch
66	CSDS	CodeJitsu	Failed POV	POV		Watch
66	CSDS	DeepRed	Failed POV	POV		Watch
66	CSDS	Disekt	Failed POV	POV		Watch
66	CSDS	ForAllSecure	Failed POV	POV		Watch
66	CSDS	Shellphish	Failed POV	POV		Watch
66	CSDS	TECHx	Failed POV	POV		Watch
66	DeepRed	CodeJitsu	Failed POV	POV		Watch
66	DeepRed	CSDS	Failed POV	POV		Watch
66	DeepRed	Disekt	Failed POV	POV		Watch
66	DeepRed	ForAllSecure	Failed POV	POV		Watch
66	DeepRed	Shellphish	Failed POV	POV		Watch
66	DeepRed	TECHx	Failed POV	POV		Watch
67	CSDS	CodeJitsu	Failed POV	POV		Watch
67	CSDS	DeepRed	Failed POV	POV		Watch
67	CSDS	Disekt	Failed POV	POV		Watch
67	CSDS	ForAllSecure	Failed POV	POV		Watch
67	CSDS	Shellphish	Failed POV	POV		Watch
67	CSDS	TECHx	Failed POV	POV		Watch
67	DeepRed	CodeJitsu	Failed POV	POV		Watch
67	DeepRed	CSDS	Failed POV	POV		Watch
67	DeepRed	Disekt	Failed POV	POV		Watch
67	DeepRed	ForAllSecure	Failed POV	POV		Watch
67	DeepRed	Shellphish	Failed POV	POV		Watch
67	DeepRed	TECHx	Failed POV	POV		Watch
68	CSDS	CodeJitsu	Failed POV	POV		Watch
68	CSDS	DeepRed	Failed POV	POV		Watch
68	CSDS	Disekt	Failed POV	POV		Watch
68	CSDS	ForAllSecure	Failed POV	POV		Watch
68	CSDS	Shellphish	Failed POV	POV		Watch
68	CSDS	TECHx	Failed POV	POV		Watch
68	DeepRed	CodeJitsu	Failed POV	POV		Watch
68	DeepRed	CSDS	Failed POV	POV		Watch
68	DeepRed	Disekt	Failed POV	POV		Watch
68	DeepRed	ForAllSecure	Failed POV	POV		Watch
68	DeepRed	Shellphish	Failed POV	POV		Watch
68	DeepRed	TECHx	Failed POV	POV		Watch
69	CSDS	CodeJitsu	Failed POV	POV		Watch
69	CSDS	DeepRed	Failed POV	POV		Watch
69	CSDS	Disekt	Failed POV	POV		Watch
69	CSDS	ForAllSecure	Failed POV	POV		Watch
69	CSDS	Shellphish	Failed POV	POV		Watch
69	CSDS	TECHx	Failed POV	POV		Watch
69	DeepRed	CodeJitsu	Failed POV	POV		Watch
69	DeepRed	CSDS	Failed POV	POV		Watch
69	DeepRed	Disekt	Failed POV	POV		Watch
69	DeepRed	ForAllSecure	Failed POV	POV		Watch
69	DeepRed	Shellphish	Failed POV	POV		Watch
69	DeepRed	TECHx	Failed POV	POV		Watch
70	CSDS	CodeJitsu	Failed POV	POV		Watch
70	CSDS	DeepRed	Failed POV	POV		Watch
70	CSDS	Disekt	Failed POV	POV		Watch
70	CSDS	ForAllSecure	Failed POV	POV		Watch
70	CSDS	Shellphish	Failed POV	POV		Watch
70	CSDS	TECHx	Failed POV	POV		Watch
70	DeepRed	CodeJitsu	Failed POV	POV		Watch
70	DeepRed	CSDS	Failed POV	POV		Watch
70	DeepRed	Disekt	Failed POV	POV		Watch
70	DeepRed	ForAllSecure	Failed POV	POV		Watch
70	DeepRed	Shellphish	Failed POV	POV		Watch
70	DeepRed	TECHx	Failed POV	POV		Watch
71	CSDS	CodeJitsu	Failed POV	POV		Watch
71	CSDS	DeepRed	Failed POV	POV		Watch
71	CSDS	Disekt	Failed POV	POV		Watch
71	CSDS	ForAllSecure	Failed POV	POV		Watch
71	CSDS	Shellphish	Failed POV	POV		Watch
71	CSDS	TECHx	Failed POV	POV		Watch
71	DeepRed	CodeJitsu	Failed POV	POV		Watch
71	DeepRed	CSDS	Failed POV	POV		Watch
71	DeepRed	Disekt	Failed POV	POV		Watch
71	DeepRed	ForAllSecure	Failed POV	POV		Watch
71	DeepRed	Shellphish	Failed POV	POV		Watch
71	DeepRed	TECHx	Failed POV	POV		Watch
71	Shellphish	CodeJitsu	Failed POV	POV		Watch
71	Shellphish	CSDS	Failed POV	POV		Watch
71	Shellphish	DeepRed	Failed POV	POV		Watch
71	Shellphish	Disekt	Failed POV	POV		Watch
71	Shellphish	ForAllSecure	Failed POV	POV		Watch
71	Shellphish	TECHx	Failed POV	POV		Watch
72	CSDS	CodeJitsu	Failed POV	POV		Watch
72	CSDS	DeepRed	Failed POV	POV		Watch
72	CSDS	Disekt	Failed POV	POV		Watch
72	CSDS	ForAllSecure	Failed POV	POV		Watch
72	CSDS	Shellphish	Failed POV	POV		Watch
72	CSDS	TECHx	Failed POV	POV		Watch
72	DeepRed	CodeJitsu	Failed POV	POV		Watch
72	DeepRed	CSDS	Failed POV	POV		Watch
72	DeepRed	Disekt	Failed POV	POV		Watch
72	DeepRed	ForAllSecure	Failed POV	POV		Watch
