From bacd0b5f78abe7dc70dfe8f46fc05c7e1bbb6657 Mon Sep 17 00:00:00 2001
From: thomashaw <thomashaw@gmail.com>
Date: Tue, 2 May 2017 14:42:03 +0100
Subject: [PATCH] Add <hint> links to generator and encoder challenge modules
 including schema change to include <hint> tags. Added exif_metadata scenario.

---
 lib/schemas/encoder_metadata_schema.xsd       |  1 +
 lib/schemas/generator_metadata_schema.xsd     |  1 +
 .../ascii_value_shift/secgen_metadata.xml     |  4 ++++
 .../cipher/caesar_shift/secgen_metadata.xml   |  4 ++++
 .../cipher/morse_code/secgen_metadata.xml     |  4 ++++
 .../cipher/vignere/secgen_metadata.xml        |  4 ++++
 .../bitwise_xor/secgen_metadata.xml           |  2 +-
 .../encoded_diff/secgen_metadata.xml          |  6 ++++--
 .../challenges/exif/secgen_metadata.xml       |  8 +++++--
 .../secgen_metadata.xml                       |  4 ++--
 .../image/qr_code/secgen_metadata.xml         |  5 ++++-
 .../generator_examples/exif_metadata.xml      | 21 +++++++++++++++++++
 12 files changed, 56 insertions(+), 8 deletions(-)
 create mode 100644 scenarios/examples/parameterised_examples/generator_examples/exif_metadata.xml

diff --git a/lib/schemas/encoder_metadata_schema.xsd b/lib/schemas/encoder_metadata_schema.xsd
index a5618b206..41e5dafa0 100644
--- a/lib/schemas/encoder_metadata_schema.xsd
+++ b/lib/schemas/encoder_metadata_schema.xsd
@@ -35,6 +35,7 @@
         <xs:element name="reference" type="xs:string" minOccurs="0" maxOccurs="unbounded"/>
         <xs:element name="software_name" type="xs:string" minOccurs="0" maxOccurs="unbounded"/>
         <xs:element name="software_license" type="xs:string" minOccurs="0" maxOccurs="unbounded"/>
+        <xs:element name="hint" type="xs:string" minOccurs="0" maxOccurs="1"/>
 
         <!--I/O: an encoder writes it's output to one fact, and reads from one or more-->
         <xs:element name="read_fact" type="xs:string" minOccurs="1" maxOccurs="unbounded"/>
diff --git a/lib/schemas/generator_metadata_schema.xsd b/lib/schemas/generator_metadata_schema.xsd
index 6af6b86c7..3a5adcedb 100644
--- a/lib/schemas/generator_metadata_schema.xsd
+++ b/lib/schemas/generator_metadata_schema.xsd
@@ -35,6 +35,7 @@
         <xs:element name="reference" type="xs:string" minOccurs="0" maxOccurs="unbounded"/>
         <xs:element name="software_name" type="xs:string" minOccurs="0" maxOccurs="unbounded"/>
         <xs:element name="software_license" type="xs:string" minOccurs="0" maxOccurs="unbounded"/>
+        <xs:element name="hint" type="xs:string" minOccurs="0" maxOccurs="1"/>
 
         <!--I/O: a generator writes it's output to one fact & can also take inputs-->
         <xs:element name="read_fact" type="xs:string" minOccurs="0" maxOccurs="unbounded"/>
diff --git a/modules/encoders/cipher/ascii_value_shift/secgen_metadata.xml b/modules/encoders/cipher/ascii_value_shift/secgen_metadata.xml
index f6071a6fd..411864c24 100644
--- a/modules/encoders/cipher/ascii_value_shift/secgen_metadata.xml
+++ b/modules/encoders/cipher/ascii_value_shift/secgen_metadata.xml
@@ -17,6 +17,10 @@
   <platform>linux</platform>
   <platform>windows</platform>
 
+  <hint>Encoded with a rotation cipher based on the ASCII value. Uses the 94 printable ascii characters.
+    Decoding tools are available online e.g. http://www.dcode.fr/rot-cipher
+  </hint>
+
   <read_fact>strings_to_encode</read_fact>
   <read_fact>shift_key</read_fact>
 
diff --git a/modules/encoders/cipher/caesar_shift/secgen_metadata.xml b/modules/encoders/cipher/caesar_shift/secgen_metadata.xml
index eb2ce019e..aeee0c8d4 100644
--- a/modules/encoders/cipher/caesar_shift/secgen_metadata.xml
+++ b/modules/encoders/cipher/caesar_shift/secgen_metadata.xml
@@ -16,6 +16,10 @@
   <platform>linux</platform>
   <platform>windows</platform>
 
