mirror of
https://github.com/cliffe/BreakEscape.git
synced 2026-02-21 19:28:03 +00:00
d327380fac
- Updated `validate_scenario.rb` to enforce correct usage of `targetKnot` in timed conversations, ensuring compliance with new requirements. - Added checks for missing properties in timed conversations, including `delay` and `targetKnot`, to improve scenario integrity. - Enhanced logging for validation issues, providing clearer feedback on scenario configuration errors. - Updated relevant scenarios to align with the new validation rules, ensuring consistency across gameplay elements.
1 line
24 KiB
JSON
1 line
24 KiB
JSON
{"inkVersion":21,"root":[[["done",{"#n":"g-0"}],null],"done",{"start":["ev",0,"/ev",{"VAR=":"instructor_rapport","re":true},"^Welcome back, ","ev",{"VAR?":"player_name"},"out","/ev","^. What would you like to discuss?","\n",{"->":"crypto_hub"},null],"intro_timed":["ev",0,"/ev",{"VAR=":"instructor_rapport","re":true},"^Welcome to Cryptography Fundamentals, ","ev",{"VAR?":"player_name"},"out","/ev","^. I'm your Crypto Instructor for this session.","\n","^Today we're covering encoding and encryption - two concepts that sound similar but serve very different purposes.","\n","^You'll learn about encoding schemes like Base64 and hexadecimal, symmetric encryption with AES and DES, and asymmetric cryptography with GPG.","\n","^These skills are essential for any security professional. Let me explain how this lab works. You'll find three key resources here:","\n","^First, there's a Lab Sheet Workstation in this room. This gives you access to detailed written instructions and exercises that complement our conversation. Use it to follow along with the material.","\n","^Second, in the VM lab room to the north, you'll find terminals to launch virtual machines. You'll work with a desktop system for hands-on practice with encoding and encryption challenges.","\n","^Finally, there's a Flag Submission Terminal where you'll submit flags you capture during the exercises. These flags demonstrate that you've successfully completed the challenges.","\n","^You can talk to me anytime to explore cryptography concepts, get tips, or ask questions about the material. I'm here to help guide your learning.","\n","^Ready to get started? Feel free to ask me about any topic, or head to the lab sheet workstation and VM room when you're ready to begin the practical exercises.","\n",{"->":"crypto_hub"},null],"crypto_hub":[["^What would you like to explore?","\n","ev","str","^Encoding vs Encryption - what's the difference?","/str","/ev",{"*":".^.c-0","flg":4},"ev","str","^Character encoding and ASCII","/str","/ev",{"*":".^.c-1","flg":4},"ev","str","^Hexadecimal and Base64","/str","/ev",{"*":".^.c-2","flg":4},"ev","str","^Symmetric key encryption","/str","/ev",{"*":".^.c-3","flg":4},"ev","str","^Public key cryptography","/str","/ev",{"*":".^.c-4","flg":4},"ev","str","^OpenSSL tools and commands","/str","/ev",{"*":".^.c-5","flg":4},"ev","str","^GPG key management","/str","/ev",{"*":".^.c-6","flg":4},"ev","str","^Show me the commands reference","/str","/ev",{"*":".^.c-7","flg":4},"ev","str","^I'm ready for the practical challenges","/str","/ev",{"*":".^.c-8","flg":4},"ev","str","^That's all for now","/str","/ev",{"*":".