├── CONDITIONS.md
├── README.md
├── serve_sign.py
├── serve_verify.py
├── sign
└── verify


/CONDITIONS.md:
--------------------------------------------------------------------------------
 1 | # Terms and Conditions
 2 | 
 3 | All participants are subject to the following rules:
 4 |  
 5 | * The following prizes will be offered at the Kudelski Security Party at Las Vegas on the 24th July 2017: 5 ETH, 3 ETH, and 2 ETH corresponding to first, second and third prize, respectively;   
 6 | 
 7 | * Employees of Kudelski and its affiliated companies are not eligible to participate, nor are family members or close relatives;
 8 | 
 9 | * Participants who are eligible for a prize will only receive the prize if 1) an email confirmation with a valid answer is received by Kudelski; and 2) the participant personally comes to the Kudelski event on July 25th between 6pm and 9pm, at the Foundation Room in the Mandalay Bay Hotel;
10 | 
11 | * Participants are personally responsible for announcing their attendance and registration at the welcome desk for the Kudelski event;
12 | 
13 | * Participants must personally attend the Kudelski event to be eligible for a prize;
14 |                 
15 | * Participants are responsible for providing Kudelski a valid Ethereum address for eligibility for a prize;
16 | 
17 | * Participants are forbidden to disclose information about the solution with other persons during all the duration of the contest;
18 | 
19 | * Each winning solution must be the result of a participant’s individual efforts and independent from any other individual, company, or third party source, including fellow participants;
20 | 
21 | * Kudelski gives no guarantee on the exchange rate of the cryptocurrency prize;
22 | 
23 | * Prizes may be subject to government imposed taxes and fees.  Participant is responsible for any taxes imposed on the award and any required tax filings or other required paperwork associated with a prize.
24 | 
25 | * All awarded prizes are final with no right to appeal;
26 | 
27 | * Kudelski reserves the right to refuse awarding a prize without specifying reasons;
28 | 
29 | * Kudelski reserves the right to cancel the contest at any time without specifying reasons;
30 | 
31 | * Kudelski reserves the right to modify the prizes at any time; and
32 | 
33 | * Kudelski reserves the right to update these rules at any time and without notice.
34 |  
35 | * Any dispute that may arise out of or from the contest sponsored by Kudelski will be determined under laws of the State of Arizona and participant expressly consents to the personal jurisdiction and venue in the courts located in the County of Maricopa, Arizona.
36 |  
37 | * TO THE EXTENT ALLOWED BY LAW, KUDELSKI IS NOT LIABLE FOR ANY INDIRECT, SPECIAL, INCIDENTIAL, OR CONSEQUENTIAL DAMAGES REGARDLESS OF THE FORM OF ACTION OR THEORY OF RELIEF.  TO THE EXTENT ALLOWED BY LAW, KUDELSKI’S MAXIMUM LIABILITY FOR DIRECT DAMAGES UNDER THE EVENT SPONSORED AND ADMINISTERED BY KUDELSKI IS LIMITED TO 500.00 US DOLLARS, REGARDLESS OF THE FORM OF ACTION OR THEORY OF RELIEF.
38 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
