Post

HackTheBox Android-in-the-Middle Challenge

Posted
By x3ric
1 min read

Explore the basics of cybersecurity in the Android-in-the-Middle Challenge on Hack The Box. This very-easy-level Challenge introduces encryption reversal and file handling concepts in a clear and accessible way, perfect for beginners.

https://app.hackthebox.com/challenges/340

Description

Years have passed since Miyuki rescued you from the graveyard. When Virgil tells you that he needs your help with something he found there, desperate thoughts about your father and the disabilities you developed due to the disposal process come to mind. The device looks like an advanced GPS with AI capabilities. Riddled with questions about the past, you are pessimistic that you could be of any value. After hours of fiddling and observing the power traces of this strange device, you and Virgil manage to connect to the debugging interface and write an interpreter to control the signals. The protocol looks familiar to you. Your father always talked about implementing this scheme in devices for security reasons. Could it have been him?

Exploitation

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33

#!/usr/bin/python3
import hashlib
from Crypto.Cipher import AES
from Crypto.Util.number import long_to_bytes
from pwn import *

def encrypt(data, shared_secret):
    key = hashlib.md5(long_to_bytes(shared_secret)).digest()
    cipher = AES.new(key, AES.MODE_ECB)
    padded_data = data.ljust(16 * ((len(data) + 15) // 16), b'\0')
    return cipher.encrypt(padded_data)

def main():
    if len(sys.argv) != 2:
        print(f"Usage: {sys.argv[0]} <ip:port>")
        sys.exit(1)
    host, port = sys.argv[1].split(':')
    port = int(port)
    p = remote(host, port)
    message = b'Initialization Sequence - Code 0'
    shared_secret = 1
    encrypted_message = encrypt(message, shared_secret)
    p.sendlineafter(b'Enter The Public Key of The Memory: ', b'1') 
    p.sendlineafter(b'Enter The Encrypted Initialization Sequence: ', encrypted_message.hex().encode())
    try:
        p.recvline()
        p.recvline()
        print(p.recv().decode())
    except EOFError:
        print("Connection closed by the server.")

if __name__ == '__main__':
    main()

Summary

The Android-in-the-Middle Challenge exploits a flawed Diffie-Hellman implementation, allowing users to simplify the shared secret, encrypt the required plaintext with AES, and submit it to retrieve the flag, highlighting cryptographic analysis and exploitation skills.

challenge
htb challenge writeup linux crypto
This post is licensed under CC BY 4.0 by the author.