^.c-9","flg":4},{"c-0":["\n",{"->":"encoding_vs_encryption"},null],"c-1":["\n",{"->":"character_encoding"},null],"c-2":["\n",{"->":"hex_and_base64"},null],"c-3":["\n",{"->":"symmetric_encryption"},null],"c-4":["\n",{"->":"public_key_crypto"},null],"c-5":["\n",{"->":"openssl_tools"},null],"c-6":["\n",{"->":"gpg_intro"},null],"c-7":["\n",{"->":"commands_reference"},null],"c-8":["\n",{"->":"ready_for_practice"},null],"c-9":["\n","#","^exit_conversation","/#","end",null]}],null],"encoding_vs_encryption":[["ev",{"VAR?":"instructor_rapport"},5,"+",{"VAR=":"instructor_rapport","re":true},"/ev","#","^influence_increased","/#","^Excellent starting point. These terms get confused constantly.","\n","^Encoding transforms data into a different format using a publicly known, reversible scheme. Anyone can decode it - no secret required.","\n","^Encryption transforms data into a format readable only with a key or password. Without the key, the data is protected.","\n","^Think of it this way: encoding is like translating a book to a different language. Anyone with the right dictionary can read it. Encryption is like using a secret cipher - only those with the key can decode it.","\n","ev","str","^Why use encoding if it's not secure?","/str","/ev",{"*":".^.c-0","flg":20},"ev","str","^Can you give examples of each?","/str","/ev",{"*":".^.c-1","flg":20},"ev","str","^Got it","/str","/ev",{"*":".^.c-2","flg":20},{"c-0":["\n","ev",{"VAR?":"instructor_rapport"},8,"+",{"VAR=":"instructor_rapport","re":true},"/ev","#","^influence_increased","/#","^You: If encoding doesn't provide security, why use it?","\n","^Compatibility and efficiency. Base64, for instance, lets you safely transmit binary data over text-only protocols like email. Hexadecimal makes binary data human-readable for debugging.","\n","^Encoding solves technical problems. Encryption solves security problems. Different tools for different jobs.","\n",{"->":".^.^.g-0"},{"#f":5}],"c-1":["\n","^You: What are common examples of encoding and encryption?","\n","^Encoding: Base64, hexadecimal, ASCII, URL encoding. Used for data representation.","\n","^Encryption: AES, RSA, DES. Used for data protection.","\n","^If you find Base64 data, don't assume it's encrypted - it's just encoded. Trivial to reverse.","\n",{"->":".^.^.g-0"},{"#f":5}],"c-2":["\n","^You: Clear distinction.","\n",{"->":".^.^.g-0"},{"#f":5}],"g-0":[{"->":"crypto_hub"},null]}],null],"character_encoding":[["ev",{"VAR?":"instructor_rapport"},5,"+",{"VAR=":"instructor_rapport","re":true},"/ev","#","^influence_increased","/#","^Let's start with the basics - how computers represent text.","\n","^ASCII - American Standard Code for Information Interchange. Maps characters to numbers. For example, \"hello!\" is: Decimal: 104 101 108 108 111 33, Hex: 68 65 6c 6c 6f 21, Binary: 01101000 01100101 01101100 01101100 01101111 00100001","\n","^All the same data, just different representations.","\n","ev","str","^Why multiple representations?","/str","/ev",{"*":".^.c-0","flg":20},"ev","str","^Tell me about Unicode","/str","/ev",{"*":".^.c-1","flg":20},"ev","str","^Show me practical commands","/str","/ev",{"*":".^.c-2","flg":20},{"c-0":["\n","ev",{"VAR?":"instructor_rapport"},8,"+",{"VAR=":"instructor_rapport","re":true},"/ev","#","^influence_increased","/#","^You: Why do we need so many ways to represent the same thing?","\n","^Context. Humans read decimal. Computers process binary. Hex is compact for humans to read binary - two hex digits per byte.","\n","^Choose the representation that fits your needs. Debugging network traffic? Hex. Mathematical operations? Decimal. Actual processing? Binary.","\n",{"->":".^.^.g-0"},{"#f":5}],"c-1":["\n","^You: How does Unicode fit in?","\n","^ASCII is 7-bit, covers English characters. Unicode extends this to support every language, emoji, symbols.","\n","^UTF-8 is the dominant Unicode encoding - backward-compatible with ASCII, supports international characters efficiently.","\n","^Most modern systems use UTF-8 by default.","\n",{"->":".^.^.g-0"},{"#f":5}],"c-2":["\n","^You: What commands convert between these formats?","\n","^`xxd` is your friend. Try: `echo hello!