Project 2: What's the Password?

Due: Sunday, October 21, 2007 at 11:59pm

Description

Throughout most of your CS or CoE studies, you work creating or modifying programs or computers – in a word: building. However, sometimes the best way to learn about something is to break it. In this project you will be deconstructing existing programs that each have a secret password or passphrase that needs to be input in order to unlock the program.

I am providing you with 5 compiled executables. Each one requires you to enter a sequence of ASCII characters to "unlock." Unlocking the programs will draw upon the things we've been studying this term.

Requirements

For each of the five programs, you will be required to provide two things: the solution passphrase and a written description of your attempts to discover it, stating what you learned to help you along the way. You should relate your experiences back to the course material, using the terms and concepts we've discussed. Write it up in a formal, organized fashion. You do not need to describe every command you have tried or every wrong idea. Describe briefly your failed attempts and motivation, but describe in detail your successful approach.

Tools

The most obvious tool you will need is a good debugger like gdb. You may also find a hex viewer like od -x useful. Additionally, you might find the strings command somewhat useful, do a man on it to learn more.

Environment

For this project we will be working on thot.cs.pitt.edu

When you log in with your pitt account, you will find a local directory under /u/SysLab/ named with your username. In this directory, you will find the five executables and space to work on them. If you store any files of your own in this directory, note that it is not part of AFS, and only exists on this machine. We will delete your directory when the term is over. Anything you want to save or backup should be copied into your AFS private directory.

 

Hints/Notes

·         Each program is written in C

·         Each program will have a different passphrase per student, although how to find it will be consistent for everyone

·         All passphrases will be printable ASCII characters and be less than 100 characters in length

·         A passphrase may be different each run of a program, make sure to test it several times

·         There may be several passphrases that work, try to describe them or explain why

·         This is not an attempt to prove how clever I am, each program will be solvable from course material and the standard tools on the system.

What to turn in

·         A written description for each program documenting your attempts to arrive at a solution and the passphrase itself.

·         Must be submitted as a Word or PDF document.

·         Named with your user id

Copy your document to:

~jrmst106/submit/449/