A Not-So-Random Challenge: Deciphering Jonathan.e's Bytes
We here at ∇ Widening love a good challenge. We spend our days untangling the complexities of cyber threats, so a little reverse engineering puzzle every now and then is a welcome test of our skills. That’s why we threw out an open invitation to the cyber-security community: send us your toughest reverse engineering challenge.
Color us intrigued when a user named jonathan.e submitted his entry exactly 24 hours later the release of our website, even if we did not promote it. The file arrived with a cryptic message: “May the odds be ever in your favor.” Attached was…well, it certainly looked like a file. A .exe file, to be precise with the name message.exe (SHA256: ff0f4157e58285c3aaf37529a422d3c35d80ec7087090327b51ef146110d80ec).
Our team eagerly fired up their analysis tools including PE-Info just to take a look quickly, and then we moved to IDA Pro. The header and a couple of informations (such as some specific sections such as text) all indicated a Windows PE (Portable Executable) file, the kind you’d normally expect to be a program. But when we dove deeper, things went sideways. The internal structure was scrambled, the code nonsensical. “It was like staring into a bowl of digital alphabet soup” one could comment.
/cdn.vox-cdn.com/uploads/chorus_asset/file/23935560/acastro_STK103__03.jpg)