` piped to `xxd` for hex output, `echo hello!` piped to `xxd -b` for binary, `echo 68656c6c6f21` piped to `xxd -r -p` to convert hex back to text.","\n","^Python's also excellent: `\"hello!\".encode().hex()` gets you hex.","\n",{"->":".^.^.g-0"},{"#f":5}],"g-0":[{"->":"crypto_hub"},null]}],null],"hex_and_base64":[["ev",{"VAR?":"instructor_rapport"},5,"+",{"VAR=":"instructor_rapport","re":true},"/ev","#","^influence_increased","/#","^Two encoding schemes you'll encounter constantly: hexadecimal and Base64.","\n","^Hexadecimal: Base-16. Uses 0-9 and a-f. Two hex characters per byte. Compact, human-readable representation of binary data.","\n","^Base64: Uses A-Z, a-z, 0-9, +, /, and = for padding. More efficient than hex for transmitting binary data. Four characters represent three bytes.","\n","ev","str","^When do I use Base64 vs hex?","/str","/ev",{"*":".^.c-0","flg":20},"ev","str","^Show me Base64 commands","/str","/ev",{"*":".^.c-1","flg":20},"ev","str","^How do I recognize Base64?","/str","/ev",{"*":".^.c-2","flg":20},{"c-0":["\n","ev",{"VAR?":"instructor_rapport"},10,"+",{"VAR=":"instructor_rapport","re":true},"/ev","#","^influence_increased","/#","^You: How do I choose between Base64 and hex?","\n","^Base64 when efficiency matters - 33% overhead vs 100% for hex. Common in web protocols, email attachments, JSON/XML with binary data.","\n","^Hex when human readability and debugging matter. Easier to spot patterns, map directly to bytes.","\n","^In CTFs and forensics? You'll see both constantly. Learn to recognize them on sight.","\n",{"->":".^.^.g-0"},{"#f":5}],"c-1":["\n","^You: Walk me through Base64 encoding.","\n","^Simple: `echo \"text\"` piped to `base64` encodes. `echo \"encoded\"` piped to `base64 -d` decodes.","\n","^Try this chain: `echo \"Valhalla\"` piped to `base64` piped to `xxd -p` piped to `xxd -r -p` piped to `base64 -d`","\n","^You're encoding to Base64, converting to hex, converting back, decoding Base64. Should get \"Valhalla\" back. Demonstrates reversibility.","\n",{"->":".^.^.g-0"},{"#f":5}],"c-2":["\n","^You: How can I identify Base64 when I see it?","\n","^Look for: alphanumeric characters, sometimes with + and /, often ending in = or ==.","\n","^Length is always multiple of 4 (due to padding).","\n","^Classic tell: mix of uppercase, lowercase, and numbers, ending in equals signs.","\n","^Example: `VmFsaGFsbGEK` - that's Base64.","\n",{"->":".^.^.g-0"},{"#f":5}],"g-0":[{"->":"crypto_hub"},null]}],null],"symmetric_encryption":[["ev",{"VAR?":"instructor_rapport"},5,"+",{"VAR=":"instructor_rapport","re":true},"/ev","#","^influence_increased","/#","^Symmetric encryption - the same key encrypts and decrypts. Fast, efficient, but has a key distribution problem.","\n","^Two main algorithms you'll use: DES and AES.","\n","ev","str","^Tell me about DES","/str","/ev",{"*":".^.c-0","flg":20},"ev","str","^Tell me about AES","/str","/ev",{"*":".^.c-1","flg":20},"ev","str","^What's the key distribution problem?","/str","/ev",{"*":".^.c-2","flg":20},"ev","str","^Back to main menu","/str","/ev",{"*":".^.c-3","flg":20},{"c-0":["\n","^You: What's DES?","\n",{"->":"des_explanation"},{"#f":5}],"c-1":["\n","^You: What's AES?","\n",{"->":"aes_explanation"},{"#f":5}],"c-2":["\n","ev",{"VAR?":"instructor_rapport"},10,"+",{"VAR=":"instructor_rapport","re":true},"/ev","#","^influence_increased","/#","^You: You mentioned a key distribution problem?","\n","^The fundamental challenge of symmetric crypto: how do you securely share the key?","\n","^If you encrypt a message with AES, your recipient needs the same key to decrypt. How do you get them the key without an attacker intercepting it?","\n","^This is where public key crypto comes in - or secure key exchange protocols like Diffie-Hellman.","\n",{"->":".