HACKVent 2020 – Day 3

Challenge – Packed gifts

One of the elves has unfortunately added a password to the last presents delivery and we cannot open it. The elf has taken a few days off after all the stress of the last weeks and is not available. Can you open the package for us?

We found the following packages:

Solution

Package 2 seems to be encrypted while Package 1 isn’t. First thought was, that the Key might be the password, but at a second glance, there is a flag.bin in the encrypted archive 😅.

Both zip files have the same contents (excpect for the flag.bin), so this is predetermined to be a known plaintext attack. So lets fire up kali (no code this time 😔) and heat the house with cpu power.

(This tutorial was really helpful, since i didn’t know all the commands / applications from memory)

./pkcrack -c 0066.bin -p 0066.bin -C ../../Downloads/941fdd96-3585-4fca-a2dd-e8add81f24a1.zip -P ../../Downloads/790ccd6f-cd84-452c-8bee-7aae5dfe2610.zip -d decrypted.zip

Aaaaaaaand it didnt work. After many setbacks (with different files, different tools, …) i realized: “HOLY SHIT, the CRCs of the encrypted and plaintext files dont match!”. So.. the Plaintext files aren’t the same as the encrypted ones after all. Of course the plaintext attack doesn’t work.

After some fruitless trial and errors, i thought, maybe i should check the CRCs of the 100 files in both zips.
And there is one file that matches with the encrypted one! it is 0053.bin, so lets try again:

./pkcrack -c 0053.bin -p 0053.bin -C ../../Downloads/941fdd96-3585-4fca-a2dd-e8add81f24a1.zip -P ../../Downloads/790ccd6f-cd84-452c-8bee-7aae5dfe2610.zip -d decrypted.zip 

HEUREKA! The content of flag.bin:

SFYyMHtaaXBDcnlwdDBfdzF0aF9rbjB3bl9wbGExbnRleHRfMXNfZWFzeV90MF9kZWNyeXB0fSAgICAgICAgICAgICAgICAgSFYyMHtaaXBDcnlwdDBfdzF0aF9rbjB3bl9wbGExbnRleHRfMXNfZWFzeV90MF9kZWNyeXB0fQo=

Which obviously is base64 for

HV20{ZipCrypt0_w1th_kn0wn_pla1ntext_1s_easy_t0_decrypt}                 HV20{ZipCrypt0_w1th_kn0wn_pla1ntext_1s_easy_t0_decrypt}

BONUS

There is a second flag hidden here – that much was visible from the leaderboard, since the leaders had more points than would have been possible by just the normal flags. So lets hunt it down.

All those bin files in the plaintext zip and the decrypted zip contain base64 strings. So lets write a little Code (yeah so there is code here after all 😀) that reads all the base64 strings and dumps them as binary.

using System;
using System.IO;
using System.Text;
using System.Text.RegularExpressions;

Console.WriteLine("Enter Path:");
var path = Console.ReadLine();

var newPath = path + "2";

if (!Directory.Exists(newPath))
{
    Directory.CreateDirectory(newPath);
}

var files = Directory.EnumerateFiles(path);

var regex = new Regex("HV20{[a-zA-Z0-9_\\-,]*}");

foreach (var file in files)
{
    var content = File.ReadAllText(file);

    var bContent = Convert.FromBase64String(content);
    var sContent = Encoding.ASCII.GetString(bContent);

    if (regex.IsMatch(sContent))
    {
        Console.WriteLine($"found suspicious content in file {file}!");
        Console.WriteLine(regex.Match(sContent).Value);
    }

    File.WriteAllBytes(Path.Combine(newPath, Path.GetFileName(file)), bContent);
}

Console.WriteLine("Done");
Console.ReadLine();
The Output. Of course it is 0042.bin…

The Bonus Code hidden in this challange is:

HV20{it_is_always_worth_checking_everywhere_and_congratulations,_you_have_found_a_hidden_flag}
Tags:

Leave a Reply

Your email address will not be published. Required fields are marked *