+  <hint>Encoded with a rotation/shift cipher using a random key. Watch: https://www.youtube.com/watch?v=o6TPx1Co_wg
+    Decoding tools are available online e.g. http://www.dcode.fr/rot-cipher
+  </hint>
+
   <read_fact>strings_to_encode</read_fact>
   <read_fact>shift_key</read_fact>
 
diff --git a/modules/encoders/cipher/morse_code/secgen_metadata.xml b/modules/encoders/cipher/morse_code/secgen_metadata.xml
index 171805f2d..9d1b38646 100644
--- a/modules/encoders/cipher/morse_code/secgen_metadata.xml
+++ b/modules/encoders/cipher/morse_code/secgen_metadata.xml
@@ -16,6 +16,10 @@
 
   <reference>https://gist.github.com/mikedamage/105081</reference>
 
+  <hint>Morse code decoders are available online e.g. https://morsecode.scphillips.com/translator.html
+    Morse code has a single representation for parenthesis, the SecGen flag format uses curly braces. Replace them!
+  </hint>
+
   <read_fact>strings_to_encode</read_fact>
 
   <default_input into="strings_to_encode">
diff --git a/modules/encoders/cipher/vignere/secgen_metadata.xml b/modules/encoders/cipher/vignere/secgen_metadata.xml
index 3435cecc8..bb1eae67e 100644
--- a/modules/encoders/cipher/vignere/secgen_metadata.xml
+++ b/modules/encoders/cipher/vignere/secgen_metadata.xml
@@ -23,6 +23,10 @@
   <reference>http://www.cs.mtu.edu/~shene/NSF-4/Tutorial/VIG/Vig-Base.html</reference>
   <reference>http://rosettacode.org/wiki/Vigen%C3%A8re_cipher#Ruby</reference>
 
+  <hint>Learn about Vigenere ciphers here: https://www.youtube.com/watch?v=zNO4PTlg62k
+    Decoding tools are available online e.g. http://www.dcode.fr/vigenere-cipher
+  </hint>
+
   <read_fact>strings_to_encode</read_fact>
   <read_fact>encryption_key</read_fact>
 
diff --git a/modules/generators/challenges/bitwise_xor/secgen_metadata.xml b/modules/generators/challenges/bitwise_xor/secgen_metadata.xml
index ae07d5bb7..0d792ee27 100644
--- a/modules/generators/challenges/bitwise_xor/secgen_metadata.xml
+++ b/modules/generators/challenges/bitwise_xor/secgen_metadata.xml
@@ -17,7 +17,7 @@
   <platform>linux</platform>
   <platform>windows</platform>
 
-  <!--<hint>Take both binary strings and perform a bitwise XOR on them.</hint>-->
+  <hint>Take both binary strings and perform a bitwise XOR on them. - https://www.youtube.com/watch?v=YtghBxoBxpA</hint>
 
   <read_fact>string_to_mask</read_fact>
   <default_input into="string_to_mask">
diff --git a/modules/generators/challenges/encoded_diff/secgen_metadata.xml b/modules/generators/challenges/encoded_diff/secgen_metadata.xml
index 3ac100d28..784362b40 100644
--- a/modules/generators/challenges/encoded_diff/secgen_metadata.xml
+++ b/modules/generators/challenges/encoded_diff/secgen_metadata.xml
@@ -1,7 +1,7 @@
 <?xml version="1.0"?>
 <generator xmlns="http://www.github/cliffe/SecGen/generator"
-               xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-               xsi:schemaLocation="http://www.github/cliffe/SecGen/generator">
+           xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+           xsi:schemaLocation="http://www.github/cliffe/SecGen/generator">
   <name>Encoded Diff Challenge</name>
   <author>Thomas Shaw</author>
   <module_license>MIT</module_license>
@@ -14,6 +14,8 @@
 
