cryptofreeeasy

Cryptohorrific

hackthebox

$ ls tags/ techniques/
iosecb_modereverse_engineeringaeshardcoded_keyplistmach-occcrypt
aes_ecb_decryptionbinary_string_extractionplist_parsingios_app_reversing

$ cat /etc/rate-limit

Rate limit reached (20 reads/hour per IP). Showing preview only — full content returns at the next hour roll-over.

Cryptohorrific -- HackTheBox

Description

"Secure coding is the keystone of the application security!"

The challenge provides a zip file (password: hackthebox) containing an iOS .app bundle. The goal is to reverse-engineer the app to find and decrypt a hidden flag.

Analysis

Reconnaissance

After unzipping the archive, we find an iOS app bundle hackthebox.app/ with key files:

FileDescription
hacktheboxMach-O 64-bit executable x86_64 (iPhone Simulator build)
challenge.plistBinary plist containing encrypted data
Info.plistApp metadata (bundle ID: ben.hackthebox)
htb-company.pngCompany logo image

Encrypted Data in challenge.plist

Parsing the binary plist reveals:

{
    "flag": "Tq+CWzQS0wYzs2rJ+GNrPLP6qekDbwze6fIeRRwBK2WXHOhba7WR2OGNUFKoAvyW7njTCMlQzlwIRdJvaP2iYQ==",
    "id": "123",
    "title": "HackTheBoxIsCool"
}

The flag field is a base64-encoded AES ciphertext.

String Analysis of the Binary

Running strings on the Mach-O binary reveals critical information:

  • Method signature: SecretManager:key:iv:data: -- indicates AES encryption with key and IV
  • Two hardcoded 16-byte strings:
    • !A%D*G-KaPdSgVkY (the AES key)
    • QfTjWnZq4t7w!z%C (the IV -- but ultimately ignored)
  • References to initWithBase64EncodedString:options: confirming base64 decoding of the flag
  • References to pathForResource:ofType: with strings challenge and plist confirming it reads challenge.plist

Disassembly: CCCrypt Parameters

Disassembling the SecretManager method and viewDidLoad reveals the CCCrypt call:

CCCrypt(
    op       = 1,    // kCCDecrypt
    alg      = 0,    // kCCAlgorithmAES128
    options  = 3,    // kCCOptionPKCS7Padding (1) | kCCOptionECBMode (2)
    key      = "!A%D*G-KaPdSgVkY",
    keyLen   = 16,   // AES-128
    iv       = "QfTjWnZq4t7w!z%C",  // IGNORED in ECB mode
    ...
)

Critical insight: The options field is 0x3 = kCCOptionPKCS7Padding | kCCOptionECBMode. Despite the method accepting an IV parameter, ECB mode does not use an IV -- it is completely ignored. This is one of the "horrific" crypto practices the challenge highlights.

Solution

...

$ grep --similar

Similar writeups

  • [mobile][free]JigsawHackTheBox
  • [reverse][free]SAWhackthebox
  • [mobile][free]ProtectedHackTheBox
  • [mobile][free]APKeyHackTheBox
  • [crypto][free]RhomeHackTheBox