Challenge Description
Satoshi has a digital safe having a crypto wallet and flag for this level in it. He has lost the key to that safe, but he knows that the key of the safe is a 25-bytes bitcoin address of the wallet present in the safe. He goes to bed and tries to find that key in his dream but encounters a cipher and another key. Would he be successful to reach the key of digital safe, with the help of the RSA key he found in his dream? Remember it’s Inception of cryptography.
Key:
MIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAtTAdzRqTU6hfaxUWhZbxr2gKhHpHs6T0OaOKk6wiM4//2PNHk+zx9QnRIOs0fX+VPDXwBKeIhhmNmiYiUIEbD4/ulN5kBU2FMQorTghv2ZIeCEkiKgPQ+yfiRC1YZPY649iwM+7DpJ9DvVBtJw6x2aeswdI82/6o7+k3xkq53JjTTwFkax77EtSmt45TTsfueNk7DSqBW7sSnk3c2UurdGjAjw8PUYtEOxFOajKNtMem/f1Eau6fTLBXgiq0ky4rQHiZEE90l2R4MzemfO3mEpmVs7BJAD8fbeOTZszrfXnmrXYgwleDiudGeB56F8KiX1qj7JIx7LSo0Q4VesJxO7SwAvksvpIKT/wf1OCfXKz78C5G0uxAZBBhI85XPbDDC2gKnNBFpSdODiokO/EONCTRms3ska3AkRFYP5kRTJhjB8c+55N6oN5i5GalgdyHe/0UHeL57PuHuWqrV4s1u5bSVOqYBhxqtykDMXhPzduIkDuJFMvSsVxL8IDBqPV9AgMBAAE=
Cipher:
h6dVaUccduSY14Q8qmlWbh62vrUFbGXZWU7TTi/MmyKGnu29tQdoUkzO2sA6pV6bfDUDbGENM457d/JBU1KO0a4Fpt8YBZDLSbsq+AZHDHAGpbiC5JMkidTwtjkdxCFxiBH7pqS9ecFaTXc+tJ0/OuzEmO7miYKyQPAWeeYJUjjFKYXxSm+D0d8aZVqttpi1toSC0lBGI7+3KzIn6zBN6aEYSCe2Z5zge80QyaRWGKmtpyupyb1zdSvnKvxZAOChEPuLhKcuvIVu7RUVNQWSKBy+Z/QlAHjLwr9slvsbnxpG9jX4U7PiUxK/TasZUfzik0A5Fn2k1cQtsOgIhfVJ8ohn0Y1Rx7M4rOERL8ztMJ9VTYQfUzkTb2ubNXq1Dbg9650dUfj5Oz/3dbWnUsRtfCxupiim3ZV6xICVDDKH0VEVPimUI5dBGuuREgjiAQIxsrLCezXU7LvqyHZl6KsZD9/be9kT5Jsd7JWv1vFJMK+mq76IRKm5HoQieukGI/Pk
From the challenge description, it is understood that it is related to the bitcoin blockchain created by Satoshi Nakamoto. Challenge asks to find the 25-byte bitcoin address, which is the key to digital safe to get the flag.
I have provided a key and cipher, which clearly states it is using some encryption type and not hashing technique. If you use any online RSA decryption tool, then you will easily decrypt it as shown below:
Decrypted message: 1101101001001100111010100010010110010110101010100100011101111101010101000101001110001000100100010100011101110011100100110001000010010001110111101101100010000011100111101010001110001110110001111110001010001011010000101100110111001101100110001001101010010010
This is a 256-bit binary that has been found on decrypting cipher with key. And as the challenge description says, Remember it’s Inception of cryptography, the first part of cryptography i.e. RSA decryption is over, from which you got 256-bit binary. Now the next part of cryptography starts.
