Add <hint> links to generator and encoder challenge modules including schema change to include <hint> tags.

Added exif_metadata scenario.

lib/schemas/encoder_metadata_schema.xsd

@@ -35,6 +35,7 @@
         <xs:element name="reference" type="xs:string" minOccurs="0" maxOccurs="unbounded"/>
         <xs:element name="software_name" type="xs:string" minOccurs="0" maxOccurs="unbounded"/>
         <xs:element name="software_license" type="xs:string" minOccurs="0" maxOccurs="unbounded"/>
+        <xs:element name="hint" type="xs:string" minOccurs="0" maxOccurs="1"/>
 
         <!--I/O: an encoder writes it's output to one fact, and reads from one or more-->
         <xs:element name="read_fact" type="xs:string" minOccurs="1" maxOccurs="unbounded"/>

lib/schemas/generator_metadata_schema.xsd

@@ -35,6 +35,7 @@
         <xs:element name="reference" type="xs:string" minOccurs="0" maxOccurs="unbounded"/>
         <xs:element name="software_name" type="xs:string" minOccurs="0" maxOccurs="unbounded"/>
         <xs:element name="software_license" type="xs:string" minOccurs="0" maxOccurs="unbounded"/>
+        <xs:element name="hint" type="xs:string" minOccurs="0" maxOccurs="1"/>
 
         <!--I/O: a generator writes it's output to one fact & can also take inputs-->
         <xs:element name="read_fact" type="xs:string" minOccurs="0" maxOccurs="unbounded"/>

modules/encoders/cipher/ascii_value_shift/secgen_metadata.xml

@@ -17,6 +17,10 @@
   <platform>linux</platform>
   <platform>windows</platform>
 
+  <hint>Encoded with a rotation cipher based on the ASCII value. Uses the 94 printable ascii characters.
+    Decoding tools are available online e.g. http://www.dcode.fr/rot-cipher
+  </hint>
+
   <read_fact>strings_to_encode</read_fact>
   <read_fact>shift_key</read_fact>
 

modules/encoders/cipher/caesar_shift/secgen_metadata.xml

@@ -16,6 +16,10 @@
   <platform>linux</platform>
   <platform>windows</platform>
 
+  <hint>Encoded with a rotation/shift cipher using a random key. Watch: https://www.youtube.com/watch?v=o6TPx1Co_wg
+    Decoding tools are available online e.g. http://www.dcode.fr/rot-cipher
+  </hint>
+
   <read_fact>strings_to_encode</read_fact>
   <read_fact>shift_key</read_fact>
 

modules/encoders/cipher/morse_code/secgen_metadata.xml

@@ -16,6 +16,10 @@
 
   <reference>https://gist.github.com/mikedamage/105081</reference>
 
+  <hint>Morse code decoders are available online e.g. https://morsecode.scphillips.com/translator.html
+    Morse code has a single representation for parenthesis, the SecGen flag format uses curly braces. Replace them!
+  </hint>
+
   <read_fact>strings_to_encode</read_fact>
 
   <default_input into="strings_to_encode">

modules/encoders/cipher/vignere/secgen_metadata.xml

@@ -23,6 +23,10 @@
   <reference>http://www.cs.mtu.edu/~shene/NSF-4/Tutorial/VIG/Vig-Base.html</reference>
   <reference>http://rosettacode.org/wiki/Vigen%C3%A8re_cipher#Ruby</reference>
 
+  <hint>Learn about Vigenere ciphers here: https://www.youtube.com/watch?v=zNO4PTlg62k
+    Decoding tools are available online e.g. http://www.dcode.fr/vigenere-cipher
+  </hint>
+
   <read_fact>strings_to_encode</read_fact>
   <read_fact>encryption_key</read_fact>
 

modules/generators/challenges/bitwise_xor/secgen_metadata.xml

@@ -17,7 +17,7 @@
   <platform>linux</platform>
   <platform>windows</platform>
 
-  <!--<hint>Take both binary strings and perform a bitwise XOR on them.</hint>-->
+  <hint>Take both binary strings and perform a bitwise XOR on them. - https://www.youtube.com/watch?v=YtghBxoBxpA</hint>
 