 1 | # Kudelski Security Crypto Challenge 
 2 | 
 3 | [serve_sign.py](serve_sign.py) is a service running on host 213.244.194.155. It
 4 | calls the binary [sign](sign) in order to sign a message.
 5 | 
 6 | [serve_verify.py](serve_verify.py) is another service running on host
 7 | 213.244.194.155. It verifies the signature of a message using the
 8 | [verify](verify) binary.
 9 | 
10 | To solve the challenge, you must write a program that creates valid
11 | signatures, which will be successfully verified by the verification
12 | service. Obviously, your program should not just copy a signature
13 | received from the signing service.
14 | 
15 | Prizes will have to be claimed at our party in Las Vegas, the evening
16 | before the Black Hat briefings: 5 ETH, 3 ETH, and 2 ETH the the first,
17 | second, and third winner. The ranking is established on the time of your
18 | submission, to our email address <a
19 | href="mailto:cryptochallenge@kudelskisecurity.com">cryptochallenge@kudelskisecurity.com</a>.
20 | We recommend that you encrypt your message, using the following public
21 | key:
22 | 
23 | ```
24 | 
25 | -----BEGIN PGP PUBLIC KEY BLOCK-----
26 | mQENBFlLgVABCADvD+n2XJ2+6oYCHYdJOkiyf4+cWwy4ovZSwaL9PbwrRUfgk/Zk
27 | SwahAcd7QXY6XEmghvs0pINLbYIU3UaGDX6mMwq5bGPoz4WOQyGs4RzS6onw4FP1
28 | g76Bh7K6Hm4VlZtP/KAlV7XyslL8rgrWOihvfGfExxKWVG5wzoIdfkCAINyFmF5b
29 | sUUr4ZcXrK2NpQFT04VMRvyVvOwEaNL0CrHGeieKhS/79pMYDmDejdEUhxzvc09P
30 | 6qfRGl+zfyCVPYu65JKCbU2XXj68hak6tI5yjG3hk4VzvIUWOdM+4iHD7N9zAECd
31 | zI8CLgFeuhH/Zo5ns9QSMUb16wZiauogf7q1ABEBAAG0N0NyeXB0byBjaGFsbGVu
32 | Z2UgPGNyeXB0b2NoYWxsZW5nZUBrdWRlbHNraXNlY3VyaXR5LmNvbT6JATkEEwEI
33 | ACMFAllLgVACGwMHCwkIBwMCAQYVCAIJCgsEFgIDAQIeAQIXgAAKCRDLvccLD8oU
34 | cTb+B/9b0WhOgE0wzX2kd4p9XFxpe6jLvdkkAnwDTpWrTWVTlA9j7MyookBvHntM
35 | YHMAnIxgij/cRp41iSu0Bf34t9xi+/rQD4oivd88TgdyFIvMBN7qNH0Ob4mANVp9
36 | I58FW7/Zp8yHmtdai1fLLUNhoke9LHnTALqkey2uNBR6ivMBG4mrppNXGLWUUplO
37 | EgS6itDH3itecWOGlMc1Dajofk1YcSDW2ShXkFCuEFoBdRmF+D1H6YPmrZA/IJdK
38 | /wGRQCbPo4C7v8c1Q7ZYYJA0Wo0vtWVcF8L0XI5vucL7cm9NjQHn7O5wskU/SD3b
39 | 4aPnBOCWMHsD3SpSSmHtsW1Sv1YYuQENBFlLgVABCADBa7lv5LgjBr1jb4GCjDLN
40 | SCroRo/vu5m9T2Tcim3ENp1mJFdaAqtJsTxfySLgDCCFXLSbsRnyXoE7+iOUNdw2
41 | b2l+5GHRJ/uOspPr2VNsJbkaWXWM/s9YBnIwiUceD6ztFZ7SVH0pHhZgBvJ/PKHd
42 | yScAKqRy9wohle3fUfsjngEM1DgAFXhAs6rv+WUKMslOTDuvNblwKVsIomeOYrJG
43 | ajiu6be283ZXp/LyJA6LAsGoclkC7kSy7AhaeJVdXUuLnbvnM/d/tIqqtSXU/KhT
44 | F267YVZtinXDbpJohlUQqPkCXdX675h6GezeJkmVStifXr7/BEIRDEBOvdc3jFWN
45 | ABEBAAGJAR8EGAEIAAkFAllLgVACGwwACgkQy73HCw/KFHGmIgf/elTH1oyptN5L
46 | tzg278SzRR09v259P2+kxskxKqxgY0wohcUctXH/uPKFFUeFvZCxTfOOoVeCP4It
47 | jxBq6gOWM6svynehEvML+bEjlPTlDNc5W1L1zD8qjHjiMV+a9gX9cyrrqCea1JW+
48 | phZzDKw++oLayIyB2DK/W32lkbGKHmorK+e0CT/4LTevwqrKuSMvkC86RoxZpeY/
49 | gz/QNH26pIBM/wIS4P7beFSw6O7xQsBdmK8p94xiCZQRFeHUkp0BGExvZ04NWgqJ
50 | 27bRzs8pGmVLT71ia1B+CDsK/YMlxYjOLzpObVZ8ly1M789o5AFPN4vdEcgrEeJL
51 | DSiJA+tqZg==
52 | =ZYP7
53 | -----END PGP PUBLIC KEY BLOCK-----
54 | ```
55 | 
56 | 
57 | Note that terms and conditions are available in
58 | [CONDITIONS.md](CONDITIONS.md).
59 | 


