Calling all CUK geniuses, calling all CUK geniuses...

and could up on an episode of Spooks

The Code Explained

The three stages within the challenge are designed so that participants can demonstrate the basics of analysing shellcode and obfuscation mechanisms, reverse engineering of malicious binary code and vulnerability analysis. These techniques are fundamental skills for a cyber security specialist at GCHQ.
Stage 1

This starts with the main image on the canyoucrackit.co.uk site. To solve this stage it is necessary to identify that this is code that can be run by an Intel x86 compatible processor. After analysis, it is clear that this machine code implements the RC4 decryption algorithm, and is able to decrypt a block of data that is hidden inside the PNG file, in a comment tag. Once decrypted, this data reveals the location of stage 2 of the challenge.
Stage 2

This is a JavaScript programming challenge, with a cyber security angle. To solve this stage an implementation of a simple virtual processor is required. Some notes on the architecture are provided along with a block of data that can be analysed. Solving this stage will reveal the final stage of the challenge.
Stage 3

The final stage is a reverse engineering challenge. An executable file can be downloaded from the location revealed in stage 2. This executable parses a licence file - if it gets given a correct input, the challenge is revealed to be over, and a link to the 'success' page is provided to the participant.

We included a number of ways that this stage could be solved, as we are interested to see how people would attack the problem - coming up with innovative solutions to seemingly impossible problems is the day job at GCHQ. For example, there has been some comment by security experts on the fscanf buffer overflow that we included in this executable - one option to solving the problem would be to use this overflow to skip over certain checks in the executable. Other alternatives for this stage involved breaking the weak crypt, patching the executable directly to bypass the check, or analysing the assembly instructions and realising that this was all a complete diversion.

The three stages of this challenge highlighted a number of different machine code analysis techniques -
why does GCHQ care about these techniques (and indeed other types of machine code analysis)?

GCHQ cyber security specialists spend time analysing executable code from many sources. Sometimes it can be from malware that has been discovered, to work out what it does, and where it comes from. On other occasions it can be to assist in the assessment of a security product, to ensure that what the developer has intended to do is actually what they've achieved in practice.

Obviously, searching online for a solution - or even the completion page - is the simplest way to solve each of the stages of the challenge (various hints, links and partial solutions have been placed online since the challenge began), but we are really pleased to see how many people have independently tackled this challenge and shown the depth and breadth of skills which exist in this community.

This recruitment challenge was devised by our technical staff to exercise the critical skills which are needed to help defend UK networks from cyber attack: "Designing this challenge took us away from our day jobs for a very small amount of time and yet gave us the opportunity to engineer something that was both fun and technically intricate. Whilst being very similar to the work we do on a daily basis, it was incredibly rewarding to follow the external attention and analysis that the challenge generated."

Say I'm working there & somebody puts a code on my desk, something nobody else can break. Maybe I take a shot at it and maybe I break it. And I'm real happy with myself, 'cause I did my job well. But maybe that code was the location of some rebel army in North Africa or the Middle East.

Once they have that location, they bomb the village where the rebels were hiding and fifteen hundred people I never met, never had no problem with, get killed.

Now the politicians are sayin', "Oh, send in the Marines to secure the area" 'cause they don't give a tulip. It won't be their kid over there, gettin' shot. Just like it wasn't them when their number got called, 'cause they were pullin' a tour in the National Guard. It'll be some kid from Southie takin' shrapnel in the ass. And he comes back to find that the plant he used to work at got exported to the country he just got back from. And the guy who put the shrapnel in his ass got his old job, 'cause he'll work for fifteen cents a day and no bathroom breaks.

Meanwhile, he realizes the only reason he was over there in the first place was so we could install a government that would sell us oil at a good price. And, of course, the oil companies used the skirmish over there to scare up domestic oil prices. A cute little ancillary benefit for them, but it ain't helping my buddy at two-fifty a gallon. And they're takin' their sweet time bringin' the oil back, of course, and maybe even took the liberty of hiring an alcoholic skipper who likes to drink martinis and ******' play slalom with the icebergs, and it ain't too long 'til he hits one, spills the oil and kills all the sea life in the North Atlantic.

So now my buddy's out of work and he can't afford to drive, so he's got to walk to the ******' job interviews, which sucks 'cause the shrapnel in his ass is givin' him chronic hemorrhoids. And meanwhile he's starvin', 'cause every time he tries to get a bite to eat, the only blue plate special they're servin' is North Atlantic scrod with Quaker State.

So what did I think? I'm holdin' out for somethin' better. I figure **** it, while I'm at it why not just shoot my buddy, take his job, give it to his sworn enemy, hike up gas prices, bomb a village, club a baby seal, hit the hash pipe and join the National Guard?

I could be elected president.