Type of assignment: This is an individual assignment. You are welcome to discuss the assignment with others and consult others but your should solve the problems in this assignment yourself. You are also welcome to use any tools and means to crack the passwords and reverse engineer applications.

Note: The assignment submission should provide clearly student alias, and student number on the first page.

Points: The maximum number of points for this assignment is 30, which will be prorated accordingly after all assignments are posted. Weight of each problem is in parenthesis.

Format: Assignment submissions are accepted in the PDF (*.pdf) format only. Assignments submitted in any other format will be discarded without marking and 0 points will be given. All text in the assignment submissions must be typed and figures plotted to be easy to read and understand. Spelling, grammar, and other language errors will result in fewer points credited to the corresponding problem solutions.
Format your answer and references in IEEE Transactions format using this template(or download LaTeX template here).

What should be provided in your answer:

In your answer, (1) detail the methods and tools you used to extract your password, and (2) for each of the password files:

1. Provide the passwords associated with your student ID, write how long (in CPU time) it took you to find the password.
2. Compute simple entropy of the password (i.e., "the uncertainty in the value of a password") using the following formula e = log2(b**l). Simple entropy of passwords is conventionally expressed in bits. If a password of k bits is chosen at random there are 2**k possible values and the password is said to have k bits of entropy. If a password of length l characters is chosen at random from an alphabet of b characters (for example the 94 printable ISO characters on a typical keyboard) then the entropy of the password is b**l (for example if a password composed of 8 characters from the alphabet of 94 printable ISO characters the entropy is 94**8 ≈ 6.09 x 1015 – this is about 2**52, so such a password is said to have about 52 bits of entropy).

How to Submit: via turnitin.com

Problems

In the first two tasks you are required to use password cracker or write your own in order to brute force hashed passwords:

1. (2 points) Passwords in this file are similar to what is used for debit and credit cards or for locking phones. They are all 4 digits.

2. (4 points) Passwords in this file are also 6 characters long and include any symbol from the follwoing set: "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890!@#$%^&*()_+-=".

In the following two assignments you are required to reverse engineer two applications (one per task) and extract password.
3. (8 points) Find your application by prefix (your student id) in this file. Your task is: 
    (a) (4 points) Find the required password from the application for successfull authentication.
    (b) (4 points) Devise a patch so that the application will accept any password.
4. (16 points) Find your application by prefix (your student id) in this file. Your task is: 
    (a) (8 points) Find the required password from the application for successfull authentication.
    (b) (4 points) Create a patch so that the application will accept any password.
    (c) (4 points) Create a script/patch or application that allows you to replace password with any password.

NOTES:

• For all tasks you are required to find a password, thus make sure you report it visibly (do not hide it).
• If you used existing tools do explain how you used them. In case its your own tools that you wrote, explain how they work and provide a link to the source code. Own tools without source code will not be considered as complete work, since we cannot judge on how you accomplished your work.
• For tasks 3 and 4 Patch format - Dif format (in IDA its in File/Produce File/Create Diff File...). Also, if you can explain how one can produce a patch (an approach that will be taken in this patch) will also suffice. However, make it clear which attack vector is chosen and how you are going to exploit it.
• For task 4 there are two additional DLL files (called libeay32.dll and ssleay32.dll) in the zip archive. Make sure to keep these dll files in the same folder as your exe file when you are running it. Otherwise, you might encounter missing DLL errors.
• For all reverse engineering I would highly recommend to use IDA Pro Freeware version. IDA Pro Freeware version is available here on Hex-Rays website. Alternatively, you can also use OllyDbg, gdb, x64dbg, or radare2.