   <platform>linux</platform>
 
+  <hint>Sort the sets of strings, check if there are any differences in content and decode the hex.</hint>
+
   <read_fact>random_data</read_fact>
   <read_fact>strings_to_leak</read_fact>
 
diff --git a/modules/generators/challenges/exif/secgen_metadata.xml b/modules/generators/challenges/exif/secgen_metadata.xml
index 82ccde09a..25a9c7fef 100644
--- a/modules/generators/challenges/exif/secgen_metadata.xml
+++ b/modules/generators/challenges/exif/secgen_metadata.xml
@@ -3,10 +3,10 @@
 <generator xmlns="http://www.github/cliffe/SecGen/generator"
            xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
            xsi:schemaLocation="http://www.github/cliffe/SecGen/generator">
-  <name>Exif</name>
+  <name>Image ith Modified EXIF Metadata</name>
   <author>Thomas Shaw</author>
   <module_license>MIT</module_license>
-  <description>TODO</description>
+  <description>Modifies an image's EXIF metadata to leak a string.</description>
 
   <type>modified_exif</type>
   <type>image_generator</type>
@@ -15,6 +15,10 @@
   <platform>linux</platform>
   <platform>windows</platform>
 
+  <hint>Use a tool to extract the metadata e.g. exiftool (http://www.sno.phy.queensu.ca/~phil/exiftool/) or
+    http://exifdata.com/
+  </hint>
+
   <read_fact>base64_image</read_fact>
   <read_fact>strings_to_leak</read_fact>
   <read_fact>exif_field</read_fact>
diff --git a/modules/generators/challenges/hidden_data_in_image_file/secgen_metadata.xml b/modules/generators/challenges/hidden_data_in_image_file/secgen_metadata.xml
index 9683c2434..b8c3597e0 100644
--- a/modules/generators/challenges/hidden_data_in_image_file/secgen_metadata.xml
+++ b/modules/generators/challenges/hidden_data_in_image_file/secgen_metadata.xml
@@ -3,7 +3,7 @@
 <generator xmlns="http://www.github/cliffe/SecGen/generator"
            xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
            xsi:schemaLocation="http://www.github/cliffe/SecGen/generator">
-  <name>Hidden Data in Image File Challenge</name>
+  <name>Hidden Data in Image File</name>
   <author>Thomas Shaw</author>
   <module_license>MIT</module_license>
   <description>Makes use of a random image, encodes a string_to_leak (flag) then inserts the data to decode into the end
@@ -17,7 +17,7 @@
   <platform>linux</platform>
   <platform>windows</platform>
 
-  <!--<hint>Look at the file's raw hex. Example tools: hexedit/hexeditor </hint>-->
+  <hint>Inspect the file's raw hex. Look at end for something to decode. Example tools: hexedit/hexeditor</hint>
 
   <read_fact>base64_image</read_fact>
   <read_fact>strings_to_leak</read_fact>
diff --git a/modules/generators/image/qr_code/secgen_metadata.xml b/modules/generators/image/qr_code/secgen_metadata.xml
index c6b550cf7..d93ed845d 100644
--- a/modules/generators/image/qr_code/secgen_metadata.xml
+++ b/modules/generators/image/qr_code/secgen_metadata.xml
@@ -15,12 +15,15 @@
   <platform>linux</platform>
   <platform>windows</platform>
 
+  <reference>https://github.com/whomwah/rqrcode</reference>
+
+  <hint>Use a QR reader mobile app or online decoder e.g. http://blog.qr4.nl/Online-QR-Code_decoder.aspx</hint>
+
   <read_fact>strings_to_leak</read_fact>
   <default_input into="strings_to_leak">
     <generator type="flag_generator"/>
   </default_input>
 
-  <!--<reference>https://github.com/whomwah/rqrcode</reference>-->
 
   <output_type>base64_encoded_image</output_type>
   
diff --git a/scenarios/examples/parameterised_examples/generator_examples/exif_metadata.xml b/scenarios/examples/parameterised_examples/generator_examples/exif_metadata.xml
new file mode 100644
index 000000000..9c41ed7f3
--- /dev/null
+++ b/scenarios/examples/parameterised_examples/generator_examples/exif_metadata.xml
@@ -0,0 +1,21 @@
+<?xml version="1.0"?>
+
+<scenario xmlns="http://www.github/cliffe/SecGen/scenario"
+	   xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+	   xsi:schemaLocation="http://www.github/cliffe/SecGen/scenario">
+
+	<system>
+		<system_name>example_server</system_name>
+		<base platform="linux"/>
+
+		<!-- Generator which outputs an image with modified exif metadata code containing a flag. -->
+		<vulnerability read_fact="images_to_leak">
+			<input into="images_to_leak">
+				<generator type="modified_exif"/>
+			</input>
+		</vulnerability>
+
+		<network type="private_network" range="dhcp"/>
+	</system>
+
+</scenario>