From 056ec6d2b4c8b3c990eb4bc23747676f7ce73541 Mon Sep 17 00:00:00 2001 From: Jan Vales Date: Mon, 28 Apr 2014 01:49:10 +0200 Subject: [PATCH] Abgabe1. --- report1/main.tex | 124 ++++++++++++++++++++++++++++++++++++++++++----- 1 file changed, 112 insertions(+), 12 deletions(-) diff --git a/report1/main.tex b/report1/main.tex index b941912..227afcf 100644 --- a/report1/main.tex +++ b/report1/main.tex @@ -1,6 +1,6 @@ \RequirePackage{snapshot} % stats of included files: $filename.dep -\documentclass[10pt,a5paper,twoside,openright,onecolumn,ngerman]{article} +\documentclass[12pt,a4paper,ngerman]{article} \usepackage[ngerman]{babel} %%%%% Formatting and encoding %%%%% @@ -9,7 +9,7 @@ \usepackage[utf8]{inputenc} % page -\usepackage[columnsep=.75cm,lmargin=.75cm,rmargin=.75cm,tmargin=1.5cm,bmargin=1.5cm]{geometry} +\usepackage[columnsep=1.75cm,lmargin=1.75cm,rmargin=1.75cm,tmargin=2.5cm,bmargin=2.5cm]{geometry} \setlength{\parindent}{0pt} \usepackage{fancyhdr} @@ -62,13 +62,11 @@ \makeatother %make toc consider Chapter and section only. -\setcounter{tocdepth}{1} +\setcounter{tocdepth}{3} % disable chapter, section, ... numbering \setcounter{secnumdepth}{-1} -% change margin above chapter. -\usepackage[titles]{tocloft} %%% /TOC changes %%% % make footnote numbering reset on every page. @@ -104,16 +102,118 @@ % START DOCUMENT \begin{document}\thispagestyle{empty} -\section*{Inhalt}\begin{footnotesize}\tableofcontents\end{footnotesize} -\subsection{Version}\begin{footnotesize}\url{http://git.somenet.org/?p=fsinf/basics.git}\\ -\url{ssh://git@git.somenet.org:666/fsinf/basics}\\ + +\section*{RFC/Cover} +As there is no template or any information on how and what shall (not) be included in a report or how a report should look like, this report is a work-in-progress-RFF (request for feedback).\\ + +\section*{Cover} +be here...\\ +Is there a template for me to use?\\ +i can has a real forensic report?\\ + +\section*{Author} +\textbf{Jan Vales\\0726236\\\url{mailto:jan@jvales.net}\\\\ +Digital Forensics\\188.922-2014S} + +\newpage + +\section*{Table of Contents}\begin{footnotesize}\tableofcontents\end{footnotesize} +\subsection*{Version}\begin{footnotesize}\url{http://git.somenet.org/?p=priv/jan/digfor.git}\\ +git clone \url{ssh://git@git.somenet.org:666/priv/jan/digfor}\\ This is revision: \textbf{\gitAbbrevHash}. Document (.tex) compiled on: \textbf{\today} \end{footnotesize}\vspace{\fill}\newpage -\section{asd} -ads -\section{asd} -asd +\newpage\section{Questions (6 points)} +\subsection{What is the password of the container?} +After cracking the password using bruteforce the password was found to be +\begin{quote}4865\end{quote} + +\subsection{What is the secret in the container?} +The container had a file secret.txt with the following content +\begin{quote}\ttfamily{64e86b30466d506fdf6c0cd976ef4ba798a9cd4faf}\end{quote} + +\subsection{What was saved in the container by Spongebob?