   <read_fact>string_to_mask</read_fact>
   <default_input into="string_to_mask">

modules/generators/challenges/encoded_diff/secgen_metadata.xml

@@ -1,7 +1,7 @@
 <?xml version="1.0"?>
 <generator xmlns="http://www.github/cliffe/SecGen/generator"
-               xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-               xsi:schemaLocation="http://www.github/cliffe/SecGen/generator">
+           xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+           xsi:schemaLocation="http://www.github/cliffe/SecGen/generator">
   <name>Encoded Diff Challenge</name>
   <author>Thomas Shaw</author>
   <module_license>MIT</module_license>
@@ -14,6 +14,8 @@
 
   <platform>linux</platform>
 
+  <hint>Sort the sets of strings, check if there are any differences in content and decode the hex.</hint>
+
   <read_fact>random_data</read_fact>
   <read_fact>strings_to_leak</read_fact>
 

modules/generators/challenges/exif/secgen_metadata.xml

@@ -3,10 +3,10 @@
 <generator xmlns="http://www.github/cliffe/SecGen/generator"
            xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
            xsi:schemaLocation="http://www.github/cliffe/SecGen/generator">
-  <name>Exif</name>
+  <name>Image ith Modified EXIF Metadata</name>
   <author>Thomas Shaw</author>
   <module_license>MIT</module_license>
-  <description>TODO</description>
+  <description>Modifies an image's EXIF metadata to leak a string.</description>
 
   <type>modified_exif</type>
   <type>image_generator</type>
@@ -15,6 +15,10 @@
   <platform>linux</platform>
   <platform>windows</platform>
 
+  <hint>Use a tool to extract the metadata e.g. exiftool (http://www.sno.phy.queensu.ca/~phil/exiftool/) or
+    http://exifdata.com/
+  </hint>
+
   <read_fact>base64_image</read_fact>
   <read_fact>strings_to_leak</read_fact>
   <read_fact>exif_field</read_fact>

modules/generators/challenges/hidden_data_in_image_file/secgen_metadata.xml

@@ -3,7 +3,7 @@
 <generator xmlns="http://www.github/cliffe/SecGen/generator"
            xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
            xsi:schemaLocation="http://www.github/cliffe/SecGen/generator">
-  <name>Hidden Data in Image File Challenge</name>
+  <name>Hidden Data in Image File</name>
   <author>Thomas Shaw</author>
   <module_license>MIT</module_license>
   <description>Makes use of a random image, encodes a string_to_leak (flag) then inserts the data to decode into the end
@@ -17,7 +17,7 @@
   <platform>linux</platform>
   <platform>windows</platform>
 
-  <!--<hint>Look at the file's raw hex. Example tools: hexedit/hexeditor </hint>-->
+  <hint>Inspect the file's raw hex. Look at end for something to decode. Example tools: hexedit/hexeditor</hint>
 
   <read_fact>base64_image</read_fact>
   <read_fact>strings_to_leak</read_fact>

modules/generators/image/qr_code/secgen_metadata.xml

@@ -15,12 +15,15 @@
   <platform>linux</platform>
   <platform>windows</platform>
 
+  <reference>https://github.com/whomwah/rqrcode</reference>
+
+  <hint>Use a QR reader mobile app or online decoder e.g. http://blog.qr4.nl/Online-QR-Code_decoder.aspx</hint>
+
   <read_fact>strings_to_leak</read_fact>
   <default_input into="strings_to_leak">
     <generator type="flag_generator"/>
   </default_input>
 
-  <!--<reference>https://github.com/whomwah/rqrcode</reference>-->
 
   <output_type>base64_encoded_image</output_type>
   

scenarios/examples/parameterised_examples/generator_examples/exif_metadata.xml

@@ -0,0 +1,21 @@
+<?xml version="1.0"?>
+
+<scenario xmlns="http://www.github/cliffe/SecGen/scenario"
+	   xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+	   xsi:schemaLocation="http://www.github/cliffe/SecGen/scenario">
+
+	<system>
+		<system_name>example_server</system_name>
+		<base platform="linux"/>
+
+		<!-- Generator which outputs an image with modified exif metadata code containing a flag. -->
+		<vulnerability read_fact="images_to_leak">
+			<input into="images_to_leak">
+				<generator type="modified_exif"/>
+			</input>
+		</vulnerability>
+
+		<network type="private_network" range="dhcp"/>
+	</system>
+
+</scenario>