^.^.^"},{"#f":5}],"c-3":["\n",{"->":"crypto_hub"},{"#f":5}]}],null],"des_explanation":[["ev",{"VAR?":"instructor_rapport"},5,"+",{"VAR=":"instructor_rapport","re":true},"/ev","#","^influence_increased","/#","^DES - Data Encryption Standard. Developed by IBM in the 1970s, based on Feistel ciphers.","\n","^56-bit key size. Small by modern standards - brute-forceable in reasonable time with modern hardware.","\n","^Historical importance, but don't use it for real security anymore. Superseded by AES.","\n","^OpenSSL command: `openssl enc -des-cbc -pbkdf2 -in file.txt -out file.enc`","\n","ev","str","^Why is 56-bit insufficient?","/str","/ev",{"*":".^.c-0","flg":20},"ev","str","^Show me the decryption command","/str","/ev",{"*":".^.c-1","flg":20},{"c-0":["\n","ev",{"VAR?":"instructor_rapport"},8,"+",{"VAR=":"instructor_rapport","re":true},"/ev","#","^influence_increased","/#","^You: Why is 56 bits too small?","\n","^2^56 possible keys - about 72 quadrillion. Sounds large, but modern systems can test millions or billions of keys per second.","\n","^DES was cracked in less than 24 hours in 1999. Hardware has only improved since then.","\n","^Compare to AES-256: 2^256 keys. Astronomically larger. Not brute-forceable with current or foreseeable technology.","\n",{"->":".^.^.g-0"},{"#f":5}],"c-1":["\n","^You: How do I decrypt DES-encrypted data?","\n","^`openssl enc -des-cbc -d -in file.enc -out decrypted.txt`","\n","^The `-d` flag specifies decryption. You'll be prompted for the password.","\n","^Note: password and key aren't quite the same. The password is hashed with PBKDF2 to derive the actual encryption key.","\n",{"->":".^.^.g-0"},{"#f":5}],"g-0":[{"->":"symmetric_encryption"},null]}],null],"aes_explanation":[["ev",{"VAR?":"instructor_rapport"},5,"+",{"VAR=":"instructor_rapport","re":true},"/ev","#","^influence_increased","/#","^AES - Advanced Encryption Standard. The modern symmetric encryption standard.","\n","^128-bit block cipher. Key sizes: 128, 192, or 256 bits. Uses substitution-permutation network - combination of substitution, permutation, mixing, and key addition.","\n","^Fast, secure, widely supported. This is what you should be using for symmetric encryption.","\n","ev","str","^How much stronger is AES than DES?","/str","/ev",{"*":".^.c-0","flg":20},"ev","str","^Show me AES commands","/str","/ev",{"*":".^.c-1","flg":20},"ev","str","^What's CBC mode?","/str","/ev",{"*":".^.c-2","flg":20},{"c-0":["\n","ev",{"VAR?":"instructor_rapport"},10,"+",{"VAR=":"instructor_rapport","re":true},"/ev","#","^influence_increased","/#","^You: Quantify the security improvement over DES.","\n","^DES: 2^56 keyspace. AES-128: 2^128. AES-256: 2^256.","\n","^AES-128 has 2^72 times more keys than DES. AES-256 has 2^200 times more keys than AES-128.","\n","^To put it in perspective: if you could test a trillion trillion keys per second, AES-256 would still take longer than the age of the universe to brute force.","\n","^Practical attacks on AES focus on implementation flaws, side channels, or compromising the key - not brute forcing.","\n",{"->":".^.^.g-0"},{"#f":5}],"c-1":["\n","^You: Walk me through AES encryption.","\n","^Encrypt: `openssl enc -aes-256-cbc -pbkdf2 -in file.txt -out file.enc`","\n","^Decrypt: `openssl enc -aes-256-cbc -d -in file.enc -out file.txt`","\n","^You can use -aes-128-cbc, -aes-192-cbc, or -aes-256-cbc depending on key size.","\n","^CBC mode is Cipher Block Chaining. ECB mode also available but has security weaknesses - avoid for real use.","\n",{"->":".