Post

HackTheBox Down the Rabinhole Challenge

Posted
By x3ric
2 min read

Explore the basics of cybersecurity in the Down the Rabinhole Challenge on Hack The Box. This medium-level Challenge introduces encryption reversal and file handling concepts in a clear and accessible way, perfect for beginners.

https://app.hackthebox.com/challenges/347

Description

Miyuki, wanting to find out more evidence about Draeger and his escape, planned a space trip to the maximum security black hole where Draeger was held captive. Problems though soon arose as the approach to the black hole caused distortions on your electronics. Memories of the traumatic experience you had when the Council guards brutally ripped you from your father’s hands painfully flooded your mind. The one thing you never forgot was the signal he sent you while you were still within range of the planet. Only two packets got through, but since they were encrypted you couldn’t figure out what they were. Now, being more determined than ever to find your father, having gained experience during the missions with the squad, you know that it’s time to decrypt the signal.

Exploitation

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19

#!/usr/bin/env python3
import math

def main():
    with open('out.txt') as f:
        n1, c1, c2, n2, c3, c4, L = map(int, f.read().splitlines())
    C = math.gcd(n1 - 4, n2 - 4) // 3
    K = 256 - math.floor(L / 2)
    P = int(hex(K)[2:] * K, 16)
    X = (c2 - P ** 2 - P * C) * pow(256 ** K, -1, n1) % n1
    m1 = (X - 256 ** K * c1) * pow(2 * P + C - C * 256 ** K, -1, n1) % n1
    K = 256 - math.ceil(L / 2)
    P = int(hex(K)[2:] * K, 16)
    Y = (c4 - P ** 2 - P * C) * pow(256 ** K, -1, n2) % n2
    m2 = (Y - 256 ** K * c3) * pow(2 * P + C - C * 256 ** K, -1, n2) % n2
    print(bytes.fromhex(hex(m1)[2:] + hex(m2)[2:]).decode())

if __name__ == '__main__':
    main()

The Down the Rabinhole Challenge on Hack The Box is a medium-level cryptography challenge that involves decrypting messages encrypted using a variant of the Rabin cryptosystem. Participants analyze ciphertexts and their associated modulus values, leverage greatest common divisor (GCD) calculations to extract a shared factor, and reconstruct the plaintext using mathematical transformations on modular equations. By recovering the original message from the encrypted packets, the challenge highlights the vulnerabilities in certain implementations of Rabin encryption, particularly when structural weaknesses in padding and modular arithmetic can be exploited.

challenge
htb challenge writeup linux crypto
This post is licensed under CC BY 4.0 by the author.