Post

HackDay 2024 | Baby Cryptography | [Crypto]

HackDay 2024 - Write-Up - Baby Cryptography [Crypto]

Statement

1
2
3
4
5
6
Among the exchanges recovered between the Union agents we also saw an encrypted message. He must be talking about something important. That is why we ask you to decipher the communication. We know that the agent knows how to xor and how to count...

Parmi les échanges récupérés entre les agents du Syndicat nous avons aussi vu un message crypté. Il doit surement parler de quelque chose d'important. Nous savons qu'il sait compter et xorer. C'est pourquoi nous vous demandons de déchiffrer la communication. 

Déchiffrez le texte ci-joint (il a été base64 pour la portabilité ^^) Formatage du drapeau : HACKDAY{email} 
Decrypt the file (which was base64 for portability) FLAG FORMAT : HACKDAY{email} 

Author : Chelinka
Points : 100
Solves : 62
Source : You can get the source files on the HackDay GitHub

Analysis of the input file

In this challenge we are given an input secret.txt file wich contains a base64 string. We can decode it using the following python code :

1
2
3
4
5
6
7
from base64 import b64decode

with open("secret.txt") as f_in:
	ct = b64decode(f_in.read())
	print(ct)

	f_in.close()

Here is a part of the result :

1
b'Hdnok%Q7zd9xx>|#\x1a\x1bZvfp6vj|:otx>vNRVQQFRNGGY\x0bXB\x0eI_]^\\C\x0f<\x17\x15\x19cTI\x1d_M%a%,-+!g<&j>?(n;84r&\' 7;x07+0<0+@\x15\rC\x01\x0b\x12\x02[...]'

Solving the chall

According to the statement, we know that “the agent know how to XOR and count”. Moreover, we see that the first character is decodable and the further you go from the beginning of the text, the more it becomes undecodable. We can try to XOR each character with it’s index in the text with the following python code :

1
2
3
4
5
res = b""
for char_index in range(len(ct)):
	res += bytes([ct[char_index] ^ char_index])

print(res)

But we get this error :

1
2
3
    res += bytes([ct[c] ^ c])
           ^^^^^^^^^^^^^^^^^^
ValueError: bytes must be in range(0, 256)

Obviously, after a while, we XOR with indexes that are too large, so the XOR result will also be large. So we need to reduce each intermediate res modulo 256 and then we get the following text :

1
b"Hello W0rm3st3r,\n\nHere are the instructions to follow:\n - You are going to use the usual implant to enter the company's virtual enclosure we talked about last time.\n- The implant will be detected after a few days by the Blue Team, which is perfectly normal. This gives us plenty of time to scan the network, as well as the Active Directory behind it.\n- Your only objective is to park in the Starbucks opposite the company and collect the data emitted by the implant.\n- Once you've completed the scan, or stopped the implant, you'll send us the encrypted data to the following address: C2endpoint@requiemC2.thm.htb.rm.fr\n\nLet's get to work!"

According to the flag format, here is the flag : HACKDAY{C2endpoint@requiemC2.thm.htb.rm.fr}

This post is licensed under CC BY 4.0 by the author.