Post

HackTheBox Bloom Bloom Writeup

Posted
By x3ric
2 min read

Explore the basics of cybersecurity in the Bloom Bloom Challenge on Hack The Box. This easy-level Challenge introduces encryption reversal and file handling concepts in a clear and accessible way, perfect for beginners.

https://app.hackthebox.com/challenges/703

Description

Since the fallout, most of the world’s fertile land has been transformed into wasteland, leaving survivors struggling to produce enough food to sustain their communities. With traditional agriculture in ruins, they recall that, in the years before the disaster, agricultural scientists were developing genetically modified crops that could thrive in extreme conditions. Rumors point to a hidden agricultural research zone where these scientists experimented with advanced genetic seeds. This zone is believed to contain experimental crops, advanced equipment, and crucial research that could empower communities to rebuild agriculture from the ground up. Undeterred, the survivors embark on a grueling journey lasting several days in pursuit of the zone. At last, they arrive to find a vast area buried in sand but equipped with sophisticated watering systems and supplies to nurture the genetic crops. To their surprise, the zone is defended by humanoid robotic guards armed with automatic weapons. It’s clear that accessing the area safely requires a secret password; otherwise, the robots are likely to open fire. Worse yet, these robots teleport unpredictably throughout the zone, making their movements almost impossible to predict. Can you extract information from their movements, predict their next move and devise a strategy to eliminate all of them?

Exploitation

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32

#!/usr/bin/python3
from sage.all import *
from hashlib import sha256
from Crypto.Cipher import AES
from Crypto.Util.Padding import unpad
from Crypto.Util.number import long_to_bytes
import re

with open('output.txt') as f:
    data = f.read().split('\n')
enc_messages = eval(data[0])
enc_flag = bytes.fromhex(data[1])
key = sha256(b'0'*256).digest()
shares = []
for i in range(len(enc_messages)):
    for iv, ct in enc_messages[i]:
        try:
            cipher = AES.new(key, AES.MODE_CBC, bytes.fromhex(iv))
            dec = unpad(cipher.decrypt(bytes.fromhex(ct)), 16).decode()
            shares.append(eval(dec.split('#: ')[1]))
            if i == len(enc_messages) - 1:
                p = int(re.search(r'\d+', dec).group())
            break
        except:
            pass
assert len(shares) == 5
F = GF(p)
PR = PolynomialRing(F, 'x')
P = PR.lagrange_polynomial(shares)
key = long_to_bytes(int(list(P)[0]))
flag = unpad(AES.new(key, AES.MODE_ECB).decrypt(enc_flag), 16)
print(flag.decode())

Summary

The Bloom Bloom Challenge on Hack The Box is an easy-level cryptographic puzzle involving AES decryption and polynomial interpolation. Participants decrypt encrypted messages to retrieve shares and reconstruct a secret key using Lagrange interpolation over a finite field. This key is then used to decrypt the final flag. The challenge introduces concepts such as AES encryption, Shamir’s Secret Sharing, and polynomial mathematics, making it a great exercise for understanding cryptographic primitives and practical exploitation techniques.

challenge
htb challenge writeup linux crypto
This post is licensed under CC BY 4.0 by the author.