Others | Hexacorn

Update

Found one more 🙂

   L   I   S   T   A   S
   I   M   P   O   R   T
   S   P   U   L   E   R
   T   O   L   O   S   E
   A   R   E   S   E   S
   S   T   R   E   S   S

Old post
As a kid I loved to solve cross-words, I also published my own (together with various riddles).

I was very fond especially of magic squares e.g. a classic one:

S     A     T     O     R
A     R     E     P     O
T     E     N     E     T
O     P     E     R     A
R     O     T     A     S

and palindromes e.g.

malayalam

and anything that would be a bit unusual (e.g. 7-letter words with 4 As, partially overlapping words, etc.).

When I learned programming I wrote various cross-word generators including one for magic squares.

Finding magic squares is very easy for 3-, 4-, 5- letters. It gets a bit more challenging with 6-, but it’s still quite easy and it gets really tough with 7-, 8-, 9- letters.

Having nothing else to do, today I tried to see how my old code would perform taking a small database of malware-related keywords as a base. To my surprise, it actually found a few magic squares for 6 characters!

Here they are:

G   A   G   G   L   E
A   P   R   O   O   L
G   R   O   O   V   E
G   O   O   B   E   R
L   O   V   E   N   A
E   L   E   R   A   D

H   A   L   E   S   S
A   T   O   M   I   C
L   O   O   P   E   R
E   M   P   I   R   E
S   I   E   R   R   A
S   C   R   E   A   M

I   S   T   B   A   R
S   P   A   R   S   E
T   A   R   A   P   A
B   R   A   B   A   N
A   S   P   A   D   E
R   E   A   N   E   T

If you google these words, you will find out that all of them are actual names of a malware.

Bonus

How often do you see a code like this nowadays? Addressing via seg:ofs was a real pain in a 16-bit real-mode 😉

               xor dx,dx
               mov ax,word ptr fs:[si]
               add ax,ax
               adc dx,0
               add ax,ax
               adc dx,0
               shl dx,12
               add dx,CS:DSegm0
               mov es,dx
               mov bx,ax

              [...]

The way the movies portray hacking, forensics, security research and coding is obviously metaphoric and usually made as visually rich as possible to ensure the audience ‘gets it’ and as a bonus can see how cool the process is. Anyone who spent a few sleepless nights with Olly and Ida Pro, worked around the clock on forensic cases, reviewed vulnerability reports or source code, or worked in their head on a particular algorithm for a few weeks before actually sitting down and writing the code knows that the reality is a bit more boring 🙂

If you ask a random security pro what are ‘the best’ hacking movies they will surely laugh pointing out at least a few from the following list:

..and perhaps at some stage they will suddenly become a bit more serious and mention that ‘but Matrix did show NMAP in action’.

Luckily, there are actually movies out there that beat all the above mentioned productions in terms of technical accuracy, and show a relatively realistic representation of IT security work.

This post is about one of them.

A while ago I happened to stumble upon a Korean TV Drama called “Phantom” (also know as “Ghost“) that made my jaws drop. The drama was produced by a Korean Network SBS.

The plot of the drama is simple – The Hades haz you 🙂

Okay, the plot is a bit more complicated – it’s a “Face off” meet “Jason Bourne” meet CSI.

Evil Hackers from Korea and Hong Kong vs. Forensic guys from Korean Police.

Since it’s not IMDB, just a short note on the movie – I have already described bits of the plot; I don’t want to spoil it so I won’t add more information here. The music is all right. The acting is so so (the lead characters are a little bit too stiff and rarely smile). There are gaps in the story as well, but it’s a TV Drama after all, and it’s Korean so there is lots of melodrama ‘by default’. There is also a very strong product placement, but if this the only way to get funds to make TV dramas then so be it.

Okay, back to ‘technical’ stuff.

What makes this particular TV Drama stand out is the attention to details. While they didn’t completely escape typical Hollywood cliché (computers with the evidence are thrown out of the window, logic bombs with a progress bar, etc.) the makers really did their homework and put quite an effort to demonstrate how a typical hacking works. And how forensic guys investigate it.

Lots of scenes are taken in the forensic lab, or on the crime scene – in internet coffee shops, data centers, etc.. We also witness the actual data acquisition, evidence analysis (HDD, mobile, CCTV footage, video manipulation analysis, social media, Event Logs) and most importantly – lots of popular DFIR/RCE software is used to ‘understand’ the data and code. This is really not just a single random tool or a hand made HTML page that is supposed to look like ‘analysis results’. Quite the opposite – many of the most common tools from the DFIR/RCE/pentesting arsenal somehow found its way to the drama.

The software I remember seeing includes:

Encase
WinHex
Metasploit
OllyDbg
DCode
SecureCRT
Wireshark
XRY
BackTrack
Process Explorer

and lots more (I wish I took notes!).

Last, but not least – there are also realistic attacks being used as a part of the plot including, but not limited to:

0Day exploits (using documents from Hangul Word Processor)
malware infections
billboard hacking
spoofed emails
identity theft
SCADA attacks
car hacking
hacking back in real time
DDoS attacks
Wi-Fi hacking
social engineering

and lo and behold – even STUXNET is mentioned!

Thumbs up South Korea!!!

Hexacorn

Hexacorn

Category Archives: Others

“Malicious” Magic Squares

The Hades haz you. Phantom (유령) – The DFIR drama from South Korea