HTB Cyber Apocalypse 2021 — SoulCrabber
SoulCrabber and SoulCrabber 2 were related challenges in the crypto category of the Cyber Apocalypse 2021 CTF, organised by Hack The Box. Both challenges were very closely related to each other, so this post will explain the solutions for both.
SoulCrabber (the first one) was provided in the form of a zip archive containing a Rust source file (which encrypts the flag), and its output.
Output: 1b591484db962f7782d1410afa4a388f7930067bcef6df546a57d9f873
The above is basically an implementation of a one-time pad (OTP), where the flag (contents of flag.txt, which is unknown to us) is XOR-ed against a key that is used only once. For the above script, the key is the contents of the Rust pseudorandom number generator (PRNG), seeded with the value 13371337 . The output file is the ciphertext in hex.
The Wikipedia article linked above helpfully provides the condition under which an OTP ciphertext is impossible to crack:
- The key must be truly random.
- The key must be at least as long as the plaintext.
- The key must never be reused in whole or in part.
- The key must be kept completely secret.
This crux of this challenge is on recognising that condition 4 is broken. That is so because PRNG initialized with the same seed will always output the same sequence of numbers in subsequent invocations.
Being lazy, I created a simple script to just output the random numbers used in the key:
If you don’t wish to install Rust (like me), the above script can be run on the Rust Playground.
After you have obtained the sequence of random numbers used (it starts with 88), use your favourite tool to XOR the cipertext against the generated numbers, and you get the flag: CHTB{mem0ry_s4f3_crypt0_f41l}
SoulCrabber 2 attempts to resolve the issue by adding “a little bit of entropy”:
This time, the PRNG is seeded with the Unix epoch at runtime. Unfortunately, we have a pretty good idea of what the seed might be, as the files in the challenge zip have their modification times set to some time on 16 April 2021.
To solve this challenge, we create a script that bruteforces the PRNG seed:
The seed turns out to be 1618179277 and we get the flag: CHTB{cl4551c_ch4ll3ng3_r3wr1tt3n_1n_ru5t}