For this part, I have given the hint in the graph, that the cipher which is now decrypted is in the form of a curve represented in the graph, and this curve is known as Elliptic Curve, and this curve is used in the bitcoin blockchain for generating the public key and wallet address(which is used in transactions) from the private key of bitcoin wallet(which is kept secretly with the owner of the wallet). The name of this technique is Elliptic Curve Cryptography, and this cryptography also works on the public and private keys. The function used in this cryptography is y² = x³ + ax + b, and bitcoin blockchain uses this as y² % p = (x³ +ax +b) % p, where a=0,b=7 as mentioned in graph and p is prime number= (2²⁵⁶− 2³² − 2⁹ − 2⁸ − 2⁷ − 2⁶ − 2⁴ − 1) => 115792089237316195423570985008687907853269984665640564039457584007908834671663. All these are the standards used by bitcoin blockchain under secp256k1 cryptography standards. You can find it at https://www.secg.org/sec2-v2.pdf
One thing is clear that there is a need for some private key to move forward in order to get the 25-byte bitcoin address. The private key in the bitcoin blockchain is 256-bits longer, therefore the decrypted cipher found above is the private key to proceed. But the private key used everywhere is in hexadecimal format, which is currently in binary format. So, there is a need to convert this binary into hexadecimal format. You can even use an online tool to do so. I have used https://www.rapidtables.com/convert/number/binary-to-hex.html to convert from binary to hexadecimal. Surely it will be 64 characters long because the hexadecimal format is the combination of 4 bits, therefore 256/4=64. The hexadecimal format of above 256-bit binary is DA4CEA2596AA477D545388914773931091DED8839EA38EC7E28B42CDCD989A92 , this is our private key for the wallet. Now in further steps, I will find the public key, and then from a public key to a 25-byte bitcoin address.
The most efficient way to solve this challenge is to use online conversion tools rather than going purely mathematical, still, you can do it with mathematics, but it will be time-consuming, refer https://www.secg.org/sec2-v2.pdf for mathematical approach.
I have the private key of the wallet, to get the public key or the wallet address of the wallet you can use various online tools to do so by searching bitcoin wallet generator in Google, I am using https://www.bitaddress.org/ to get the public key associated with the above hexadecimal private key. When you will visit the website it will create a private key by adding randomness with your cursor positions, but when it is done you can go to the Wallet Details option and enter the private key there, as shown below snapshot:
From here you have two ways to solve, I will discuss the way a researcher would follow, and once you are able to get this, you will discover the shortcut method yourself.
The following steps are not random, rather the bitcoin blockchain follows the same steps in order to get the wallet address from the private key.
You will get the public address as 03FFB6F0C3ED3CA16D84DC8C09AA380BD28C47BAB3F9FD2BB94ED5E7B0360B1D7E
Get the byte-wise SHA-256 hash of this public key, and not character by character. I have written the code in python to do so:
Take the output and do a byte-wise hash of RIPEMD-160 on it, the code for the same is:
import binascii
import hashlib
def hexStringToByte(content):
return(binascii.unhexlify(content)) #hex decode and converting to bytesdef hashHex(algorithm, content):
ripe= hashlib.new(algorithm)
ripe.update(hexStringToByte(content))
print(ripe.hexdigest())pubkey="8dd7daba31e01476d18307e1fb88b42931e0295e1fe71869eca799aa7aa5a1a0" #pubkey is just the variable name, but the value stored in it
#is output of hash found from SHA256hashHex("RIPEMD160",pubkey)
Add two 0s at the beginning of the output found from RIPEMD-160 hash, and then do byte-wise SHA-256 hash on it, code for the same is:
import binascii
import hashlib
def hexStringToByte(content):
return(binascii.unhexlify(content)) #hex decode and converting to bytesdef hashHex(algorithm, content):
sha = hashlib.new(algorithm)
sha.update(hexStringToByte(content))
print(sha.hexdigest())pubkey="007f9db50a2e6b134b5b776a70131cbefd27ec35ff"hashHex("SHA256",pubkey)
Again do the byte-wise SHA-256 hash of the output found from the above code, code for the same is:
import binascii
import hashlib
def hexStringToByte(content):
return(binascii.unhexlify(content)) #hex decode and converting to bytesdef hashHex(algorithm, content):
sha = hashlib.new(algorithm)
sha.update(hexStringToByte(content))
print(sha.hexdigest())pubkey="94dbb7e44ee92e3dee9618ef22b800845f2c9dd5575c5f476846cd8f5b2afd9a"hashHex("SHA256",pubkey)
All the python codes can be found in my GitHub repo. Now extract the first 4 bytes(which is a checksum) from the output you have found from the above code and add it at the end of the RIPEMD160 hash beginning with two 0s. Therefore, the string will become as:
00[RIPEMD-160 HASH][4 bytes CHECKSUM] ==> 007f9db50a2e6b134b5b776a70131cbefd27ec35ffefd9b46d
Remember in hexadecimal, one character is of 4 bits, therefore a combination of 2 hexadecimal characters are of 8 bits, which is one byte, and therefore 4 bytes is 8 hexadecimal characters.
The above string in hexadecimal is the 25-bytes bitcoin address of the wallet present in the safe and whose cipher and key Satoshi found in the dream. Which is the key to a safe where the flag is locked.
FLAG: wormcon{Pr1v4t3_K3Ys_L34dS_T0_B1Tc01n_4Dr33sS!!!!!!!}
Social Media Handles: LinkedIn |Twitter | theHarvester at Vulnfreak
