RAuth — HackTheBox

Description

My implementation of authentication mechanisms in C turned out to be failures. But my implementation in Rust is unbreakable. Can you retrieve my password?

ELF 64-bit LSB PIE executable, x86-64, dynamically linked, with debug_info, not stripped. Rust binary rauth, compiled with Rust 1.47.0, implements authentication by encrypting the password with Salsa20 algorithm and comparing it to a reference ciphertext. A remote service is also provided at 154.57.164.83:30723.

Analysis

Initial Reconnaissance

$ file rauth
ELF 64-bit LSB PIE executable, x86-64, dynamically linked, with debug_info, not stripped

$ strings rauth | grep -i salsa
salsa20-0.8.0
cipher-0.3.0

$ strings rauth | grep -E "password|auth|flag"
Welcome to secure login portal!
Enter the password to access the system:
Successfully Authenticated
You entered a wrong password!
Flag:

The binary is not stripped and contains debug_info — this significantly simplifies analysis. The strings show references to salsa20-0.8.0 and cipher-0.3.0 crates, which immediately points to the encryption algorithm.

Suspicious hex string in .rodata: ef39f4f20e76e33bd25f4db338e81b10

Symbols (nm)

$ nm rauth | grep -E "salsa|rauth"
0000000000006460 T _ZN5rauth4main17h7d7aed61ae7734f4E
                   _ZN7salsa204core13Core$LT$R$GT$3new17h06163fbcdf79ba51E
                   _ZN79_$LT$salsa20..salsa..Salsa$LT$R$GT$..cipher..stream..StreamCipher$GT$19try_apply_keystream17hdbdc0561b68e3b6aE

Key functions:

• rauth::main @ 0x6460 — main logic
• Salsa20::Core::new(key, nonce) — cipher initialization
• StreamCipher::try_apply_keystream — applying keystream (encryption/decryption)

Disassembling main (0x6460 — 0x6bd0)

Execution flow of main:

...