In order to further simplify the task for contestants, we have removed irrelevant parameters, such as user_id and random_id. Since we assume that the attacker is already in full control of the Telegram servers, basic MTProto encryption is bypassed altogether. The protocol used by Paul and Nick to establish Secret Сhats and exchange messages is identical to the one used for Secret Chats in Telegram. This enables contestants to try CPA, KPA, MITM and other kinds of active attacks and data tampering. You control the entire process by sending commands to the Telegram user used as an interface for this contest. If any of these checks fails, they stop accepting messages in that Secret Chat. Paul and Nick are both using clients that perform all the checks from Telegram Security Guidelines and compare their key visualizations over an independent channel as soon as a new Secret Chat is established. They are represented by two virtual users that communicate via Secret Chats in Telegram. Your goal is to extract sensitive data (a secret email and password) from a conversation between two peers - Paul and Nick. In this contest you assume the role of a malicious entity in control of Telegram's servers. The current round of the contest is over.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |