# Crack The USCC Code...



## MA-Caver (Jul 7, 2010)

Dang if I could do it... how about one of you geeks? :uhyeah: 


> http://news.yahoo.com/s/yblog_upsho...ot/the-secret-code-in-u-s-cyber-commands-logo
> 
> The newly formed U.S. Cyber Command is supposed to centralize and focus  the military's ability to wage war over the Internet, but so far it's  basically famous for brainteasers. The command's fancy logo contains a  super-secret code in its inner gold ring:  9ec4c12949a4f31474f299058ce2b22a. Though some  people noticed the code late last month, [COLOR=#366388 ! important][COLOR=#366388 ! important]Wired's [COLOR=#366388 ! important]Threat [/COLOR][COLOR=#366388 ! important]Level [/COLOR][COLOR=#366388 ! important]blog[/COLOR][/COLOR][/COLOR] picked it up Wednesday morning  and announced  a contest, with a free T-shirt (or a ticket to the International  Spy Museum)  going to the first reader to crack the code.


----------



## CoryKS (Jul 7, 2010)

Be sure to drink your ovaltine.


----------



## Bruno@MT (Jul 9, 2010)

That code is simply the MD5 sum of their mission statement.
I give it geek points, and I applaud the UScc for recognizing that geekiness is an asset for their division.
But it was not really difficult to figure out apparently. Many people posted about it on /. yesterday.
MD5 is not a code as such, it is just a fancy checksum. You can't reconstruct the original statement with it.


----------



## Bill Mattocks (Jul 9, 2010)

What I found fascinating on the subject of cryptography was that the Russian spies that were deported the other day were using steganography, amongst other tricks, to conceal messages.  Steganography conceals data inside other data, such as photographs.  Not like the USCC, which concealed the text as a 'readable' value, but which conceals the code within the ones and zeros of the image (or MP3, or any computer file, really) without compromising the apparent value of the file in question.  Thus, a JPG file still looks the same, an MP3 file still plays the same, etc.  Cool stuff, been fascinated with it for years.


----------



## Bruno@MT (Jul 9, 2010)

I've even found one steganography app that would hide in executable code without changing the functionality of that program.

It would alter the cpu instruction stream in the executable code so that every 'add' would be a one, and every 'subtract' would be a zero. You can do this without altering what a program does (you can change any 'add' into a subtraction of the negative operand). Thus the program simply looked at the bitstream that had to be encoded, and then started at the first 'add' or 'sub' instruction and altered it accordingly. then it would go for the next 'add' or 'sub' and change that accordingly, etc.

So they could encode data in any exe file without changing the functionality. The only way to spot it is by calculating the hash code or compare the file size (which -could- be slightly different).


----------



## Bill Mattocks (Jul 9, 2010)

Bruno@MT said:


> I've even found one steganography app that would hide in executable code without changing the functionality of that program.
> 
> It would alter the cpu instruction stream in the executable code so that every 'add' would be a one, and every 'subtract' would be a zero. You can do this without altering what a program does (you can change any 'add' into a subtraction of the negative operand). Thus the program simply looked at the bitstream that had to be encoded, and then started at the first 'add' or 'sub' instruction and altered it accordingly. then it would go for the next 'add' or 'sub' and change that accordingly, etc.
> 
> So they could encode data in any exe file without changing the functionality. The only way to spot it is by calculating the hash code or compare the file size (which -could- be slightly different).



A huge amount of compiled code is junk anyway.  Even the best optimizing compilers seldom get the size of the executable down to assembler size, so there's generally a huge amount of room to replace with your own crypto'd strings of text, data, pointers, etc.

Heck, back in the days of DOS, I used to routinely use a hex editor on command.com to replace various strings so that my MS-DOS was 'rude' to people.  Instead of 'Command not found', it would say "What are you, an idiot?" or "Learn to type, moron."  Not steganography, it but it made it clear to me that compiled code is like DNA - most of it is junk.


----------



## jks9199 (Jul 9, 2010)

Bill Mattocks said:


> What I found fascinating on the subject of cryptography was that the Russian spies that were deported the other day were using steganography, amongst other tricks, to conceal messages.  Steganography conceals data inside other data, such as photographs.  Not like the USCC, which concealed the text as a 'readable' value, but which conceals the code within the ones and zeros of the image (or MP3, or any computer file, really) without compromising the apparent value of the file in question.  Thus, a JPG file still looks the same, an MP3 file still plays the same, etc.  Cool stuff, been fascinated with it for years.


Steganography has, unfortunately, gone through a resurgence of popularity of late.  Child porn purveyors and consumers are using it to hide their contraband within "innocent" photos.


----------



## gobbly (May 13, 2011)

For the most part, executable formats don't have large blocks of wasted space, the only space wasted is typically in offsets (gotta hit those word boundaries), other than that the memory space in the executable is packed fairly well.  This can't be said for how that translates at run time.

Anyway, what a lame competition


----------



## dbell (May 13, 2011)

Bill Mattocks said:


> What I found fascinating on the subject of cryptography was that the Russian spies that were deported the other day were using steganography, amongst other tricks, to conceal messages.  Steganography conceals data inside other data, such as photographs.  Not like the USCC, which concealed the text as a 'readable' value, but which conceals the code within the ones and zeros of the image (or MP3, or any computer file, really) without compromising the apparent value of the file in question.  Thus, a JPG file still looks the same, an MP3 file still plays the same, etc.  Cool stuff, been fascinated with it for years.



I love it too.  Been playing with it and working on my own steganography code on and off for a while now to implement it so I can learn it better!  FUN stuff!


----------

