mirror of
https://github.com/MarshalX/telegram-crawler.git
synced 2024-11-25 16:59:04 +01:00
152 lines
9.6 KiB
HTML
152 lines
9.6 KiB
HTML
<!DOCTYPE html>
|
||
<html class="">
|
||
<head>
|
||
<meta charset="utf-8">
|
||
<title>Security Contest Winter 2013-2014 FAQ</title>
|
||
<meta name="viewport" content="width=device-width, initial-scale=1.0">
|
||
<meta property="description" content="This contest has ended. Check out our new contest »
|
||
Q: Why did you launch this contest?
|
||
The goal of this contest is to…">
|
||
<meta property="og:title" content="Security Contest Winter 2013-2014 FAQ">
|
||
<meta property="og:image" content="https://core.telegram.org/img/tl_card_brick.png">
|
||
<meta property="og:description" content="This contest has ended. Check out our new contest »
|
||
Q: Why did you launch this contest?
|
||
The goal of this contest is to…">
|
||
<link rel="shortcut icon" href="/favicon.ico?4" type="image/x-icon" />
|
||
|
||
<link href="/css/bootstrap.min.css?3" rel="stylesheet">
|
||
|
||
<link href="/css/telegram.css?212" rel="stylesheet" media="screen">
|
||
<style>
|
||
</style>
|
||
</head>
|
||
<body class="preload">
|
||
<div class="dev_page_wrap">
|
||
<div class="dev_page_head navbar navbar-static-top navbar-tg">
|
||
<div class="navbar-inner">
|
||
<div class="container clearfix">
|
||
<ul class="nav navbar-nav navbar-right hidden-xs"><li class="navbar-twitter"><a href="https://twitter.com/telegram" target="_blank" data-track="Follow/Twitter" onclick="trackDlClick(this, event)"><i class="icon icon-twitter"></i><span> Twitter</span></a></li></ul>
|
||
<ul class="nav navbar-nav">
|
||
<li><a href="//telegram.org/">Home</a></li>
|
||
<li class="hidden-xs"><a href="//telegram.org/faq">FAQ</a></li>
|
||
<li class="hidden-xs"><a href="//telegram.org/apps">Apps</a></li>
|
||
<li class=""><a href="/api">API</a></li>
|
||
<li class=""><a href="/mtproto">Protocol</a></li>
|
||
<li class=""><a href="/schema">Schema</a></li>
|
||
</ul>
|
||
</div>
|
||
</div>
|
||
</div>
|
||
<div class="container clearfix">
|
||
<div class="dev_page">
|
||
<div id="dev_page_content_wrap" class=" ">
|
||
<div class="tl_contest_page_wrap">
|
||
|
||
<div class="tl_contest_side_image_wrap">
|
||
<img class="tl_contest_side_image tl_contest_side_image3" src="/img/tl_card_paperplane.png" />
|
||
</div>
|
||
<h1 id="dev_page_title">Security Contest Winter 2013-2014 FAQ</h1>
|
||
|
||
<div id="dev_page_content"><blockquote>
|
||
<p>This contest has <a href="https://telegram.org/blog/winter-contest-ends">ended</a>. Check out our <a href="https://telegram.org/blog/cryptocontest"><strong>new contest »</strong></a></p>
|
||
</blockquote>
|
||
<h4><a class="anchor" name="q-why-did-you-launch-this-contest" href="#q-why-did-you-launch-this-contest"><i class="anchor-icon"></i></a>Q: Why did you launch this contest?</h4>
|
||
<p>The goal of this contest is to solve a real-life problem. The question at hand is whether your internet-provider or another entity that intercepts your traffic would be able to decrypt your conversations over Telegram. We are inviting hackers and security experts to find ways of decrypting Telegram traffic. As a result we will either find a vulnerability in our encryption algorithm and fix it, or or get indirect evidence that decrypting our traffic is no easy task.</p>
|
||
<h4><a class="anchor" name="q-what-happens-if-someone-wins" href="#q-what-happens-if-someone-wins"><i class="anchor-icon"></i></a>Q: What happens if someone wins?</h4>
|
||
<p>If we have a winner in the current competition, we will start a new competition with an even larger prize. Of course, before launching a new competition we will have to fix the vulnerability that allowed the winner to decipher the traffic of Telegram. </p>
|
||
<h4><a class="anchor" name="q-what-do-i-have-access-to" href="#q-what-do-i-have-access-to"><i class="anchor-icon"></i></a>Q: What do I have access to?</h4>
|
||
