Always Has Been

hackthebox

Task: a custom SecureHash built on a home-rolled SecureCipher (key-dependent S-box, bit permutation, 100 rounds) digests the 32-byte flag; recover it from a single hex digest. Solution: the S-box is affine over GF(2), so the whole cipher collapses to one affine map; with key == plaintext == flag the digest is enc_flag(flag), giving a 256x256 GF(2) linear system solved by Gaussian elimination.

gf2 linearization custom_hash custom_block_cipher affine_sbox roll_your_own_crypto

linearization_attackaffine_sbox_detectiongaussian_elimination_gf2key_equals_plaintext_reductionsymbolic_bit_propagation

$ ls tags/ techniques/

gf2 linearization custom_hash custom_block_cipher affine_sbox roll_your_own_crypto

linearization_attackaffine_sbox_detectiongaussian_elimination_gf2key_equals_plaintext_reductionsymbolic_bit_propagation

Analysis

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat.

$ python3 exploit.py --target 192.168.1.1 --port 8080
[*] Connecting to target...
[+] Shell obtained!

Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.

Permission denied (requires tier.pro)

Sign in to access full writeups

$sign in

$ grep --similar

Similar writeups

[crypto][Pro]Dancing Queen— cryptohack
[crypto][free]Rhome— HackTheBox
[crypto][free]xorxorxor— hackthebox
[crypto][free]MadMath— hackthebox
[crypto][Pro]XOR Key Recovery — Favourite byte & You either know XOR you don't— cryptohack