--------------------------------------------------------------------------------
/serve_sign.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env python
 2 | 
 3 | """
 4 | 
 5 | Copyright (c) Nagravision 2017, all rights reserved
 6 | 
 7 | """
 8 | 
 9 | import SocketServer as ss
10 | import struct
11 | import os
12 | from binascii import hexlify
13 | import hashlib
14 | from subprocess import Popen, PIPE
15 | 
16 | 
17 | class Handler(ss.StreamRequestHandler):
18 | 
19 |     def handle(self):
20 |         put = self.wfile.write
21 | 
22 |         put('Signature service, please send a message\n')
23 |         msg = self.rfile.readline()[:-1]
24 |         msghash = hashlib.sha256(msg).hexdigest()
25 |         print('signing %s from %s' % (msg, self.client_address))
26 | 
27 |         process = Popen(['./sign', msghash], stdout=PIPE, stderr=PIPE)
28 |         stdout, stderr = process.communicate()
29 | 
30 |         if stderr != '':
31 |             put(stderr)
32 |         else:
33 |             put(stdout)
34 | 
35 | 
36 | class ReusableTCPServer(ss.ForkingMixIn, ss.TCPServer):
37 |     allow_reuse_address = True
38 | 
39 | if __name__ == '__main__':
40 |     HOST, PORT = ('0.0.0.0', 1111)
41 |     ss.TCPServer.allow_reuse_address = True
42 |     server = ReusableTCPServer((HOST, PORT), Handler)
43 |     server.serve_forever()
44 | 


--------------------------------------------------------------------------------
/serve_verify.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env python
 2 | 
 3 | """
 4 | 
 5 | Copyright (c) Nagravision 2017, all rights reserved
 6 | 
 7 | """
 8 | 
 9 | import SocketServer as ss
10 | import struct
11 | import os
12 | from binascii import hexlify
13 | import hashlib
14 | from subprocess import Popen, PIPE
15 | 
16 | 
17 | class Handler(ss.StreamRequestHandler):
18 | 
19 |     def handle(self):
20 |         put = self.wfile.write
21 |         sigbytes = 2592
22 | 
23 |         put('Signature verification service, please send a message first\n')
24 |         msg = self.rfile.readline()[:-1]
25 |         msghash = hashlib.sha256(msg).hexdigest()
26 |         print('verifying sig for %s from %s' % (msg, self.client_address))
27 | 
28 |         put('Now please send a signature, in hex\n')
29 |         sig = self.rfile.readline()[:-1]
30 | 
31 |         process = Popen(['./verify', msghash, sig], stdout=PIPE, stderr=PIPE)
32 |         stdout, stderr = process.communicate()
33 | 
34 |         if stderr != '':
35 |             put(stderr)
36 |             return
37 |         else:
38 |             put("Signature is valid\n")
39 | 
40 | 
41 | class ReusableTCPServer(ss.ForkingMixIn, ss.TCPServer):
42 |     allow_reuse_address = True
43 | 
44 | if __name__ == '__main__':
45 |     HOST, PORT = ('0.0.0.0', 2222)
46 |     ss.TCPServer.allow_reuse_address = True
47 |     server = ReusableTCPServer((HOST, PORT), Handler)
48 |     server.serve_forever()
49 | 


--------------------------------------------------------------------------------
/sign:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/kudelskisecurity/cryptochallenge17/8a89faab56c1c21427a40a9a5684b16ab1f615e7/sign


--------------------------------------------------------------------------------
/verify:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/kudelskisecurity/cryptochallenge17/8a89faab56c1c21427a40a9a5684b16ab1f615e7/verify


--------------------------------------------------------------------------------