<p>You have access to a <a href="http://core.telegram.org/mtproto">detailed description of the encryption system</a> we use, app source code, as well as complete traffic logs for the target ‘Paul’ (+79112317383) from the day he signed up for Telegram, updated in real time.</p>
|
||
<p>You need to decipher the secret email address, that Paul sends daily in one of the messages to ‘Nick’ (+79218944725), and describe the successful attack in an email to that address.</p>
|
||
<h4><a class="anchor" name="q-what-is-the-structure-of-your-traffic-log" href="#q-what-is-the-structure-of-your-traffic-log"><i class="anchor-icon"></i></a>Q: What is the structure of your traffic log?</h4>
|
||
<p>The structure of the traffic log is as follows:</p>
|
||
<pre><code> Unixtime Length-in-bytes Direction (in/out) ServerIP:Port Hexdump.</code></pre>
|
||
<p>For your convenience, only high-level TCP stream bytes are shown, ignoring IP packet boundaries and omitting TCP/IP headers.</p>
|
||
<h4><a class="anchor" name="q-does-paul-send-the-same-message-to-nick-every-day" href="#q-does-paul-send-the-same-message-to-nick-every-day"><i class="anchor-icon"></i></a>Q: Does Paul send the same message to Nick every day?</h4>
|
||
<p>No, just as in real life, Paul‘s messages to Nick can be different each time. The only thing that doesn’t change is the secret email address in his daily messages.</p>
|
||
<h4><a class="anchor" name="q-could-you-provide-an-example-of-a-paul-39s-message-to-nick" href="#q-could-you-provide-an-example-of-a-paul-39s-message-to-nick"><i class="anchor-icon"></i></a>Q: Could you provide an example of a Paul's message to Nick?</h4>
|
||
<p>Sure. The message may look like “Hey Nick, so here is the secret email address for the bounty hunters – {here goes the email}”.</p>
|
||
<h4><a class="anchor" name="q-i-want-to-try-active-attacks-in-the-current-contest-how-can-i" href="#q-i-want-to-try-active-attacks-in-the-current-contest-how-can-i"><i class="anchor-icon"></i></a>Q: I want to try active attacks in the current contest, how can I do that?</h4>
|
||
<p>At this stage, it is possible to analyze the traffic and send modified packets to the server, therefore perfoming length extension attacks, replay attacks etc. In case nobody achieves the goal of the current contest (deciphering intercepted Telegram traffic) by March 2014, we are willing to facilitate the task and provide the contestants with tools for performing more complicated active attacks.</p>
|
||
<h4><a class="anchor" name="q-what-if-i-dont-trust-bitcoins-and-dont-want-them-as-a-prize" href="#q-what-if-i-dont-trust-bitcoins-and-dont-want-them-as-a-prize"><i class="anchor-icon"></i></a>Q: What if I don‘t trust bitcoins and don’t want them as a prize?</h4>
|
||
<p>If the winner prefers conventional money over bitcoin, we will be happy to transfer them 200,000 regular USD instead of BTC.</p>
|
||
<h4><a class="anchor" name="q-it-is-only-2-5-months-i-need-more-time-to-find-bugs-in-your-pr" href="#q-it-is-only-2-5-months-i-need-more-time-to-find-bugs-in-your-pr"><i class="anchor-icon"></i></a>Q: It is only 2,5 months. I need more time to find bugs in your protocol!</h4>
|
||
<p>The contests to crack Telegram's encrypted protocol are a permanent feature of our project. We will always be launching a new contest after the end of the previous one, and the amount of the prize money is likely to increase. So whenever you are the first person to find vulnerabilities in our encryption system, you will be able to claim a prize — even after the current competition is over.</p>
|
||
<div class="text-center">
|
||
<img src="/img/tl_card_brick.png" width="160" height="160" />
|
||
</div>
|
||
|
||
<p><div class="dev_page_nav_wrap"></div></p>
|
||
</div>
|
||
|
||
</div>
|
||
|
||
</div>
|
||
</div>
|
||
<div class="footer_wrap">
|
||
<div class="footer_columns_wrap footer_desktop">
|
||
<div class="footer_column footer_column_telegram">
|
||
<h5>Telegram</h5>
|
||
<div class="footer_telegram_description"></div>
|
||
Telegram is a cloud-based mobile and desktop messaging app with a focus on security and speed.