^.^.g-0"},{"#f":5}],"c-2":["\n","ev",{"VAR?":"instructor_rapport"},8,"+",{"VAR=":"instructor_rapport","re":true},"/ev","#","^influence_increased","/#","^You: Explain CBC mode.","\n","^Cipher Block Chaining. Each block of plaintext is XORed with the previous ciphertext block before encryption.","\n","^This means identical plaintext blocks produce different ciphertext - hides patterns.","\n","^ECB (Electronic Codebook) encrypts each block independently - same input always produces same output. Leaks pattern information.","\n","^Always use CBC or more modern modes like GCM. Never use ECB for real data.","\n",{"->":".^.^.g-0"},{"#f":5}],"g-0":[{"->":"symmetric_encryption"},null]}],null],"public_key_crypto":[["ev",{"VAR?":"instructor_rapport"},5,"+",{"VAR=":"instructor_rapport","re":true},"/ev","#","^influence_increased","/#","^Asymmetric cryptography. Revolutionary concept - separate keys for encryption and decryption.","\n","^Public key: shared freely. Anyone can use it to encrypt messages to you.","\n","^Private key: kept secret. Only you can decrypt messages encrypted with your public key.","\n","^Solves the key distribution problem. You can publish your public key openly - doesn't compromise security.","\n","ev","str","^How does this actually work?","/str","/ev",{"*":".^.c-0","flg":20},"ev","str","^What's the downside?","/str","/ev",{"*":".^.c-1","flg":20},"ev","str","^Tell me about GPG","/str","/ev",{"*":".^.c-2","flg":20},{"c-0":["\n","ev",{"VAR?":"instructor_rapport"},10,"+",{"VAR=":"instructor_rapport","re":true},"/ev","#","^influence_increased","/#","^You: What's the underlying mechanism?","\n","^Mathematics - specifically, functions that are easy to compute in one direction but extremely hard to reverse without special information.","\n","^RSA uses factoring large prime numbers. Easy to multiply two huge primes, nearly impossible to factor the result back without knowing the primes.","\n","^Your private key contains the primes. Your public key contains their product. Encryption uses the product, decryption needs the primes.","\n","^Full math is beyond this course, but that's the essence. One-way mathematical trap doors.","\n",{"->":".^.^.g-0"},{"#f":5}],"c-1":["\n","ev",{"VAR?":"instructor_rapport"},8,"+",{"VAR=":"instructor_rapport","re":true},"/ev","#","^influence_increased","/#","^You: This sounds perfect. What's the catch?","\n","^Performance. Asymmetric crypto is much slower than symmetric.","\n","^Typical use: asymmetric crypto to exchange a symmetric key, then symmetric crypto for actual data.","\n","^TLS/SSL does exactly this - RSA or ECDH to agree on a session key, then AES to encrypt the connection.","\n","^Hybrid approach gets security of asymmetric with performance of symmetric.","\n",{"->":".^.^.g-0"},{"#f":5}],"c-2":["\n","^You: How does GPG fit into this?","\n","^GPG - GNU Privacy Guard. Open source implementation of PGP (Pretty Good Privacy).","\n","^Provides public-key crypto for email encryption, file encryption, digital signatures.","\n","^Industry standard for email security and file protection.","\n",{"->":"gpg_intro"},{"->":".^.^.g-0"},{"#f":5}],"g-0":[{"->":"crypto_hub"},null]}],null],"openssl_tools":[["ev",{"VAR?":"instructor_rapport"},5,"+",{"VAR=":"instructor_rapport","re":true},"/ev","#","^influence_increased","/#","^OpenSSL - the Swiss Army knife of cryptography.","\n","^It's a toolkit implementing SSL/TLS protocols and providing cryptographic functions. Command-line tool plus libraries.","\n","^Can do: key generation, encryption, decryption, hashing, certificate management, SSL/TLS testing, and much more.","\n","ev","str","^Show me useful commands","/str","/ev",{"*":".