HackTheBox Curse Breaker Challenge
Explore the basics of cybersecurity in the Curse Breaker Challenge on Hack The Box. This medium-level Challenge introduces encryption reversal and file handling concepts in a clear and accessible way, perfect for beginners.
https://app.hackthebox.com/challenges/434
Description
A dark wizard placed a curse on you - if you open your mouth to say anything, it’ll strike! Only by perfectly reciting the counter-spell can you escape…
Exploitation
The values are found in the seccomp policy
1
2
gem install seccomp-tools
gem install racc
1
echo | seccomp-tools dump ./breaker | grep -oP '(?<=if \(A == )-?[0-9]+' | awk '{n=$1+0; if (n > 2147483647) n = n - 4294967296; print n}' | paste -sd ', '
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
#!/usr/bin/env python3
def decode_flag(encoded_values):
flag = ''
last = 0
for i, value in enumerate(encoded_values):
if i % 5 == 0:
last = 0
flag += chr(last + value)
last = value
return flag
encoded_values = [
72, 12, 54, 69, 46,
101, -2, 101, -53,
162, 112, -67,
164, -64,
116, 98, 16, 36, -3, 128
]
flag = decode_flag(encoded_values)
print(flag)
Summary
The Curse Breaker Challenge on Hack The Box is a medium-level reverse engineering challenge that requires decoding an obfuscated flag from a sequence of encoded values. Participants analyze the encoding pattern, which involves cumulative addition and modular arithmetic, and implement a decryption function to reconstruct the original flag. By reversing the transformation logic, they successfully break the curse, demonstrating the importance of understanding encoding schemes, arithmetic operations, and iterative decoding techniques in reverse engineering challenges.