|
||
</div>
|
||
|
||
<div class="footer_column">
|
||
<h5><a href="//telegram.org/faq">About</a></h5>
|
||
<ul>
|
||
<li><a href="//telegram.org/faq">FAQ</a></li>
|
||
<li><a href="//telegram.org/blog">Blog</a></li>
|
||
<li><a href="//telegram.org/jobs">Jobs</a></li>
|
||
</ul>
|
||
</div>
|
||
<div class="footer_column">
|
||
<h5><a href="//telegram.org/apps#mobile-apps">Mobile Apps</a></h5>
|
||
<ul>
|
||
<li><a href="//telegram.org/dl/ios">iPhone/iPad</a></li>
|
||
<li><a href="//telegram.org/dl/android">Android</a></li>
|
||
<li><a href="//telegram.org/dl/wp">Windows Phone</a></li>
|
||
</ul>
|
||
</div>
|
||
<div class="footer_column">
|
||
<h5><a href="//telegram.org/apps#desktop-apps">Desktop Apps</a></h5>
|
||
<ul>
|
||
<li><a href="//desktop.telegram.org/">PC/Mac/Linux</a></li>
|
||
<li><a href="//macos.telegram.org/">macOS</a></li>
|
||
<li><a href="//telegram.org/dl/web">Web-browser</a></li>
|
||
</ul>
|
||
</div>
|
||
<div class="footer_column footer_column_platform">
|
||
<h5><a href="/">Platform</a></h5>
|
||
<ul>
|
||
<li><a href="/api">API</a></li>
|
||
<li><a href="//translations.telegram.org/">Translations</a></li>
|
||
<li><a href="//instantview.telegram.org/">Instant View</a></li>
|
||
</ul>
|
||
</div>
|
||
</div>
|
||
<div class="footer_columns_wrap footer_mobile">
|
||
<div class="footer_column">
|
||
<h5><a href="//telegram.org/faq">About</a></h5>
|
||
</div>
|
||
<div class="footer_column">
|
||
<h5><a href="//telegram.org/blog">Blog</a></h5>
|
||
</div>
|
||
<div class="footer_column">
|
||
<h5><a href="//telegram.org/apps">Apps</a></h5>
|
||
</div>
|
||
<div class="footer_column">
|
||
<h5><a href="/">Platform</a></h5>
|
||
</div>
|
||
<div class="footer_column">
|
||
<h5><a href="https://twitter.com/telegram" target="_blank" data-track="Follow/Twitter" onclick="trackDlClick(this, event)">Twitter</a></h5>
|
||
</div>
|
||
</div>
|
||
</div>
|
||
</div>
|
||
<script src="/js/main.js?42"></script>
|
||
|
||
<script>backToTopInit("Go up");
|
||
removePreloadInit();
|
||
</script>
|
||
</body>
|
||
</html>
|
||
|