Breaking My Security Assignments
a year ago
- #Encryption
- #Virtual Machines
- #Security
- Security assignments involve using a VM where updates are installed via encrypted GPG files.
- The VM's update mechanism uses GPG encryption with a passphrase file and keys stored in /root.
- By mounting the VM's disk locally, the author accessed the necessary files to decrypt updates manually.
- Decrypted updates contain Java code for generating tokens, which are AES encrypted with a module key.
- Tokens are generated using a combination of exercise identifiers and random strings, ensuring uniqueness.
- The author exploited this system to generate tokens without completing assignments, highlighting a security flaw.
- Preventing such exploits would require stricter access controls, like remote VMs, but is impractical for large classes.
- Despite the exploit, the author acknowledges the importance of completing assignments for learning and exam preparation.