} +The container had 3 files in it:\\ + +\subsubsection{awesome.jpg} +The File is a picture of spongebob looking at a rainbow. +\begin{quote} +\textbf{size}: 362372 byte\\ +\textbf{''file''-output}: JPEG image data, EXIF standard\\ +\textbf{sha512}\\\ttfamily{ +d27a77d59c21732d5edd192423ab8402fee3e46e0aa2bfde5f7032c2f7ee706c\\ +772ab08658e48c7558737809c00ce70355bdfaa1ca588d21ca43081eb4f2119a} +\end{quote} + +\subsubsection{secret.txt} +File contains a hexadecimal String of length 42. +\begin{quote} +\textbf{size}: 42 byte\\ +\textbf{''file''-output}: ASCII text, with no line terminators\\ +\textbf{sha512}\\\ttfamily{ +47bae836b0320214341f89a8be9831ec6d8921970292488522aea4d1b41da6ea\\ +68921775c50de78cd06ffd7bb092c0e2fee7a00f6b2ba0153d7ccb3240531132} +\end{quote} + + +\subsubsection{wasted.jpg} +The File is a picture of spongebob and another individual. +\begin{quote} +\textbf{size}: 100058 byte\\ +\textbf{''file''-output}: JPEG image data, JFIF standard 1.01\\ +\textbf{sha512}\\\ttfamily{ +61aa8217eb71360c9c15255f73ab849dc173384de6465d18c276f6a4a4bbc236\\ +f14a5968e96f12102a9e6c44d7736c4ebc703881db0fe18797446db0db4f9a3e} +\end{quote} + + +\newpage\section{Analyze (2 points)} +\subsection{How much time is needed for brute forcing different password lengths and character sets?} +Numeric passwords have only 10 possible states with one digit.\\ +With a 4 digit password it would take at max (10**4) 10000 operations to bruteforce such a password.\\ +If we add lowercase characters, we get 36 possible states with one digit.\\ +With a 4 digit password it would take at max (36**4) 1679616 operations to bruteforce such a password.\\ +If we add uppercase letters, we get 62 possible states with one digit.\\ +With a 4 digit password it would take at max (62**4) 14776336 operations to bruteforce such a password.\\ +We can add non-alphanumeric characters to get even more possible states with one digit.\\ + + +\subsection{What is the minimum password length and complexity for having a secure container for at least 10 years? (You may assume constant computing power)} +10 years have 315576000 seconds. On my machine/setup I can probe for 18 passwords per second.\\ +If we assume that we can probe 18 passwords per second (in my setup), we need a password that needs at least 5680368000 operations to bruteforce to get a secure container for 10 years.\\ +This would be a numeric password with 10 digits, an alphanumeric password with 7 digits, an mixedcase alphanumeric password with 6 digits.\\ +Using non-alphanumeric characters will decrease the min-required-digits-on-my-setup even further.\\ +But as one can assume that professional bruteforcing involves distributed GPU or ASIC powered cracking a password should be way longer than that in order to be safe from evil guys like the NSA. + + +\newpage\section{Details} +\subsection{Container} +\begin{quote} +\textbf{size}: 1048576 byte\\ +\textbf{''file''-output}: data\\ +\textbf{sha512}\\\ttfamily{ +543d0debc10eb3d2a8cc584eec273b84526891cbb2c594bd92150596b96b56c4\\ +44d1fd8e55f3434eb1f2d9386f4c91af0151832125e5f707eb4d4815bf793b78} +\end{quote} + + +\subsection{Used tools} +Tools that were used for analysis (-{}-version): +\begin{itemize} +\item TrueCrack v3.5 +\item sha512sum (GNU coreutils) 8.5 +\item wc (GNU coreutils) 8.5 +\item ls (GNU coreutils) 8.5 +\end{itemize} + +\subsection{Machine tools} +\begin{itemize} +\item \textbf{Virtual machine}\\ +Linux debian 3.2.0-0.bpo.4-amd64 \#1 SMP Debian 3.2.51-1~bpo60+1 x86\_64 GNU/Linux +\item \textbf{Oracle VirtualBox} 4.3.10 +\item \textbf{Host machine}\\ + Linux rebx 3.14.0-gentoo-somenet.org \#1 SMP Sun Apr 6 01:00:17 CEST 2014 x86\_64 Intel(R) Core(TM)2 Duo CPU T9300 \@ 2.50GHz GenuineIntel GNU/Linux +\end{itemize} \end{document} -- 2.43.0