CryptoHorrific [Mobile] [Writeup]
Published in
1 min readJan 13, 2023
Step by step writeup
Get the parameters to decrypt the text:
Use IDA to get the assembler code and F5 to generate pseudo code.
In the challenge.plist file we find the following:
bplist00��TflagRidUtitle_XTq+CWzQS0wYzs2rJ+GNrPLP6qekDbwze6fIeRRwBK2WXHOhba7WR2OGNUFKoAvyW7njTCMlQzlwIRdJvaP2iYQ==S123_HackTheBoxIsCool
After some trial and error, we infer that the base64 text must be the encrypted text.
XTq+CWzQS0wYzs2rJ+GNrPLP6qekDbwze6fIeRRwBK2WXHOhba7WR2OGNUFKoAvyW7njTCMlQzlwIRdJvaP2iYQ==
Within the hackthebox file we find the following values in the source code:
Key = !A%DG-KaPdSgVkY
IV = QfTjWnZq4t7w!z%C
To decrypt the text there are basically 3 resolution methods, but we will cover two. The third is by using openssl from the command line. In this particular case we do not need the initiation vector (IV).
Using Python
import hashlib
import base64, re
from Crypto.Cipher import AES
k = "!A%D*G-KaPdSgVkY"
code_b64 = "Tq+CWzQS0wYzs2rJ+GNrPLP6qekDbwze6fIeRRwBK2WXHOhba7WR2OGNUFKoAvyW7njTCMlQzlwIRdJvaP2iYQ=="
print(base64.b64decode(code_b64))
cipher=AES.new(k…