^.c-0","flg":20},"ev","str","^Tell me about the 2014 vulnerability","/str","/ev",{"*":".^.c-1","flg":20},"ev","str","^How do I check OpenSSL version?","/str","/ev",{"*":".^.c-2","flg":20},{"c-0":["\n","^You: What are the most useful OpenSSL commands?","\n","^List available ciphers: `openssl list -cipher-algorithms`","\n","^Generate hash: `echo \"data\"` piped to `openssl dgst -sha256`","\n","^Encrypt file: `openssl enc -aes-256-cbc -in file -out file.enc`","\n","^Check certificate: `openssl x509 -in cert.pem -text -noout`","\n","^Test SSL connection: `openssl s_client -connect example.com:443`","\n","^Generate random bytes: `openssl rand -hex 32`","\n",{"->":".^.^.g-0"},{"#f":5}],"c-1":["\n","ev",{"VAR?":"instructor_rapport"},15,"+",{"VAR=":"instructor_rapport","re":true},"/ev","#","^influence_increased","/#","^You: You mentioned a major OpenSSL vulnerability in 2014?","\n","^Heartbleed. CVE-2014-0160. One of the most significant security flaws in internet history.","\n","^Bug in OpenSSL's implementation of TLS heartbeat extension. Allowed attackers to read server memory - including private keys, passwords, session tokens.","\n","^Affected two-thirds of web servers. Required widespread patching and certificate replacement.","\n","^Important lesson: even cryptographic implementations can have bugs. The algorithms (AES, RSA) were fine - the implementation was flawed.","\n","^This is why: keep software updated, use well-audited libraries, implement defense in depth.","\n",{"->":".^.^.g-0"},{"#f":5}],"c-2":["\n","^You: How do I know what version I'm running?","\n","^`openssl version -a` shows version and build details.","\n","^Post-Heartbleed, you want OpenSSL 1.0.1g or later, or 1.0.2 series.","\n","^Most modern systems use OpenSSL 1.1.1 or 3.x now.","\n",{"->":".^.^.g-0"},{"#f":5}],"g-0":[{"->":"crypto_hub"},null]}],null],"gpg_intro":[["ev",{"VAR?":"instructor_rapport"},5,"+",{"VAR=":"instructor_rapport","re":true},"/ev","#","^influence_increased","/#","^GPG - GNU Privacy Guard. Open-source public-key cryptography and signing tool.","\n","^Core concepts: key pairs (public and private), encryption, decryption, signing, verification.","\n","ev","str","^Walk me through key generation","/str","/ev",{"*":".^.c-0","flg":20},"ev","str","^How do I share my public key?","/str","/ev",{"*":".^.c-1","flg":20},"ev","str","^Encrypting and decrypting","/str","/ev",{"*":".^.c-2","flg":20},"ev","str","^What about digital signatures?","/str","/ev",{"*":".^.c-3","flg":20},{"c-0":["\n","^You: How do I create GPG keys?","\n","^`gpg --gen-key` starts the process. You'll provide name, email, passphrase.","\n","^This creates a key pair. Public key you share, private key you protect.","\n","^The passphrase protects your private key - don't forget it! Without it, your private key is useless.","\n",{"->":".^.^.g-0"},{"#f":5}],"c-1":["\n","^You: How do others get my public key?","\n","^Export it: `gpg --export -a \"Your Name\" > public.key`","\n","^This creates ASCII-armored public key file. Share it via email, website, key server.","\n","^Recipients import it: `gpg --import public.key`","\n","^Now they can encrypt messages only you can read.","\n",{"->":".^.^.g-0"},{"#f":5}],"c-2":["\n","^You: Show me the encryption workflow.","\n","^Encrypt: `gpg -e -r \"Recipient Name\" file.txt` creates file.txt.gpg","\n","^Decrypt: `gpg -d file.txt.gpg > decrypted.txt`","\n","^Recipient's public key must be in your keyring to encrypt for them.","\n","^Your private key must be available to decrypt messages to you.","\n",{"->":".^.