Post

HackTheBox Arranged Writeup

Posted
By x3ric
2 min read

Explore the basics of cybersecurity in the Arranged Challenge on Hack The Box. This easy-level Challenge introduces encryption reversal and file handling concepts in a clear and accessible way, perfect for beginners.

https://app.hackthebox.com/challenges/659

Description

Noiselessly turning the corner, you see before you two men. In a former life, the two were best friends; pressure and pain has reduced them to mere animals, single-minded automatons devoid of emotion or feeling. The sickening, grim reality of the competition is that it is what it is designed to do, and none escape the inevitable doom. You raise your bow and bury two arrows into their chests; given their past, it was the least you could do. Death would be kinder to them than life.

Exploitation

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40

#!/usr/bin/python3
from Crypto.Cipher import AES
from Crypto.Util.Padding import pad, unpad
from Crypto.Util.number import long_to_bytes
from hashlib import sha256
from math import gcd
from sage.all import *

A = (6174416269259286934151093673164493189253884617479643341333149124572806980379124586263533252636111274525178176274923169261099721987218035121599399265706997, 2456156841357590320251214761807569562271603953403894230401577941817844043774935363309919542532110972731996540328492565967313383895865130190496346350907696)
B = (5988601072335190267607626269694202717170383512532989213900345448657641222212196937725485374210603546742409649154478860998573202499999124529884522786776964, 1979660325653723467116529048392433203266542286102635118367760228627475646827461168434739881080159207311102652868018376000583885500682322201011066971591840)
G = (926644437000604217447316655857202297402572559368538978912888106419470011487878351667380679323664062362524967242819810112524880301882054682462685841995367, 4856802955780604241403155772782614224057462426619061437325274365157616489963087648882578621484232159439344263863246191729458550632500259702851115715803253)
x1 = A[1]**2 - B[1]**2 - A[0]**3 - 726*A[0] + B[0]**3 + 726*B[0]
x2 = A[1]**2 - G[1]**2 - A[0]**3 - 726*A[0] + G[0]**3 + 726*G[0]
p = gcd(x1, x2)
F = GF(p)
b = (A[1]**2 - A[0]**3 - 726*A[0]) % p
enc_flag = b'\xe3Nf1\xd4\xf7g\xad\xa6\xa4q\x8e\x85\x99\xa2/>\xb0u\x16\x1f\xc5\x1e\x8a\xf3\xd0t\xf5\xc4F\x9a\xce'
iv = b'2__\xd9]3k\x94\x893\x1a\x7f\x93\xd5\x14\x05'
E = EllipticCurve(F, [726, b])
G = E(G[0], G[1])

def decrypt(Q):
    secret = int(Q[0])
    hash = sha256()
    hash.update(long_to_bytes(secret))
    key = hash.digest()[16:32]
    cipher = AES.new(key, AES.MODE_CBC, iv)
    decrypted = cipher.decrypt(enc_flag)
    try:
        return unpad(decrypted, AES.block_size)
    except ValueError:
        return None
    
if __name__ == '__main__':
    for i in range(1, 12):
        P = i*G
        msg = decrypt(P)
        if msg and b'HTB{' in msg:
            print(msg.decode())
            break

Summary

The Arranged Challenge on Hack The Box is an easy-level cryptographic puzzle that combines elliptic curve cryptography (ECC) and AES decryption. Participants are tasked with analyzing a custom encryption scheme involving elliptic curve points and using modular arithmetic to derive the secret key. The challenge demonstrates the use of elliptic curves, SHA-256 hashing, and AES-CBC decryption to uncover the hidden flag. It’s an excellent introduction to practical ECC applications and cryptographic algorithm analysis.

challenge
htb challenge writeup linux crypto
This post is licensed under CC BY 4.0 by the author.