How to cheat in your exercises or Why you should encrypt your stuff

How to cheat in your exercises or Why you should encrypt your stuff

·

2 min read

Hello guys, Since i was bored by my networking exams, i thought "what if i could cheat a little bit" let's see what i did

Getting started

The first step is to acquire a cisco packet tracer exercise, and understand how packet tracer understands the file format, So i opened a file in hxd

Unfortunately looks like a complete mess, no magic number or anything, maybe is encrypted i thought, so i opened packet tracer in binary ninja and i eventually stumbled upon this function

It looked like a decryption function, so i decided to rewrite it in c++, is also implemented a zlib decompress function, as i saw is also used in packet tracer, i eventually ended up with something like this

Then i compiled and passed my pka file, and with my surprise

What's Next

I carefully read all the tags in the xml until i found something interesting

To me it looked like an hash, then i remembered that my teacher, talked about a special admin area where she could see if we copy and pasted commands or not. i quickly opened packet tracer opened the activity wizard and set my own password

then i decoded my file, and the hash changed

Looking around the activity wizard, i noticed that she can see if we cheat or not. She lied to me, and since she lied i decided to have my revenge. I downloaded all packet tracer exercises from our cisco course, decrypted and swapped the original hash with my real one. Then went to activity wizard with my password, opened the initial network sub menu and clicked "Copy from answer network"

Then i checked the answers and

So i saved my file and swapped again my hash with the original one. So my teacher won't ever notice that the file was tampered. Just to make sure where we can use these exercise, a friend of mine sent to me a pka from his course. His hash matched to the hash from my course.

So is safe to say that cisco uses the same password for all the schools.

Tips

  • Encrypt the sensitive content with an algorithm like AES, Using a password like this is pointless

  • Don't use the same password for all the courses.

  • Complicate the reverse engineering by using a DRM like VMProtect