72	DeepRed	Shellphish	Failed POV	POV		Watch
72	DeepRed	TECHx	Failed POV	POV		Watch
72	Shellphish	CodeJitsu	Failed POV	POV		Watch
72	Shellphish	CSDS	Failed POV	POV		Watch
72	Shellphish	DeepRed	Failed POV	POV		Watch
72	Shellphish	Disekt	Failed POV	POV		Watch
72	Shellphish	ForAllSecure	Failed POV	POV		Watch
72	Shellphish	TECHx	Failed POV	POV		Watch
73	CodeJitsu	DeepRed	Failed POV through defenses	POV		Watch
73	CSDS	CodeJitsu	Failed POV	POV		Watch
73	CSDS	DeepRed	Failed POV through defenses	POV		Watch
73	CSDS	Disekt	Failed POV	POV		Watch
73	CSDS	ForAllSecure	Failed POV	POV		Watch
73	CSDS	Shellphish	Failed POV	POV		Watch
73	CSDS	TECHx	Failed POV	POV		Watch
73	DeepRed	CodeJitsu	Failed POV	POV		Watch
73	DeepRed	CSDS	Failed POV	POV		Watch
73	DeepRed	Disekt	Failed POV	POV		Watch
73	DeepRed	ForAllSecure	Failed POV	POV		Watch
73	DeepRed	Shellphish	Failed POV	POV		Watch
73	DeepRed	TECHx	Failed POV	POV		Watch
73	Shellphish	CodeJitsu	Failed POV	POV		Watch
73	Shellphish	CSDS	Failed POV	POV		Watch
73	Shellphish	DeepRed	Failed POV through defenses	POV		Watch
73	Shellphish	Disekt	Failed POV	POV		Watch
73	Shellphish	ForAllSecure	Failed POV	POV		Watch
73	Shellphish	TECHx	Failed POV	POV		Watch
74	CSDS	CodeJitsu	Failed POV	POV		Watch
74	CSDS	DeepRed	Failed POV through defenses	POV		Watch
74	CSDS	Disekt	Failed POV	POV		Watch
74	CSDS	ForAllSecure	Failed POV	POV		Watch
74	CSDS	Shellphish	Failed POV	POV		Watch
74	CSDS	TECHx	Failed POV	POV		Watch
74	DeepRed	CodeJitsu	Failed POV	POV		Watch
74	DeepRed	CSDS	Failed POV	POV		Watch
74	DeepRed	Disekt	Failed POV	POV		Watch
74	DeepRed	ForAllSecure	Failed POV	POV		Watch
74	DeepRed	Shellphish	Failed POV	POV		Watch
74	DeepRed	TECHx	Failed POV	POV		Watch
74	Shellphish	CodeJitsu	Failed POV	POV		Watch
74	Shellphish	CSDS	Failed POV	POV		Watch
74	Shellphish	DeepRed	Failed POV through defenses	POV		Watch
74	Shellphish	Disekt	Failed POV	POV		Watch
74	Shellphish	ForAllSecure	Failed POV	POV		Watch
74	Shellphish	TECHx	Failed POV	POV		Watch
75	CSDS	CodeJitsu	Failed POV	POV		Watch
75	CSDS	DeepRed	Failed POV through defenses	POV		Watch
75	CSDS	Disekt	Failed POV	POV		Watch
75	CSDS	ForAllSecure	Failed POV	POV		Watch
75	CSDS	Shellphish	Failed POV	POV		Watch
75	CSDS	TECHx	Failed POV	POV		Watch
75	DeepRed	CodeJitsu	Failed POV	POV		Watch
75	DeepRed	CSDS	Failed POV	POV		Watch
75	DeepRed	Disekt	Failed POV	POV		Watch
75	DeepRed	ForAllSecure	Failed POV	POV		Watch
75	DeepRed	Shellphish	Failed POV	POV		Watch
75	DeepRed	TECHx	Failed POV	POV		Watch
75	Shellphish	CodeJitsu	Failed POV	POV		Watch
75	Shellphish	CSDS	Failed POV	POV		Watch
75	Shellphish	DeepRed	Failed POV through defenses	POV		Watch
75	Shellphish	Disekt	Failed POV	POV		Watch
75	Shellphish	ForAllSecure	Failed POV	POV		Watch
75	Shellphish	TECHx	Failed POV	POV		Watch
76	CSDS	CodeJitsu	Failed POV	POV		Watch
76	CSDS	DeepRed	Failed POV through defenses	POV		Watch
76	CSDS	Disekt	Failed POV	POV		Watch
76	CSDS	ForAllSecure	Failed POV	POV		Watch
76	CSDS	Shellphish	Failed POV	POV		Watch
76	CSDS	TECHx	Failed POV	POV		Watch
76	DeepRed	CodeJitsu	Failed POV	POV		Watch
76	DeepRed	CSDS	Failed POV	POV		Watch
76	DeepRed	Disekt	Failed POV	POV		Watch
76	DeepRed	ForAllSecure	Failed POV	POV		Watch
76	DeepRed	Shellphish	Failed POV	POV		Watch
76	DeepRed	TECHx	Failed POV	POV		Watch
76	Shellphish	CodeJitsu	Failed POV	POV		Watch
76	Shellphish	CSDS	Failed POV	POV		Watch
76	Shellphish	DeepRed	Failed POV through defenses	POV		Watch
76	Shellphish	Disekt	Failed POV	POV		Watch
76	Shellphish	ForAllSecure	Failed POV	POV		Watch
76	Shellphish	TECHx	Failed POV	POV		Watch