^.g-0"},{"#f":5}],"c-3":["\n","ev",{"VAR?":"instructor_rapport"},10,"+",{"VAR=":"instructor_rapport","re":true},"/ev","#","^influence_increased","/#","^You: How do signatures work?","\n","^Signatures prove a message came from you and wasn't modified.","\n","^Sign: `gpg -s file.txt` - creates file.txt.gpg with signature","\n","^Verify: `gpg --verify file.txt.gpg` - confirms signature and shows signer","\n","^Uses your private key to sign, others use your public key to verify. Reverse of encryption.","\n","^Provides authenticity and integrity - critical for software distribution, secure communications.","\n",{"->":".^.^.g-0"},{"#f":5}],"g-0":[{"->":"crypto_hub"},null]}],null],"commands_reference":[["^Quick reference for the commands we've covered:","\n","^Encoding:","\n",["^Hex: `echo \"text\"` piped to `xxd -p` (encode), `echo \"hex\"` piped to `xxd -r -p` (decode)","\n",["^Base64: `echo \"text\"` piped to `base64` (encode), `echo \"b64\"` piped to `base64 -d` (decode)","\n",["^View as binary: `xxd -b file`","\n","^Symmetric Encryption (OpenSSL):","\n",["^AES encrypt: `openssl enc -aes-256-cbc -pbkdf2 -in file -out file.enc`","\n",["^AES decrypt: `openssl enc -aes-256-cbc -d -in file.enc -out file.txt`","\n",["^DES encrypt: `openssl enc -des-cbc -pbkdf2 -in file -out file.enc`","\n",["^List ciphers: `openssl list -cipher-algorithms`","\n","^Public Key Crypto (GPG):","\n",["^Generate keys: `gpg --gen-key`","\n",["^List keys: `gpg --list-keys`","\n",["^Export public: `gpg --export -a \"Name\" > public.key`","\n",["^Import key: `gpg --import key.asc`","\n",["^Encrypt: `gpg -e -r \"Recipient\" file`","\n",["^Decrypt: `gpg -d file.gpg`","\n",["^Sign: `gpg -s file`","\n",["^Verify: `gpg --verify file.gpg`","\n","^Useful OpenSSL:","\n",["^Hash: `openssl dgst -sha256 file`","\n",["^Random data: `openssl rand -hex 32`","\n",["^Version: `openssl version`","\n","ev","str","^Back to main menu","/str","/ev",{"*":".^.c-0","flg":4},{"c-0":["\n",{"->":"crypto_hub"},null],"#n":"g-17"}],{"#n":"g-16"}],{"#n":"g-15"}],{"#n":"g-14"}],{"#n":"g-13"}],{"#n":"g-12"}],{"#n":"g-11"}],{"#n":"g-10"}],{"#n":"g-9"}],{"#n":"g-8"}],{"#n":"g-7"}],{"#n":"g-6"}],{"#n":"g-5"}],{"#n":"g-4"}],{"#n":"g-3"}],{"#n":"g-2"}],{"#n":"g-1"}],{"#n":"g-0"}],null],null],"ready_for_practice":["^Excellent. You've covered the fundamentals.","\n","^In your VM's home directory, you'll find CTF challenges testing these skills: Decoding various encoded data, decrypting symmetrically-encrypted files, using GPG for secure communication, and breaking weak encryption.","\n","^Practical tips:","\n","^Recognize encoding schemes on sight: Base64 ends in =, hex is 0-9 and a-f, binary is only 0 and 1.","\n","^Try obvious passwords first: \"password\", \"admin\", \"123456\". Weak keys are common.","\n","^Check file headers: `file` command identifies file types even if extension is wrong. Encoded/encrypted data looks like random bytes.","\n","^Use CyberChef for quick analysis: Web tool that chains encoding/decoding operations. Great for CTFs.","\n","^Document what you try: When attempting decryption, track what keys/methods you've tested. Easy to lose track.","\n","ev",{"VAR?":"instructor_rapport"},50,">=","/ev",[{"->":".^.b","c":true},{"b":["\n","^You've asked excellent questions and engaged deeply with the material. You're well-prepared.","\n",{"->":".^.^.^.22"},null]}],"nop","\n","^Remember: encoding is reversible with no secret. Encryption requires keys. Symmetric uses same key for both. Asymmetric uses key pairs.","\n","^Now go break some crypto challenges. Good luck, Agent ","ev",{"VAR?":"player_name"},"out","/ev","^.","\n","#","^exit_conversation","/#","end",null],"global decl":["ev",0,{"VAR=":"instructor_rapport"},"str","^Agent 0x00","/str",{"VAR=":"player_name"},"/ev","end",null]}],"listDefs":{}} |