ootb-200.exe looked like yet another binary, but was it ? Your first instinct might have been to reverse engineer it, but you would've wasted your time with that. It told so itself :
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiTtfg_R8nPEsuAnfLa-d_MFrTKiB_vvyCot9efGCHavMWHCZyJBiU-nXsHrWMLN8mgC-_mZQBoQcolGa9cH9j-o2Vo_wdvz0VkgYpawh4lv6L3XB21bAjAe3lNjFFOAT-a7t5GhiCxumA/s200/Screen+shot+2010-05-03+at+22.54.07.png)
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEigVqvjLlObGb-1djN8B56tRSGUg6-SBa2FfAcFQvJMt7X5QArwMET0mia-BFpQte30KKTJuKOLslI5WWITiiKstQi_eou6KclTpnymXl18SzrEOFV-QU9hLbGjKUYUjFBVORysvguSJQ8/s200/Screen+shot+2010-05-03+at+22.54.51.png)
I did. The binary is digitally signed. Let's look into the details then :
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgQpn-GOiyYVyquOuLCVKAnI42FAcfTjRCelnBCdFCZCfOT-hP1iOxZs40bWa8KjGedAZ9Wo84Y_BJqQFk96ZC-L42fvpME_JpbqjVSVlSUpLSb2qzFG3m9qrIpQtRg7XHv7QrneIDyR5Q/s200/Screen+shot+2010-05-03+at+22.55.09.png)
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgA_VCXdwUyUgIQowCacc-6P8t_iJBrGUUszw2ymgWNGuT4RC729N3m5LX9Qs4rGGSsZy2poQbXqrUxMXpiW0Ps7iCHL8beUtgD_eu4JgaweCvb4rSnNirr0_rdzwWr8zMcY9txtL4HPos/s200/Screen+shot+2010-05-03+at+22.55.32.png)
And there we have it. Hiding in plain sight. Those familiar with basic math recognize a fibonnaci sequence when they see it. The answer is right there : 55
Do you dare to take on The Hex Factor in 2010? Get your tickets now for BruCON (September, Brussels) or at SANS London (December, London)
No comments:
Post a Comment